You get spam comments on blog daily. And luckily most of them are caught by spam filters. If you didn't have a way to protect your Web forms from spam you wouldn't put them up. As the volume of spam coming is so large that you could easily spend all day cleaning your website.
Because of all this spam, in order to use forms on the Web, you have to do something to protect yourself from the spammers. There are several options:
Don't use forms
Use automated filters and manual filters
Let's examine each option one by one
Don't Use Forms
" This is the simplest way to protect against form spam. "
As the Hindi phrase goes " na rahega baans, na bajegi bansuri " ( Means : without the bamboo there can be no flute).
But if you need to interact with your readers you need to have some type of contact information on the page.
Putting an email address on the page is a bad idea, but if you're not going to use HTML forms, then your only other option is a phone number. And many people won't pick up the phone if they are online. Online Chat option is also a good option.
But if your business can support it, this is the best way to prevent spam - don't let it even start.
Use Automated and Manual Filters
Automated filters - Are done by computers
Manual filters - Are done by you or another person
Automated filters work fine. They catch the majority of spam that comes through things like blog comments. But spammers are constantly trying to outwit them. So your spam filters need to be constantly updated and things will still get through.
Manual filters work even better, because you are making the decision yourself as to what will go live on your site.
This is how most of forms are handled on website.
You put them through an automated filter to get rid of the majority of the spammers and then weed out the rest by hand. If you get a lot of form entries, this can take a long time, but is the most effective way of preventing spammers from getting through.
Remember however that this won't stop them from attacking, the attacks just won't show on your Web pages.
A CAPTCHA is a visual image (usually of a series of characters) that are written in a strange font and are difficult to read. They are supposed to be impossible for a computer to read, but a human can read them. Then your readers read the text, fill in the correct letters, and their form is submitted.
CAPTCHAs don't work well for a couple reasons, not least of which is that
They have been beaten and spammers will waste no time capitalizing on that.
CAPTCHAs are bad is because they block legitimate users from using your form.
Many people find them very difficult to use.
if you've ever been blocked by a CAPTCHA that you're sure you're typing in correctly, you know how frustrating that can be.
If the CAPTCHA is on a blog comment, that's one thing, but if it's on a support form that might result in more unhappy customers who become ex-customers. Which is bad.
One way that I like to fool spammers is to add CSS to forms to hide certain fields. When the spam bot comes in and reads the HTML, their bot sees that form field and fills it in. Then when you get the results any entries that have that field are automatically deleted. To do this use the display:none; property on the field. Web browsers will leave that form field completely off the page, but spam bots will see it in the HTML and fill it in.
What should we do ?
Spammers are always updating how their robots work, so for best results you should use a combination of methods to protect your forms.
And don't get too frustrated when spam gets through. Just delete it and move on.