Home ยป spam

Banish contact form spam… with a honeypot

In recent months we’ve noticed a big increase of spam submissions via contact forms on our websites – basically people trying to sell you things you don’t need through your website.

[box]Since we wrote this post in 2014, things have moved on a little and our preferred method of stopping contact form spam is to ask people to do a simple sum before the form will submit.[/box]

Often these are from people promising to get your site up to the top of Google and by doing this making you lots of money, but often they advertise fake goods.

Here’s a typical example:

[typography font="Droid Serif" size="14" size_format="px"]Dear Website Owner,Greetings of the day!Are you getting the best out of your website? If no, then we can help you by enabling your business gain a better presence on Google, transforming your website into powerful advertisement tool. We provide competitive SEO, a proven model, designed to make your website outshine its competitors and be the first to reach out to real prospect. Blah blah blah blah blah blah blah blah…. (this is not what it actually says but it seems that way!)[/typography]


Sometimes these go into overdrive and we’ve had clients contact us for help after receiving up to 100 of these submissions in a single day!

Why contact form spam?

Contact form spam follows the same principle as e-mail spam. Spammers know that most people will ignore and delete their messages, but a tiny fraction will act on it so they send out thousands upon thousands of emails (or contact form submissions) a time – by automating the process.

They set up programmes called bots that crawl through websites looking form contact forms and when they find one, they fill it in. As an aside, we came across a UK based company which sells this service. If you have a look at their website you can see exactly why this happens – as with all spam there’s money in it!

Or at least people think

[caption id="attachment_1768" align="alignright" width="236"]Typical contact form Captcha field Typical contact form Captcha field[/caption]

How to stop contact form spam

Up until recently, the main way to stop it has been through adding a Captcha field to the bottom of the form (see picture).

This works because bots can’t read Captcha (this is because bots are stupid) and most of the time are unable to read the characters and fill in the form.

If they get it wrong, or more likely, fail to see the Captcha field at all, then the contact form won’t submit.

But there’s a problem with Captcha

And the problem is that Captcha doesn’t just put off the bots – it can put off genuine enquiries also. Many people complain the Captcha message is hard to read – and it has to be to stop the bots – so they can discourage as many real enquiries as spam submissions.

Obviously, since we go on at great length about how websites should be as easy as possible to use – and make it as easy as possible for potential customers to contact the website owner – Captcha just makes it harder and more frustrating.

This is something we have struggled with for a while, although we have been adding Captcha to clients’ forms on request until recently.

[caption id="attachment_1770" align="alignright" width="150"]Contact Form 7 Honeypot Contact Form 7 Honeypot[/caption]

So here’s the solution

What we needed was something that would stop contact form spam in its tracks, while being undetectable to ordinary website visitors. And now we have it.

For the past six weeks we’ve been testing Contact Form7 Honeypot, an ingenious free WordPress plugin that uses a clever technique to deal with the problem.

Put simply, it relies on the principle that bots are stupid, and blindly find forms on websites blindly filling them in. So this plugin adds an extra field that is hidden from human website users. Therefore if anything fills in that form field, it’s a bot and its submission is rejected. And it works.

What this means for you

If you previously had a Captcha field on any of your contact forms, you’ll notice that it’s gone because we’ve replaced it with the honeypot. We’ve also added to it any site that’s reported a problem with contact form spam and, of course, we’ve added it to every site we’ve built since mid July.

We’re happy to add it to your site free for no charge.

So if you are having a problem with spam contact form submissions then put in a support ticket and we’ll install Contact Form Honeypot on your site for you.