Our site at work has gotten a few pretty intense moments of form spamming over the past few months. Granted a few here and there, we just deal with. However, the really aggressive moments can be quite a nuisance for those receiving all the email submissions.
The big question for us always has been how can we prevent this without being at the expense of the user. For instance, we don’t want a solution that adds more effort to the users and they end up not filling out the form. Not good.
So after some research on suggested approaches I decided to go with the hidden field approach.
This requires adding a field to the form in question, then using some CSS to hide it from view. You can give it a title of do not fill out for those who don’t have CSS enabled in their browser.
Since most spambots tend to fill out every field in a form, you just check if that form has a value when it’s sent. If the bot filled it out, then it’s probably not from a human. If it’s empty, then you’re probably good to send.
We just started testing this approach out, and thus far it’s been good without being too restrictive.
Damn you spammers!