Website contact forms are a convenient, quick means of potential clients and existing customers to get in touch with your company. The only downside is they are also a convenient, quick means of SPAM robots to peddle their (usually) virus-infected “products” to you as well.
The latter is a headache my dear dad called me recently to gripe about. The contact form on his website was unfinished, leaving the door open for SPAM robots to waltz through, cluttering up his office’s inbox with promises of getting them ranked first on Google.
Commonly, designers and front-end developers turn to a plug-in known as CAPTCHA to dead-bolt that door and keep SPAM robots out in the cold. The plug-in (for those unfamiliar) create a required field at the end of your form where the user must input two words that are displayed in a distorted image before the form will be submitted. I’m sure we’ve all encountered these bad boys in our travels:
The downsides to this approach, however, are that both aesthetics and usability can be compromised in an effort to keep the robots at bay. An article was posted a few weeks ago, chronicling the results of one curious developer’s research into the effectiveness of these clunky, seemingly impossible to read boxes.
The results compare the same websites with and without a CAPTCHA installed on their web forms, and showed that—overall—more conversions were dropped with the use of a CAPTCHA than SPAM messages that were sent through the form without it. In other words, while the distorted letters kept some of the robots locked out, more of the websites’ actual users were also locked out. (Read the full article here >>)
I don’t know about you, but for me dropped conversions of relevant leads would mean that this method is a no-go.
Luckily, we have a method of our very own for dealing with SPAM robots. We’ve found that, while robots read through the HTML that make up your web form, they are blind to any Javascript used on the site. Using that to our advantage, we simply make key elements inside our form tags “invisible” by loading them through Javascript when the page is called up by the browser.
To the visitor, it is as seamless as if the form was written directly on the page. To the robot looking to send us SPAM, there is no means of submitting what looks like an incomplete form.
And to Dad? It’s just one less thing he needs to worry about when reading his email.
Art Director
Strategic Insights
Subscribe to RSS »
Subscribe to Email »
wevegotideas
Chris Griffin
Josh Gibbs
Bill Cokas
Jenn Soloway
Another idea is to use java to enforce a delay before the form can be submitted. The idea is that a “Bot” will fill, and post, the form much quicker than an actual human can. If time between the form loading and and posting is too short the form can be rejected. This combined with your method could strengthen it’s defense while not imposing anything upon a legitimate user.
Excellent. Anything that doesn’t create a hinderance to the user is something that will actually help the problem. Thank you for sharing!