ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel
  • »
  • Technology»
  • Internet & the Web

Methods for Preventing Spam Form Submissions

Updated on February 10, 2016

It is common for webmasters to have forms on their website. These forms are usually the target of spam software bots that are hunting for some way to get links to their factitious products on the internet. The most annoying and irritating thing is once the spam bots begin attacking your site, they just don’t relent, making this problem a very serious one for the webmaster. All web developers hate spam and have a great vendetta against it.

Webmasters can take several steps to stop spam form submission. There is some different of opinion though among the people as to which one among them is the most effective. In this post, you are going to learn about the five most used methods and their respective strengths and weaknesses.


CAPTCHAs are images that have a verification code present in them. Users have to enter this code to show that they are not spam. Some spam bots are capable of recognizing basic optical characters. To counter this, some CAPTCHAs try to encrypt the code by setting the figures against a noisy background or warping them.

Does it work? Spam bots are becoming more adept to recognizing characters which is why most of the CAPTCHAs nowadays are presented in an extensively encrypted format. While this makes the CAPTCHAs very effective in keeping away spam, it also drives users away as humans can’t read them too.

Hidden Form Field

In this method you have to include an additional text input element in your form. By setting this new element to “display: none” in the external style sheet, you can conceal it from the users having CSS enabled. This way, any forms submitted with this hidden field filled can be easily detected as spam since spam bots usually fill each field in the form.

Does it work? In most cases, this method is very effective in filtering out the bulk of the spam. However, some bots can bypass this spam check by analyzing the CSS and determining if there is a hidden field in the form. Moreover, users who have CSS disabled will be able to see this additional field too. To its credit, this method is the least obtrusive as most user won’t even know about the spam check happening.

User Authentication Link

Many forums make use of user authentication links along with CAPTCHAs. In this method, you have to ask for a valid email address in the form. On completion of the form, an email and activation link is sent to the address filled out by the user. Users then have to click this link in order to complete the submission process. Thus, spam bots are still able to fill the form but they fail to complete the process as they don’t have a valid email address.

Does it work? Although it is a very effective method but it does frustrate the users as they have to take further action even after submitting the form.

Use JavaScript

Rendering your form by using document.write() for each line of the HTML form is another method of preventing spam form submissions. You will have to place the function responsible for writing the form in an external JavaScript file. When using JavaScript, you can use variables for storing each line and mixing them up to confound bots that try to analyze the source code.

Does it work? Since the bots can’t analyze basic JavaScript as of yet, this method usually is quite effective and bots can’t even find it. However, bots are continuously evolving and this method won’t remain so effective in the future. So, for stopping all the spam, you would have to obfuscate your code. Another downside of this method is that users who have JavaScript disabled won’t be able to access the form.

Ask a Simple Question

This method involves the addition of a simple question to the form whose answer is assumed to be known by everyone. For instance, what color are the leaves? You will have to add another text input element to the form.

<input type="text" name="spamanswer" value="" />

After this, add a hidden input element which contains the answer.

<input type="hidden" value="green" name="spamsolution" />

All you have to do now is to check the POST values of spamsolution and spamanswer. If they are the same then the submission is a legitimate one otherwise it’s not. Keeping the value of the hidden input element in a text file on the server rather than on the form can provide extra spam protection to you. When using this method, make sure that the answer is not very complicated and can be answered by everyone irrespective of their academic background.

Does it work? Yes, it does. The most effective method of filtering spam submission is to make use of a simple arithmetic question like “Sum of seven plus one”. Using words in place of numbers makes it near impossible for spam bots to answer the question. Even those people who don’t speak your language can answer this question easily.

The Bottom Line

These are not the only methods and you can combine one or more of these methods together to make them more effective. However, it is important to remain cautious. Any method of spam filtering that you use should only filer spam and must not drive away users from filling the form or preventing the form submissions of legitimate visitors. Because if this happens then it means that you have taken your grudge against spam too far.


    0 of 8192 characters used
    Post Comment

    • RonElFran profile image

      Ronald E Franklin 2 years ago from Mechanicsburg, PA

      Interesting discussion. The fight against spam seems to be a never-ending battle. For example, how long will it be before the spammers build AI elements into their bots so they can answer any questions the average user could be expected to answer?