If you have forms on public web pages, you’re bound to get some spam. Spam form entries are a frustrating part of collecting leads, growing an email list, and giving people opportunities to contact you.
Why is spam so common? Because spammers set up spam bots. These are automated scripts that troll the web for forms and submit some content.
Why do people spam forms? For backlinks, mostly. Google will boost a website’s rankings if it has a lot of links, so less-than-honest marketers create bots that spam forms with links. If any of those links show up on a website, their site’s ranking improves. This method of “marketing” isn’t as effective as it used to be, but it doesn’t require the “marketer” to do anything but let a script run.
In other cases, spammers set up a group email address that they put into the email field on your form. They add a message with links to the message or comment field. If you have a default auto-response email set up (like most forms do by default), you will unwittingly send a spammy message to a list of email addresses.
In the worst cases, some bots will use your form to inject malicious code into your website. These bots could damage your pages or databases, harvest sensitive information, or even disable your site entirely.
Needless to say, it’s important to stop spam form entries however you can! Let’s dive into some strategies to reduce them.
1. Add CAPTCHA or reCAPTCHA
You’ve probably come across CAPTCHA and reCAPTCHA fields yourself. They’re all over the web for good reason: They’re powerful tools to stop spam form entries.
A CAPTCHA field is a picture with several distorted letters and numbers. Your job is to interpret the sequence and input it into the form. This field stops spam because bots usually can’t understand images.
reCAPTCHA is a Google service that requires less work from the user. Instead of answering a tedious question, users only have to click a button to identify themselves as human.
How does reCAPTCHA work? Google doesn’t give away all their secrets, but we know that when the user clicks the “I am not a robot button,” the reCAPTCHA sends a request to Google for a bunch of information, like the user’s IP address, timestamp, and even how they moved their mouse just before clicking. They put all this data together to decide whether the user seems like a real person.
If Google runs their analysis and is still unsure about the user, it gives an additional challenge: the image security check. The user is prompted to make selections based on the image (which relies on bots’ inability to read images).
In Gravity Forms, CAPTCHA and reCAPTCHA are available Advanced Fields in the Form Editor. Check out our CAPTCHA documentation to learn how to set it up.
2. Use a Double Opt-In Form
If you get a lot of spam entries to your email list (which cost you money and disrupt your email marketing metrics), you’ll want to take advantage of a double opt-in.
A double opt-in is just what it sounds like: Users have to take two actions to join your email list. 1) They have to submit their email address through your form, and 2) They have to go to their inbox and click the confirmation link in an email you send them.
The second step is key for stopping spam entries. Bots are unlikely to complete the second step. In fact, they most likely use non-existent email addresses anyway, so there’s no way for them to confirm a subscription.
Since a double opt-in is a way to prevent fake emails from getting on your email list, you’ll need to configure the double opt-in procedure in your email marketing tool. Check with your provider for specific instructions.
3. Add a Test Question
A test question is a field on your form that asks a basic question. Real people should be able to answer it without any challenge, but bots will struggle to answer it. Here are some examples:
A panda is black and _____
4 + 7 = _____
What goes up, must come _____
A cow has how many legs? _____
If the submitter can’t answer the question properly, they must be a bot. Set your form to disregard any submission that doesn’t answer the question correctly.
In Gravity Forms, you can prevent the bot from submitting the form in the first place by adding conditional logic to the form button. If the submitter doesn’t input the correct text, the submit button never becomes active. Add conditional logic to the button under Form Settings.
Make sure your question is something anyone can answer without turning to Google. It should take them no longer to answer this question that it does to enter their own name. If the question is complex, hard to understand, or relies on special knowledge, you’ll lose valid submissions.
4. Add a Honeypot Field
Honeypots are traps that help you identify spam bots. They use a hidden field that only bots can see. Since users never see the field, they never supply an answer. If a submission comes through with an answer to the honeypot field, you know the submission came from a bot.
Honeypots are great because they don’t impact the user experience. The user is never even aware the honey pot is present.
It’s not a perfect solution, however. If your users have an auto-fill feature that populates form fields for them, the auto-select might put some kind of answer into the hidden field. This would invalidate an otherwise valid form submission.
You can add a hidden field to a Gravity Form by enabling a honeypot in Form Settings. If a bot completes the honeypot field, you won’t see the submission in your list of form entries.
Interested in adding Gravity Forms to your site?
If you are currently on our hosting and maintenance plan, this paid plugin is offered FREE to you!
*Article Credit to Gravity Forms*