January 29th, 2013
Written By: Lonnie Waugh
I would always find myself opening up my e-mail software in the morning to be absolutely deluged by advertisements for medications and other products I couldn’t possibly need or want. I also discovered apparently that I have deceased relatives living in Nigeria that wish to leave me large sums of money if only I would send them $100.00 to pay the transaction fees. Sound familiar?
While the issue of junk e-mail is still alive today, it is a much smaller problem overall thanks to significant enhancements in filtering software. However, with traditional junk e-mail on the decline, another form of junk messages started to gain in popularity at the same time.There are people out there that are making a lot of money by writing scripts that scour the internet searching for “submittable contact forms”.Once a contact form is located, the script will look for known field names such as “First Name”,“Last Name”,“EMail”,“ Your Website” and “Comments”.There are numerous other fields that these scripts look for and in many variations.Once a submittable contact form is found with recognized or known elements, the script will automatically populate them with advertising content and submit the information to you, often several times if not many times.
As the problem of junk contact forms started to get worse, systems were developed to try to thwart this automated submittal issue such as CAPTCHA which stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart”.These CAPTCHA systems were, and still are fairly effective in the fight against junk contact forms, however, I began to notice over the last year or two that more and more illegitimate contact forms were being submitted to our clients every day. Not only was the frequency of these forms increasing but as the CAPTCHA became more distorted and complex in an attempt to thwart unwanted automated intruders, the difficulty of the human viewer to recognize the CAPTCHA was declining, leading to frustration and an inability to submit legitimate contact forms.
Over the course of the last few months I tried many things like re-naming the fields to adding in my own general knowledge style challenge system where I ask a simple question such as “What is two plus 3” or “What is the color of an orange?”.To my surprise I noticed that not only were my questions being answered but the normal CAPTCHA was being answered too!
Soon, I stumbled on the realization that there are actually services out there where you can hire people to submit the junk forms for you at extremely low rates! So I decided to come up with my own methods of fighting this incessant issue.
The solution I developed has so far blocked 100% of the junk submissions and yet has not blocked a single legitimate person to date. I have this method in place on multiple web sites that were previously receiving dozens of junk contact forms per day. As of this writing, about 580 junk forms have been thwarted and yet no recognizable delay has been reported by any customer submitting a contact form to any client.There is a series of 5 tests that I perform on each and every contact form submission and they are:
Honeypot Field Test
A honeypot field is a form field that is hidden to the human visitor but is still a part of the form. Since the junk mail submitter still uses an automated system to fill in the fields it will populate that honeypot field. If the form is submitted with something in there, I block it.This method alone has blocked about 80% of all of the junk.
Phone and Zip Code Test
Believe it or not, many of the junk contact form submissions have “12345” as the phone or zip code. If a phone or zip code comes through using “12345”, I block it.
Botscout is a highly effective and free resource that looks at the name, e-mail, IP address and comment for known reported junk submitters. The service is free for up to 300 submissions a day if you register for a key. It’s free for up to 30 submissions if you don’t register.
If they have gotten this far, and they usually do not, I run them through the Akismet system which is a database maintained by WordPress to block junk comments on blogs.
RBL (Real Time Black List)
This final method is one of the first I tried and I decided to include it as a final step. Although it is the least effective of the group, it still nets several junk contact forms periodically and is worth the effort.This test checks the submitter’s IP address against a database of known junk e-mailers.
The combination of this 5 point testing system has so far been 100% effective in my fight against junk contact form submissions. It was to my surprise that this most effective solution was the easiest to put in place.The best side benefit of this system is that we’ve been able to remove the annoying and hard to read CAPTCHA system entirely from those sites which means that the end-user has a much better experience using the contact form. Close the door on unwanted contact form submittals. It’s easy and effective with this 5 point testing system.
Lonnie Waugh is a web developer/programmer for Bitstorm Web, a division of TDH Marketing, Inc., headquartered in Dayton,Ohio. Bitstorm Web offers award-winning custom website design and custom apps to attract and impress visitors.The division also provides 2D and 3D illustration, CAD visualization and digital animation used to visually explain complex engineered products and processes, entertain consumers or train employees and customers for greater retention. Mr.Waugh has extensive hands-on experience and a thorough understanding of both front end and back-end website design and development using all the latest technologies. In addition, he has broad based Linux Systems administration and centralized configuration, systems integration, process automation, biometrics and authentication/security expertise. Besides his technical expertise,Mr.Waugh has a proven track record as being a client focused problem solver with strong organizational abilities, accuracy and speed, that he gained providing Tier 3 technical customer service and support. Visit www.BitstormWeb.com