Preventing Spam Form Submission

The classic option for preventing spam form submission is with CAPTCHA ( and there have been later improvements on this to benefit accessibility issues such as

Content management and blogging systems like Drupal, WordPress etc. all have a selection of plugins to prevent spam. So if you’re using a system such as these, check out their plugin directory for the most popular (e.g.

However often for small scale sites if suffices to employ a basic solution that is both user-friendly and stops 99% of spam. These simpler options include:

1 – A simple maths question like 2 + 3 (can be random or use images)

2 – Just use an image of a static image (so like CAPTCHA but not random – you can always change this image if a spam-bot gets busy)

3 – Have a blank text field labelled ‘Leave this blank’ (you can even name or id this field in the HTML mark-up to trick spam-bots to use it).

4 – Have a drop-down (select) form-field that is labelled ‘You are:’ and defaults to the option ‘An irritating spammer’. Have an option for users to select called ‘A human with an enquiry’. Similarly, a checkbox or radio button could be used.

5 – Have a hidden form field that should be left blank (although no good if a spam-bot has already cached your form). Also remember to use tabindex to order your form field so users don’t tab to this hidden field).

6 – Check the referring URL. If it is legit, it will be on your site. This catches those who just send a completed form.

None of these solutions are perfect but they are quick to develop, are fine for small sites, and always appreciated by your clients.

Whether you build in spam protection from the outset of a site is down to budget. It seems reasonable for small sites to address spam issues as they arise and provide a billable solution that targets the specific spam being sent.