Stop website enquiry form SPAM

One of my clients was suffering under a deluge of automated SPAM through the booking / enquiry form on their website.

The form is a simple sendmail.php which emails the client, the visitor and myself an enquiry regarding the booking.

I wont bother detailing the form here as it’s nothing particularly clever, what i’d like to share is the way to “stop comment form spam”.

1. Fool the SPAM bots

Basically, I needed a way to fool the SPAMbots into giving themselves away, something that wouldn’t hinder a ‘real’ visitor. I know you can use CAPTCHA’s (those little blurry images you need to type into the box to prove you’re a human), but half the time, I, personally, end up having to type them  twice because I can’t read them properly – I’m sure I’m not alone in this.

I decided to add a form field that was invisble to real users, but appeared in the HTML so the SPAMbots thought they had to fill it out. Simple enough, I added

<p class="hide"><label for="url">url:</label> <input class="textbox" id="url" name="url" type="text" tabindex="299" /></p>

I called it “url” as for a SPAMMER, it’s a great one to fill in – after all, they’re just chasing links.

2. Tweak the sendmail.php

In the PHP code of my sendmail, i added:

if (!empty($url)) {
mail( "enquiries@mywebsite.com" , "[MAYBE SPAM] Website Booking Enquiry",
"$message\n Name: $name\n Email: $email\n Phone: $phone\n Linen hire required?: $linen\n No of Adults: $adults\n No of Children: $children\n Arrival Date: $arriveday $arrivemonth $arriveyear\n Departure Date: $departday $departmonth $departyear\n How did you find us: $findus\n Question: $msg\n", "From: $email" );
mail( "me@myemail.com" , "[MAYBE SPAM] Website Booking Enquiry",
"$message\n Name: $name\n Email: $email\n Phone: $phone\n Linen hire required?: $linen\n No of Adults: $adults\n No of Children: $children\n Arrival Date: $arriveday $arrivemonth $arriveyear\n Departure Date: $departday $departmonth $departyear\n How did you find us: $findus\n Question: $msg\n", "From: $email" );
}

The important bits are in BOLD

if (!empty($url))

This simply checks if the url field is NOT empty with two possible results

If it is empty then it proceeds to email the client, visitor and myself a copy of the information they put into the form with the subject “Website Booking Enquiry”.

If it is not empty, it appends [MAYBE SPAM] to the beginning of the subject and emails it off again

(this step will become unnecessary after I have made sure it doesn’t catch any ‘real’ emails – although this should be fairly foolproof in that respect, I prefer to err on the side of caution)

Once Now that I’m happy it’s working fine, I will have removed the clients’ and my email address and just have it sent back to the SPAMMERs email address.

3. Hiding the form field

This is easily done in the CSS ( Cascading Style Sheet) with the following line of code:
#url, .hide{ display:none; visibility:hidden;}

(Notice I enclosed the form field in a paragraph with the class “hide”)

So there we go … a fairly simple, unobtrusive way to stop (most of) your booking form SPAM.

I hope it helps.