Contact Form Captchas

swinnie

swinnie

swinnie

Soldato
Joined
30 Apr 2007
Posts
3,095
Location
Kent
Hi All,

I have a customer that is complaining about receiving spam emails through their sales mailbox, from the contact form on their website. They have asked me to install some form of anti-spam mechanism.

What captchas can you guys recommend that don't look like a polished turd?

Many thanks in advance.
 
Generally i only even use Captcha as a last resort, I've found that 9 out of 10 times simply honeypotting a field is more than enough to stop the spam.

xbenjiiman said:
I'm a big fan of VisualCaptcha. None of that awful squinting your eyes trying to read the numbers and letters.
Click to expand...

That looks very nice, should i need to add Captcha in the future probably give that a go.
 
hargi said:
What you mean by honey potting a field?
Click to expand...

What i do:

Duplicate say the email field typically i have one named email and the other contact_email.

You hide email with CSS via a class called styled_email, do not use inline as some bots can tell if a field is a honeypot.

When you process the form in PHP or whatever you check to see if the honey potted field is empty, if it is you know the request is from a normal user.

---

This works surprisingly well most times, and it doesn't affect the user experience.. they can't even tell the difference.

There are other tricks too like processing the form through AJAX, i find most bots have JavaScript disabled so this works well.
 
Last edited:
I'm also not a fan of captchas.

What's the primary goal you'd like from a visitor to your website? Usually it's to get in touch with you, therefore creating a potential sales enquiry.

Captchas are known to be fiddly and awkward to complete for some users. You're therefore putting a hurdle in the way of people completing the goal of your site. People are willing to pay for sales leads, yet they're happy to throw a hurdle/captcha on a page without a second thought.

I'd personally rather sift through a couple of spam enquiries instead of losing out on a potential sale.

The honeypot solution is a good one mind.
 
Honey pot and some validation is added to all my forms now. There are some good free php based forms on git that will do all of that.

Those visual captchas are interesting, but as the chaps above have said, it's still another hurdle.
 
Firstly, thank you all for your response...


xbenjiiman said:
I'm a big fan of VisualCaptcha. None of that awful squinting your eyes trying to read the numbers and letters.
Click to expand...

Now - that is actually a nice looking one, I shall certainly bare that in mind. I hate all captchas out there.

JimAroo said:
What i do:

Duplicate say the email field typically i have one named email and the other contact_email.

You hide email with CSS via a class called styled_email, do not use inline as some bots can tell if a field is a honeypot.

When you process the form in PHP or whatever you check to see if the honey potted field is empty, if it is you know the request is from a normal user.

---

This works surprisingly well most times, and it doesn't affect the user experience.. they can't even tell the difference.

There are other tricks too like processing the form through AJAX, i find most bots have JavaScript disabled so this works well.
Click to expand...

Now, that sounds like an interesting solution - I shall give that a go and see if it does enough.

BaJ said:
I'm also not a fan of captchas.

What's the primary goal you'd like from a visitor to your website? Usually it's to get in touch with you, therefore creating a potential sales enquiry.

Captchas are known to be fiddly and awkward to complete for some users. You're therefore putting a hurdle in the way of people completing the goal of your site. People are willing to pay for sales leads, yet they're happy to throw a hurdle/captcha on a page without a second thought.

I'd personally rather sift through a couple of spam enquiries instead of losing out on a potential sale.

The honeypot solution is a good one mind.
Click to expand...

BaJ, that is exactly my point and my resistance to use Captchas. The customer in question will be the first to moan if he "isn't getting emails" from his website. Or enquiries are down on the previous week/month. I would rather have to just select a few spam messages and delete them, than stop genuine enquiries coming through.
 
A pretty simple but effective method is to base64 encode the current unix epoch into a hidden field then simply check when it gets posted back. If there's only a couple seconds difference then you can ignore it.
 
You must log in or register to reply here.
Back
Top Bottom