A Quick and Dirty Way To Reduce Spam When Using the Stock Email Form
Spam, the bane of everyone’s lives. Worst of all, clients get unhappy if their ExpressionEngine powered forms let endless spam through, and it can reflect on you as the developer (rightly or wrongly).
ExpressionEngine’s inbuilt CAPTCHA isn’t always effective so you often have to reach for 3rd party addons to stop the tide of “amazing” offers and other junk. Addons like Snaptcha and Freeform do a good job weeding out spam submissions but you have to fork out a bit of cash for them. That’s not a bad thing because you’re supporting developers, but what if your budget is stretched and you need a quick fix?
Fortunately, it’s easy to add a simple “honeypot” field to the form and use server-side filtering to stop spam email from being delivered to your inbox.
Let’s take a simple example form:
{exp:email:contact_form user_recipients="false" recipients="hello@example.com" charset="utf-8"}
<label for="subject">Subject</label>
<input type="text" id="subject" name="subject" value="">
<label for="name">Name</label>
<input type="text" id="name" name="name" value="">
<label for="from">Email address</label>
<input type="email" id="from" name="from" value="">
<label for="message">Message</label>
<textarea id="message" name="message"></textarea>
<button type="submit">Send</button>
{/exp:email:contact_form}
A spammers paradise!
To add the honeypot field we need to tweak two things:
- Rename the
nameparameter value for each field you want in the email body tomessage[](note the addition of brackets to the value, EE needs this) - Add the honeypot field, I use a checkbox field with a generic value inside a
divcontainer with some CSS to hide it offscreen so real people won’t see it. Note that thenameparameter also has a value ofmessage[].
<div style="position:absolute;left:-999em;">
<label><input type="checkbox" name="message[]" value="ABC123"></label>
</div>
Here’s an updated version of the form with the tweaks:
{exp:email:contact_form user_recipients="false" recipients="hello@example.com" charset="utf-8"}
<label for="subject">Subject</label>
<input type="text" id="subject" name="subject" value="">
<label for="name">Name</label>
<input type="text" id="name" name="name" value="">
<label for="from">Email address</label>
<input type="email" id="from" name="from" value="">
<!-- modified message field -->
<label for="message">Message</label>
<textarea id="message" name="message[]"></textarea>
<button type="submit">Send</button>
<!-- honeypot field -->
<div style="position:absolute;left:-999em;">
<label><input type="checkbox" name="message[]" value="ABC123"></label>
</div>
{/exp:email:contact_form}
When a spam bot comes along it will most likely tick the hidden checkbox, thus passing the value (ABC123) into the email body.
At this stage spam email will still get to your inbox, so the last piece of the puzzle is to add some server-side email filtering that looks for the value “ABC123” in the email body. Set up a filter on your server or in your email provider’s settings to delete any emails that contain the string “ABC123”.
Job done, you should notice a drop in the amount of spam you get from the form.
A few points worth noting:
- For the checkbox use a text value that won’t be used by a real person. I used “ABC123” as an example.
- Avoid using obvious words like “honeypot” or “spam” in the form field or text string. Spammers are clever and may program their bots to recognize and bypass it.
- Once you’ve set it up test it to make sure valid email gets through!
I’ve tried this approach on a few sites and it seems to eliminate most spam from forms, and clients are happier! It’s not a perfect method by any means but as a free, quick, and easy way to reduce spam it might help you out.
Comments 0
Be the first to comment!