Stop form spam by using CSS to hide a field

Submitted by geekwisdom on Wed, 2007-05-30 11:10.

I hate form spam. Whether the form is a contact form, a survey, or something else spamming can make life a pain. SANS has an interesting piece on techniques that can be used to reduce or prevent form spam. In my opinion the solution that has the least impact on legitimate users, is easy to implement, can be implemented in numerous ways, and has the highest negative impact on spammers is the best. That's why I like the idea of including a form field that is required to be empty. To make it easier on legitimate users the field can be hidden using CSS. This way legitimate users aren't bothered with it, yet spambots are compelled to fill it in.

Consider this contact form:

First Name:
Last Name:
E-mail:
Comment:

URL: (NOTE: Leave this empty)

 

The URL field is our spam trap. When we wrap the URL field in <div style="display:none;visibility:hidden;"> the result looks like this:

First Name:
Last Name:
E-mail:
Comment:

(NOTE: Leave this empty)

Add some for validation to ensure that URL is left blank and that should do it.

Who knows how long it will take the spammers to circumvent this technique but the simplicity and variability of implementations should make it at least a bit more painful for them.

( categories: Programming/Architecture )