Stop spam emails from bots (without captcha)
A common problem many developers run into when creating a form that sends an email from a website while the form doesn't have a Captcha, is that the recipient usually receives a lot of spam emails from advertising bots.
An easy workaround for this issue consists of three parts:
-
Add a hidden input in your form
<form id="your_form" action="some_action_if any"> ... <input type="hidden" id="some_unique_id" name="some_pretty_normal_name" value="value_to_remove" /> ... </form> -
When submitting the form, empty that hidden input
/* This example is given with jQuery, though it can be implemented however you like. */ $(document).ready(function() { $("#your_form").submit(function() { $("#some_unique_id").val(''); }); }); -
On the server side, send the email only if that hidden input is empty
<?php ... if (!isset($_REQUEST['some_pretty_normal_name']) || empty($_REQUEST['some_pretty_normal_name'])) { ... mail($to, subject, $body, $headers); } ... ?>
And that's it !
This methods was checked on http://streamer.co.il after it was spammed by arbitrary ads and now they receive emails from real human beings :)
Written by Evgeny Kolyakov
Related protips
2 Responses
I think you also have to make sure the user will submit the form only once. If a mistake is made, you'll have o reset the identifier, right?
That depends on how you implement the submission itself...
I personally also add a time-stamp in the user's session, for a real person not to send too many mails and check if that time-stamp is "older" than 5-15 minutes, otherwise I return a relevant message via the AJAX and display it using JS.
This post is pretty generic :)
Have a fresh tip? Share with Coderwall community!
