Form Spam - how to stop Spam on Forms
Spam is the sending of unsolicited and unwanted messages in bulk to many people by electronic messaging systems. The most common type is email spam (also known as junk mail) where the same message is sent to many people who have had their e-mail addresses harvested. Currently over 80% of all email is Spam.
Other types of Spam include instant message Spam, blog Spam, form Spam, newsgroup and user group Spam and Internet forum Spam. The common denominator is the message is sent in bulk and is unsolicited.
Etymology of Spam
According to many sources (including the Internet Society) Spam is derived from the Monty Python's Flying Circus Spam sketch in 1970. The sketch is set in a cafe where a couple is lowered to a table and asks what is on the menu. Every item includes Spam, at which point the woman declares she does not like Spam, does not want Spam and will settle for anything without Spam. The abundance of Spam on the menu reflects the massive importation and availability of canned meat in the United Kingdom. This was a solution to the food shortage caused by the devastation of the agricultural base during World War II. Although Spam captured a large share of the British market, it was seen as a cheap and common food stuff, and was mostly unwanted.
In the 1980's the term Spam was first used in an electronic context. Users would repeat the word "Spam" or quotes from the original Monty Python sketch to flood the screen and scroll other users' text off the screen. This was known as spamming.
In the 1990's the term Spam was used to refer to the same message being posted on many newsgroups, user groups or forums - in the same way Spam appeared on every item of the menu, the same message would be present on every forum.
What is Form Spam?
Form Spam is where a form on an Internet site is used by a user or an automated script to send spam to the receiver of the form. It is different from email Spam where the Spam is sent directly to an email address, here it uses the standard form processing on the Internet site.
An example of this is the contact form. When you create your own Business Website with AB Publish, you can drop a contact form on any or all of your pages. This is used to gather invaluable feedback from your visitors who can interact with you and ask any questions they may have.
The form processing behind the scenes of the AB Publish Website Creation system takes the values from this form and sends them via email to the address submitted during the initial request to create your Business Internet site. You then receive an email in the usual way and can see the form values.
Instead of asking a question, the visitor may use the message part of the form to offer his services or to try and sell a product. This is Form Spam as it does not respect the intended use of the form which is for the user to ask questions or to request further information on your Business organisation.
Ok - give me a concrete example
One of the Business Internet sites I work on has a form where visitors are able to enter information. Once the form is submitted the information is added to a database and is available for other users. Think IMDB where people can submit film reviews, or Wikpedia where each article is submitted via a form, or your favourite blog or on-line paper where you can leave comments.
Due to constant tweaking and a concentrated effort to obtain a high placement in Google, the number of visitors has recently increased from around 70 per day to over 500 per day. The success was short lived however as suddenly automated entries submitted via the form processing were entering the Internet site.
Although the Spam started slowly of 2 or 3 per day, it soon grew to 20 and then 30.
How to stop Form Spam on Forms
After research on the Internet, we found a very neat solution which has been implemented. There are various techniques of entering numbers and letters from a picture, or by answering questions to prove the visitor is a human and not an automated script. The problem is that both of these require an additional action by the human visitor. As we are trying to encourage user participation any increase to the workload of what the visitor actually has to do was seen as negative.
The solution is beautifully simple and based on the premise that the automated scripts are inherently stupid. Most scripts are programmed to fill in all form fields in order to pass the Spam message. They don't care that the title on the form is 'Name' or 'Your Company Telephone', all they see is a box where text can be entered.
We therefore include a box on the form which MUST BE left blank. If it contains a value, it has been filled in by an over-zealous Spam script and so should be rejected. Even better, the new box on the contact form can be made invisible on the screens by using .CSS but the automated script will find it and will probably have been programmed to fill it with Spam.
It is a honey-trap for Spam scripts.
It has worked perfectly for my Business Internet site and I will continue to monitor the statistics. The day I implemented the honey-trap, 41 submissions were rejected and the following day 53.
AB Publish Business Website Creation
Having seen the success of the honey-trap in stopping form Spam, I intend to implement the same solution to the AB Publish contact form. There is nothing you will have to change on your Business Website - it is our unique Website publishing system that will be upgraded and everything will be seamless to you.
What one site experienced and overcome will be rolled out automatically to all AB Publish users at no cost. It is part of our mission to provide the best Website Creation software in order that you can create your own business Internet site.
In a similar way - if you have any questions or problems, please do not hesitate to contact us.
We can therefore continue to improve our Internet Creation system by integrating new techniques and new developments.
Fri 10 June 2011 17:06:07