Skip to main content

Search

Online Help Center

Anti-Spam Strategies for Web Forms

In order to reduce spam leads, it is highly recommended to use one, or a combination, of the following strategies on your web forms.

Jump to: Hidden Fields | reCAPTCHA | Spam Filter Services

Use a Hidden Field to Trick Spam Bots

Spam bots generally process HTML and not CSS or JS. Thus, we can add an extra form input and use CSS or JS to hide the input. In legitimate use cases, users should not see this hidden input, so the value should be empty. However, spam bots might fill up the input with junk data. When we detect a non-empty value for the hidden field, we can flag the web lead as a spam.

In the following example, in normal use cases, the 'comment' field should be empty. However, a spam bot might be tricked to fill it with spam message.

<html>
  <head>
    <meta charset=utf-8>
    <title>Web Lead Form</title>
    <style>
      #comment { display: none; }
    </style>
  </head>
  <body>
    <form>
      <label>Email address: <input name="email" type="text"></label>
      <input id="comment" name="comment" type="text">
      <input type=submit value=submit>
    </form>
    <script src=script.js></script>
  </body>
</html>

Use reCAPTCHA

reCAPTCHA from Google can help make sure it is actual a human that submits a web lead form and not a robot. There are different reCAPTCHA options you can apply to your website; however, we recommend the Invisible reCAPTCHA option which acts like a lock and a key. With this option, InTouch can enable a "lock" on your site that only "opens" (i.e. creates the new lead) when your web form sends the right key with the lead. You create the keys through Google and add their code to your webform.

To complete an Invisible reCAPTCHA setup:

1. Register a set of keys with Google's reCAPTCHA. You should follow Google's instructions in case their setup changes, but you can try:

  1. Go to https://www.google.com/recaptcha/admin and log in with your Google account
  2. Select + to create
  3. The label is for your internal reference (ie label it as you wish)
  4. Under reCAPTCHA Type, select Challenge (v2) and Invisible reCAPTCHA badge
  5. Under Domains, add all the domains where your webform will be hosted. Note: This is an important part of the verification process as InTouch will only accept leads that originate from one of these domain names
  6. Save

2. Add the code to your webform (see example below)

2. Contact Support with the following information for us to apply a filter on your InTouch site.  On the server (InTouch) end, we then use g-recaptcha-response to verify with Google.

  • The InTouch sites to which you would like reCAPTCHA applied
  • Your reCAPTCHA Site Key
  • Your reCAPTCHA Secret Key
  • Your website domain names (you can register multiple domains under the same key)

The following example code uses Invisible reCAPTCHA. (Each ... represents your regular web lead code segments).

form id="web-lead-form">
....
<input name="g-recaptcha-response" type="hidden" id="g-recaptcha-response">
...
<button
  class="g-recaptcha"
  data-sitekey="SITE_KEY_FROM_REGISTRATION"
  data-callback="onWebLeadFormSubmit">
  Submit
</button>
</form>
...
<script src='https://www.google.com/recaptcha/api.js'></script>
<script type="text/javascript">
  function onWebLeadFormSubmit(token) {
    document.getElementById("g-recaptcha-response").setAttribute("value", token);
    document.getElementById("web-lead-form").submit();
  }
</script>

 

Use a Spam Filter Service

Akismet is originally designed to help bloggers filter out comment spam. However, it is possible to use the service to detect web lead form spam as well.