The Prevention of SPAM on Your Website

August 24, 2006

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

One of the big issues with setting up any website is how to prevent SPAM. Simply put, if you directly publish your email address on your website, it is likely to be picked up by software robots and added to spam lists. These little robots act just like search engine robots. They scour the web, scanning the text of web pages. When they find an email address, they add it to a database. I can tell you from first-hand experience (from my earlier days in this business) that publishing your email address on your site WILL lead to problems with spam email. So, how can you prevent it? Obviously, you want website visitors to be able to contact you. If your site is a promotional mechanism for your business, you obviously want to have potential clients be able to easily contact you. The more barriers you put onto the process of contacting you, the least likely they are to go through with it.

Here are a few quick ways to spam-proof your site.

Use a Contact Form

First and foremost, I always recommend using a form on a website for the purposes of sending you an email. So, instead of your visitor clicking on an email address and opening up their email program to email you, they will fill in a quick form on your site. Submitting the form will send you the email. Now, there are a few considerations on this:

Do not over-complicate the form. The more fields you put onto the form, the least likely they are to use it. I’ve seen many contact forms that ask for my address, phone number and all these other questions before allowing me to submit the form. Its just too much. All your visitor wants to do is send you an email. They don’t want to feel constricted, and they don’t want to send you any information they feel is sensitive (address, phone, etc.). So, only ask those questions that you really need to know, and only make the form require the absolute bare minimum (message, subject line and return email address).
Use a server-side language. Do NOT have your email address in the form as a hidden field. It might not be viewable on the website, but its still there and spiders will find it. Always use a server-side programming language like PHP to send the email and have your email address be in the code itself so that it will never be viewable on the web, even if the user views the HTML source code of your site.

Spam Proofing a Form

Simply using a contact form is not enough to prevent spamming. They might not be able to get your email address, but if the form is improperly programmed, they can still hammer your form and use it to send email. Especially if the form is used for emailing others (such as a send-to-friend feature). If these forms are not set up right, it is just asking for some spammer to use your form to blast email. So, here are some ways around that:

Use the POST form method to submit the form, and make the code which receives and validates the form only work with POST variables rather than GET variables.
Include error checking to ensure required fields are entered properly and that the email addresses entered are of valid format.
Possibly use image verification on the form. What this does is outputs a dynamically generated image into the form. The user will need to enter the string on that image into the form to successfully submit it. This ensures that you have a real user using your form rather than a software robot.
You can make use of sessions (server-side) to spam-proof the form. On the loading of the form, generate a random string. Save it to a session variable and put it into a form hidden field. On submitting the form, have your code compare the session to the POST variable and only proceed if they are equal. Again, what this does is ensures that the request indeed came from your site and your form and that your code is not being executed remotely by a robot.

Live SPAM Free

Having a popular website doesn’t mean you need to be spam-ridden. Do the right things on your site from the beginning and you can grow without a big spam problem.