Imagine a situation. You have a nice website and you actively market it. You are getting phone calls and web inquires. Business is good. Then, one day, you get 2,500 web inquiries. And 99% are spam. This can be scary. You have just experienced a spam attack. This happens to everyone, especially as their websites grow more popular. If you experience this type of attack, it can cause all sorts of problems for your business:
- Emotional distress: You may feel helpless for a moment. It may feel as if someone vandalized your office and defaced the family photo you keep on your desk.
- The need for heavy clean-up: You will need to go through all 2,500 entries that came through your contact form, so you can filter out the legitimate entries that you need to contact.
- Over-active spam filters. When you get a large volume of spam emails, your email provider starts treating all email addresses going through the form as spam.
What can you do to prevent these problems in the future?
Step #1: Protect the Email and Phone Number Fields
Include email and phone number validation in your web request forms.
Your goal is to validate that the email address field entered into your form actually contains a valid email address. This can be done by verifying the structure of the entry in this field. Unless the field contains the following structure: “email@example.com”, the form will not be submitted.
Spam robots usually don't understand which input fields are what. If they try to enter gibberish symbols into your email field, they will be stopped.
Here is how email validation looks like in cformsII plugin for Wordpress.
If you require a phone number in your form, make sure you set up validation within your form. This will determine whether the phone number entered is a valid U.S.-based phone number and, if not, the form will not be submitted.
The idea is the same as with email validation above. Taking this step can prevent another large chunk of spam entries from getting through on your form.
Here is what phone number validation looks like in cformsII plugin for Wordpress.
Step #2: Include Human Verification
This can be done via two approaches.
One is by using CAPTCHA. This is when you make visitors enter those ugly symbols into a verification box. The challenge with CAPTCHA is that this tool can be annoying. Also, many people often find it difficult to decipher the letters and numbers pictured and enter the accepted text exactly right. This poses a risk for lead generation forms as some potential customers may give up and move on.
The other approach is to make the visitor check a required checkbox to validate that he or she is, in fact, a human and not a robot. If the box is not checked, the form cannot be submitted. This reduces the amount of hassle for the visitor while still effectively preventing spam-bots from filling out and submitting your forms.
Here is an example of what the checkbox looks like:
Step #3: Block Spammer Countries from Accessing Your Site
No matter how many security measures you take, some spammers will still work their way through the cracks. The best policy is to completely block access to your site by those connecting from countries that are well known to include spammers. There is an easy way to do this if your website runs on Wordpress: get Wordfence plugin.
This plugin has multiple great security features; however, it is a good idea to also use their Country Blocking feature. I recommend getting the premium version. It costs around $39/year. You can access lists of countries that are well known to host several spammers at Spamhous, Real Clear World, and Naked Security.
Experiencing a spam attack is never fun. It can lead to hours of work and can result in missed customers leads. The best plan of action it to take steps to avoid such an attack before it ever happens. Implement the steps outline above to protect your website. Good luck.