We know how to stop
form and comment spammers
including form-filling spam bots!

There's lots of advice on the interwebs about how to defeat form and comment spammers; those irritating automated bots that use your contact or comment forms on your blog or web site for spam.

We know that most of the ideas won't work as a long-term solution - because we've tried them all.

Here's what doesn't work:

• Hidden form fields
• CSS styling tricks to hide fields
• Captchas - those squiggly words that you can never read
• Stupid questions like 'What is 3 + 9?'
• Check boxes
• Honey pots
• Renaming form files
• And just about every other trick you'll find on the interwebs

If you want a more technical explanation of how automated spam bots work, and why those techniques don't stop them, check out our post on our Security Dawg site.

Our Solution

We've found a foolproof solution. We've used it on many different web sites. Before we implemented our trick, we'd get form spam on those sites. Afterwards, no more form spam. None whatsoever. It just works!

It's simple! We just:

• Use simple processes to check for human activity that works in all browsers.
• Send non-humans (those pesky 'bots') to this FormSpammerTrap site - or to a site of your choosing.
• Our latest version adds even more protection against spammers with the optional Google's Invisible ReCAPTCHA.
• We've added some additional tricks to prevent bots from abusing the form's response page.
• The new customization area has more options, and will make it easier to customize your form.
• The code has been reorganized a bit to make it easier to implement. Just set up your options, and then add three statements to your contact page to enable the form.
• The submit button won't appear until required field is input by a real human user.
• We've improved and expanded the simple instructions so you can easily implement our process on your contact page.

The results:

• You don't get automated form or comment spam.
• It works for WordPress sites - we have a free WordPress comment form plugin and a contact form template.
• It works for customized sites with our free code.

Not convinced? Go to our contact form (opens in a new window). Hit the submit button and nothing else. That's what happens to form spammers - they get sent to this site's home page. And you don't get their form spam.

Don't Believe This?

Try this test!

Most bot spammers use CURL or other external processes to submit their form. A CURL command to submit a form can be done at the command line in any operating system.

How easy? Take a look at this simple CURL command. It submits the fields in our contact form page, without even visiting the page. (Click to copy to your clipboard.) It's the type of command spam-bots will try on contact forms - they don't even have to visit your site.

Copy the above command into your command prompt, then press Enter. Your screen should show you the response. I won't get the email, since the form submit was done via your 'bot'.

All you will see (and what the bot spammer sees, if they are paying attention) is a bunch of HTML code (the FST home page). And no email will be sent.

Our solution just works. It blocks all form spam. I've never gotten form spam via the contact form here.

You can get the same results on your site. Just get the code, follow the simple instructions, and No Spam For You!