What is Form Spam?

Form Spam is when your web forms are submitted by a user or a script to send spam to the receiver of the form. This is different to Form Hijacking where your form is used to send spam to lots of others. It is also different to standard email spam where the spam is sent directly to an email address. Form Span is submitted to and processed by your form processor which then sends it to the form delivery email address. Form span is less sinister than standard spam or form hijacking which are both single action mass distribution.

Form spam can simply be a real user sending you unsolicited information by completing your form. In most cases this information will be for something in which you have absolutely no interest or desire to even be associated with.

Increasingly however Form Spam is being automatically generated by scripts. If you receive large volumes of Form Spam emails then it is likely it is an automated script submitting your form.

Methods for stopping Form Span include:

• Use your email client to filter spam emails. Google GMail provides a reasonable spam filter function.
• Set your form to provide a manual review of the submitted data prior to form processing. For example display the data and request confirmation by the form submitter. In a Form1 processor setting the Display as HTML before Submission feature provides this functionality. Setting Display as HTML before Submission causes the form to require an additional verification stage before it is processed. This requires a manual action and is difficult for an automated script to mimic.
• Have the form processing script perform data validation. Check for required fields and email address validation. In a Form1 processor setting the Defined Required Form Fields and the Defined Email Address Form Field provides this functionality. JavaScript field validation offers no protection as it only runs in a browser, and only if JavaScript is enabled.

You can also block Form Spam Processing:

• The Form Spam Blocking Script blocks form submissions that include blocked character combinations effectively stopping all form spam from being sent. The character combinations can represent words, email addresses, IP addresses or any other information that is processed.

While the Human Intelligence Identification Script (Hii) prevents any form submissions by automated robots:

• The Human Intelligence Identification Script (Hii) is designed to prevent web forms being submitted by automated robot scripts. Automated robot scripts are used maliciously to send Form Spam and Hijack Web Forms. The Human Intelligence Identification Script only allows form processing if a correct answer to a set question is provided when the form is submitted. The question can be in any format or structure. A script robot cannot interpret the meaning of a text question nor does it have the capacity to provide a correct answer. In fact it does not even know an answer is required. This applies for even the simplest of questions and effectively prevents a non-human from completing a form submission.

• Never respond to spam emails.
• Never purchase or use email mailing lists that are not 100% verifiable as opt in.
• Never use the services of any pseudo "Marketing" company that cannot 100% verify its marketing and contact methods.