A Simple Solution to Form Spam

A few weeks ago, Britt Blaser sent me a link to a technique for using CSS to fight form spam.

The idea is simple, you add an extra input field to your form and use the CSS visibility property to hide it. The input field won't be visible to humans, but will appear normal to a spambot crawling the Web filling in forms. On the back end, you look for values in that field. If the form returns a value for that field you assume that a bot filled it in and discard the session. If the field is empty, then likely a human filled in the form.

I've implemented this on a form on my site that used to generate 10-12 spam responses a day and haven't had a single spam message come through since. The solution is easy and doesn't inconvenience users in the least. Perfect.

Please leave comments using the Hypothes.is sidebar.