Ai developers typically add a hidden “honeypot” field to forms to avoid spam bots. Spam bots usually fill out all of the fields on a form, including the honeypot field. When the honeypot field is filled out and the form is submitted, the form information is not captured.
While doing some cross-browser form testing for several sites I noticed that in the Chrome browser form information wasn’t always being captured.
Upon further investigation I learned that Chrome’s Autofill feature is causing this problem. Chrome’s Autofill fills out the honeypot field and makes the form think that it has been filled out by a spam bot. Since this may result in a significant amount of legitimate form submissions not reaching their intended target, it is important to test all forms with Chrome’s Autofill in mind. Developers need to provide a solution that successfully curbs malicious spam bots without preventing legitimate form submissions.
You’ve set up your site and its contact form and you have started getting traffic. Then one day the person getting the contact requests forwards you a spam submission:
“We are getting tons of these. Is there a fix our web guy can implement?”
Your immediate response may be to install a captcha. That will work, although it is a bit much for a simple contact form.
An alternative solution is to simply include a hidden field.
In your css file add:
#email2 { display: none; }
In your contact form add:
<input class="text" type="text" name="email2" id="email2" />
Finally, in your server side processing script add logic to the effect of:
if request.POST.get('email2','')=='':
#process form
And that is it. This will trick the spam bot to think that there is an extra email field in your form that needs to be filled out. It will automatically fill it out and submit the form. By filtering any form submissions that have this extra field entered, you can exclude the non-human submissions.
I can’t imagine someone hasn’t already run with this idea, but it strikes me that the random text that spammers put in their email to get around Beysian filters constitutes some pretty fine (simulated) stream of consciousness poetry. Check out this gem I received this morning (actual spam payload deleted):
With my foot the supple ball, for perhaps
The high whites spread over the buried earth.
Allowing me to let your picture form and wake
Of tree-dividing sky finally comes down to
Out of the road into a way across
X. The British Attack on the Arctic
II. List of Franklin Search Parties
will come, blighting our harbingers of spring,
Of the matter of snow here. Both of us have grasped
Palladio who beckons from the other shore,
That squareOh, 56 x 56
They move against, or through, or by, or toward.
The winged winds, captives of that age-old foe
to restaurants for Early Bird Specials.
Of observation lying on the ground
then takes a step back, to be safe as she reaches.
Empty streets I come upon by chance,
Pierced by the mist that fades away,
XI. Franklin’s Last Voyage
Rhyme on, oh random word generator poet. I think it should be titled Early Bird Specials.
Update: Fixed formatting.