Navigating Website Spam and Fake Form Fills

It’s just a fact of life on the web that you are going to have to deal with some spammers on your website. The motivations of these scammers are varied, but one thing is constant – site spam and fake form fills will persist, and will always be frustrating.

With that said, there are steps you can take to limit the frequency of this spam and continue to operate a successful, consistent website despite this problem. In this article, we’ll go over some of the basic strategies available to help you get around site spam while using up as little of your valuable time as possible.

Understanding the Threat of Spam

While we don’t need to dive deep into the world of cybercrime for the purposes of this article, it will help to talk for a bit about how website spam works and how it ends up affecting your business.

First and foremost, it’s important to understand that these aren’t people filling out fake information in your forms or submitting other types of spam by hand (in most cases). That would take too much time to be effective or make any meaningful difference in their objectives. You aren’t dealing with people on the level of an individual website – rather, you are dealing with bots.

Spambots crawl around the web automatically, looking for targets. Generally, they are aiming to collect a long list of email addresses that can then later be used to send out spam messages hoping to trap victims and make money. Despite relatively widespread knowledge of bots and what they are trying to accomplish, these tactics remain profitable, which is why they continue to occur. As soon as spam tactics stop working, you can bet that there will be an almost immediate drop in the prevalence of this issue.

So, as you think about what kinds of methods you can put in place to slow down the flow of spam that you have to deal with, remember that you are trying to stop bots. Techniques that wouldn’t get in the way of a human filling out a form or sending some spam might be more than enough to stop a robot from doing the same thing.

Some Basic Measures in Your Fight Against Spam

To bring some practicality to this discussion, let’s talk about some of the effective methods that can be used as a starting point in your fight against spam. Will these methods stop spam entirely? No, almost certainly not. But they will go a long way as your site won’t be an easy target any longer, and many bots will just keep looking in the hopes of finding an easier site to attack.

• Block specific countries. This isn’t a method that is going to work for all businesses, as those who do sell to locations around the globe wouldn’t want to block their domain from individuals in various geographic areas. However, if you are mostly trying to sell to people in the U.S. – or a limited number of other countries – you could choose to block your domain to other countries that are known to have problems with spam bots. This single action alone, if it is suitable for your brand, could lead to big strides in the right direction on this issue.
• Implement a CAPTCHA system. You are already familiar with this method, whether you know it by name or not. When you use CAPTCHA on your site, you are using a system that is going to demand the user to perform some type of action before they can submit a form. That might be solving a simple puzzle or identifying what is represented in an image. These tests are easy for human users to complete in just moments, but bots typically can’t get over the hurdle. So, the use of CAPTCHA can quickly drop your number of spam issues while only causing a minor, momentary inconvenience for your users. And, since countless websites already use CAPTCHA systems, your users will be used to it and probably won’t think twice.
• Try a honeypot. This is a particularly sneaky technique that helps to eliminate form submissions from your system when they come from a bot. The way it works is this – as part of your form, there will be a field that isn’t graphically represented on the screen. So, when a human lands on your page and fills out the form, that field will be blank (because they couldn’t see it to fill in any information). However, on the back end, that field will be there, so the bot will fill in some sort of response. This way, if that hidden field has any data, you can be sure that the form was from a bot and not a person. So, that field having any value can be set as a trigger to simply delete the entire form submission, and you won’t have to sort through it.

There is one other technique that is worth mentioning regarding the privacy of your email address. If you want people who land on your site to be able to see your email address, you might be tempted to include it right there within your pages. That’s fine, but the bots will have no trouble picking it up, and as a result, you might get quite a bit of spam email to that address.

A better approach is to create an image that features your email address and then load the image to the site. All the bot will see is the fact that there is an image file on the page, but it won’t be able to actually see (and read) the image. So, basically, you’ll have made the email address invisible to the bot while still plainly displaying it for your audience to use.

Further Screening of Leads

Depending on what type of business you are in and how you deal with your leads, it might be very important to sort out fake leads from legitimate opportunities. In other words, if a stack of leads comes through your site as a result of form submissions, you need to figure out which ones are worthy of your time and attention, and which ones can be ignored.

This is particularly important if you are going to be turning over your leads to a sales team for further communication. You don’t want to have your salespeople wasting their time calling leads that are never going to convert, as they could be investing that time in more productive ways. So, if you seem to be having problems with fake form fills even after using some of the techniques above, consider the following steps for more screening and refining of your list.

• Check the geography. We alluded to this issue above when talking about blocking traffic from specific countries. If you choose not to block any countries, or you only block a small number, you might keep getting traffic from places that are unlikely to be authentic customers. For instance, if you only actively market to the United States and Canada, yet you are getting some form fills from halfway around the world, you should wonder if those are legitimate. While you might not want to dismiss these leads automatically, they warrant a closer look – and you might notice some patterns that enable you to more quickly dismiss leads from these geographical areas in the future.
• Use IP addresses. Quickly sorting your submissions by IP address in a spreadsheet can reveal interesting results. You might find that you are getting multiple submissions from the same IP address – which would be an obvious red flag. Why would a legitimate potential customer keep submitting your form over and over again? It’s possible that someone might accidentally submit a form twice, but any more than that is almost a certain sign of fraud. Consider kicking out all leads that come in by way of duplicated IP addresses so you can avoid wasting time going down a dead-end street.
• Timing of submissions. This is a good one for local businesses to use, as getting submissions at weird times of the day is often a giveaway for spam. If you do business in Dallas, as an example, you would expect to get most of your submissions during the daytime and evening hours in that time zone. So, if you get several form fills in the middle of the night when most people in your area are sleeping, that timing is worthy of some suspicion. It’s possible that someone was up early (or stayed up late), but most likely, these are spam and can be deleted.

At first, you’ll need to do some of this screening manually to improve the quality of your collection of leads. But moving forward, you can try to put some systems in place to streamline the process and save time while not allowing the spam to get too far into your system and bog down your teams with pointless communications.

Track Form Fills and Adjust Spam Protection Measures As Needed

Now that you are thinking more about what website spam looks like and why it is a problem, you can aim for improvements over the long run. You might decide that it’s necessary to put several roadblocks in the way of a bot filling out a form like we talked about earlier. Or, if the problem is too persistent, you might decide that promoting phone calls rather than form fills is the right approach for your business. Always filter everything through the lens of what you are trying to accomplish, what kinds of leads your business requires, and how many people you have available to deal with this problem.

Once you have a quality system in place for dealing with site spam, this issue should take up only a minimal amount of your time and attention. You can never forget about it completely – you’ll need to keep your system up-to-date and alter your approach as the issues evolve – but you should be able to put it on the back burner most of the time. With spam under control, you can spend more time and energy on delivering great service for your clients and developing great products.