Contact Options

A lot of businesses on the web seem to make it hard for people to contact them, sometimes unintentionally, sometimes in an effort to combat spam.

They make the user use a contact form on their website, which can be over complicated or require information that a casual enquirer doesn’t want to give. Email addresses are obscured in an effort to confuse email harvesters and succeed in confusing users as well. Or contact information is just too hard to find.

In my opinion, if you are selling a product or service that requires people to get in contact with you, you need to provide every opportunity for them to do so and not hinder them in any way. Provide a phone number, email address and enquiry form. Any anti spam measures you need to take should happen in the background.

A lot of web developers and web designers (professional and amateur alike) forget that not everyone is as web savvy as them, not everyone is great at typing or filling in forms, or has any idea why you might want to protect yourself from ’spam’ (tinned processed meat?). Some people may think that their enquiry is so unique a website form just can’t handle it and will want a simple email address, or they may just want to find a phone number and speak to someone.

Make the most of all the hard work involved in getting users to your site and make it easy to convert them.

So here are a couple of ideas. Don’t write email addresses in a none-email format. If you must do something, make the email address an image and encrypt the mailto: link. (And beef up your server side spam protection and the filters in your email client).

Have a form for casual enquiries (e.g. with name, email and message fields) and a more detailed form for more serious users (maybe linked from a product detail page) – call it an order form. Protect these forms from spam bots with server side scripting, or dummy form fields.

And finally, how about providing a single field form where users can type in their email or phone number, and send it to you so you can contact them.

Combating Spam Without Captchas and PHP

The contact form on my main site, www.dangifford.com was recently discovered by spam bots.

Instead of enquiries from people wanting me to perform magic, I have been bombarded with links to sites selling ringtones, watches and various pills and potions. So it was time to sort it out and put in some preventative measures.

Spam proofing a form is pretty straightforward in PHP. There are many free PHP contact form scripts that will add captchas and other anti-spam measures to your forms. Unfortunately, my site is static HTML on a basic hosting package with no PHP. It uses the venerable FormMail CGI script from Matt’s Script Archive to process forms.

I considered trying to add a captcha, a simple arithmetic or spelling question to ensure a human is using the form, and modifying the script to check the answer. However, my programming skills aren’t up to it (I’m just a messy hacker) and besides, I want to prevent spam, not make using my forms harder for genuine users.

So I’ve used a much simpler solution involving fake form fields. (See this article)

Add a fake textarea field to the form, giving it an easily identifiable name such as ‘comments’ or ‘message’. Rename the genuine field. For example change ‘comments’ to ‘whattheysay’.

In the stylesheet for the page, create a class including the rule ‘display: none;’ and apply it to the fake field.

Normal users will not be able to see, and therefore not be able to enter text into the fake field. But the spam bots will find it in the code and fill it with links to dodgy sites.

So, when the form is processed by the FormMail CGI script, it only needs to test for content in the fake field to determine if the message is spam.

Open up FormMail.cgi in a text editor and find the send_mail function. Enclose it in an if statement that checks whether the ‘comments’ fake field is empty. Here is the relevant code:

sub send_mail {

# Only send email if spam trapping field is empty #
if ($Form{'comments'} eq '') {

# ....rest of send_mail function.... #

# closing bracket for spam if statement #
}

}

That’s it!

In the spam emails I received, it was the textarea fields (named ‘comments’) that spammed, so that is the field I’ve faked. Other forms may have different fields that get filled with spam, but I suspect spam bots target textarea fields where they can add the most text.

Problems/ room for improvement?

I suppose spam bots might learn to detect fields hidden using this CSS technique, however there are other CSS tricks that can be used to hide the fake fields.

You could also do something other than just not sending the email. Maybe bounce it back to the spammer? I’m just happy not wasting my bandwidth downloading it.

People using alternative stylesheets (for accessibility reasons) will be able to see the fake field. For those users, add a note next to the field saying something like ‘This field is used to detect spammers – don’t write anything in it!’. Give it the same display none class as the fake field and it will disappear when viewed using the standard stylesheet.

No more spam so far…..