Jul 06 | 5 minutes read

4 Ways To Avoid Form Spam

Technology has come a long way since the first bot-busting CAPTCHAs were introduced. So what should marketers add to their freshly-built webforms today? We’ve collected 4 terrific methods right here - dive in and choose the one that fits you best!

The side-effects of form spam: a quick recap

Everyone knows that subscription form spam - when spambots (or humans!) fill the forms on your website with false information - is bad. But why exactly?



The most obvious reason, of course, is skewering your collected data: lots of fake information will alter your results and affect your actions based on those results.

(Like if you’re an e-commerce company and your results say you have a mostly female audience, when in reality, men purchase more from you: so when you make your inventory plans, you will miscalculate.)

Not just that, but false data will keep you from knowing who your real customers are, so you won’t be able to personalise your content and communication for them, which means losing out on their trust (and their business).

… Add to this the fact that spambots can add malicious links to your forms that affect your computer, and you can see how keeping your forms secure on your site is crucial.

The question is, how? Well, it depends on what you want/need - check out the solutions we’ve collected below to find out which one fits you best!

Learn more about forms from our free Marketing Automation handbook 



Introducing: CAPTCHA 2.0

Ever since a university team came up with the CAPTCHA technology in the early 2000s (before selling it to Google), its various incarnations have been used according to the same pattern: at first, a near-perfect success rate, but as time moves on, spambots and humans employed by CAPTCHA farms manage to break the technology.

Also, companies with a strong design and/or UX ethic have often complained about using CAPTCHAs on their sites, since it’s not visually pleasing and jolts users out of their environment.

This is why several designers have taken it on themselves to “reinvent” the CAPTCHA method - whether by turning it into a game like Sweet CAPTCHA, adding a numerical element like Math Captcha or eliminating the technology altogether, like Google’s No CAPTCHA method (which analyses previous user behaviour to determine whether a form-filler is a robot or not, after asking one simple question: “Are you a robot?”.)


These new incarnations of the original technology often manage to stump spambots enough that they shift their attention to other sites - and they’re more pleasing to the eye, too!

The Honeypot Method

Another way to combat false form fill-outs is to add so-called “honeypots” to your webforms: open text fields which can’t be seen by users, because it’s hidden by the CSS or JavaScript. This means that when an auto-filling spambot attacks your form, it will fill out the hidden field as well, which in turn will let you know that it’s not a real person. 

Many companies prefer this method as it goes unnoticed by users and malicious humans (unless your browser has an unruly auto-fill habit) - however, like before, highly advanced spambots also have ways of detecting this. Still, it’s one of the cleanest solutions out there.



Mobile verification

As smartphone use continues to grow, including them in the user verification process seems more and more natural. It may also be the most secure way of making sure your forms are filled by a real-life person, since no robot will be able to reach the device you sent a verification code to and then type it back in the form.

It does, however, lengthen the user experience significantly - so mostly those companies employ this where security is crucial (e.g. ESPs, banks), although lately, more and more industries have started to adopt this method (e.g. computer gaming).

Unique hacks

Those businesses who want to keep their brand experience intact can always choose to develop a more personal, unique approach to securing their sign-up forms.

A famous example of this is Snapchat’s image challenge: after the company was hacked in 2014, they developed an in-house verification game where you have to choose certain images in order to proceed with the signup process.



… While certainly unique, creative and consistent with the brand, its security level isn’t as high as some other solutions listed above (just Google Snapchat captcha to find out more). However, combined with e.g. a mobile verification step, it can definitely keep out the most unwelcome guests.

If all technology fails - what’s the point?

Many a dejected marketer has asked this at some point during their form spam evaluation. And while it’s true that, whatever technology we use to keep our forms safe, it will never be permanently foolproof - that isn’t our only, or ultimate, goal.

Like we mentioned before, often it’s enough to slow down aggressive spambots to a point where they decide to move on to another platform, and not expend energy on spamming your hard-to-access form. So instead of looking for a fail-safe, final security check, make sure instead to 1) choose a technology which satisfies your priorities, and 2) keep an eye on it and update periodically, to make sure you stay a step ahead of all malicious machines.

That way, your data will be as safe as can be in this data-ridden digital universe of ours - which is the most we can all hope for!

Can't wait to learn more about forms? Then why not book a FREE online demo with one of our APSIS digital experts  They'll tell you all you need to know about forms and more!