FormKeep EduLog #2: Lessons from the Dark Side of Web Forms

Learning how FormKeep’s spam protection prevents bad actors from invading your web forms

So,  you think you have a simple web form and a business that is unlikely to attract attention from the dark web? It’s a pleasant thought until you wake up one morning with 5,000 form responses when your normal daily rate is 25. The truth is that sometimes web forms are a honey pot for bad actors. This week I set out to find out why web forms attract spammers and scammers and, also, how FormKeep can help you prevent spam and protect your business.

Why do spammers and bots attack web forms?

Before diving in this week, I took a few minutes to talk with FormKeep CTO, Dave Kloba. I asked him why forms attract so much attention from spammers and bots. Here’s what he said:

“Most spam that we see are people attempting to blindly promote some product or service. They’re spraying and praying their message across a wide audience and hoping that they can make up a poor offering by using volume. The spam protection technology is very good these days in removing this kind of content before you have to see it. If you’re just putting a form up on the web, without any filters, they will eventually find it and you’ll be flooded with useless content.”

Checking the Box (Against Spam)

The technical portion of this week’s EduLog will be significantly shorter than last week. This is for a good reason: FormKeep has already done a bunch of work behind the scenes to keep your forms protected from bad actors. In FormKeep’s early days, you’d have to validate reCaptcha keys yourself and sometimes even use Honeypot Fields. Nowadays, however, pretty much everything you’d need is automatically done for you. 

Remember last week, when you left that “detect spam” option ticked? That box gets you 80% of the way to total security (or at least as close to it as anyone on the internet can get). This week, we’re going over the other 20%.

Your Spam Protection Options

So, our fictional veterinary clinic has it’s contact form up and running, but they start receiving spam! These messages are crowding inboxes and making it hard for the VG’s employees to find the real customers with real needs. What can they do to stop this scourge?

First: Verify your Current Protections

Head over to your FormKeep dashboard and select your form. Click on the “Form Settings” tab.

Then on the left hand side, select the “Spam” tab. Verify that the “Detect Spam using Submission Data” box is ticked. If it weren’t, that would definitely be why the VG was receiving so much false data.

When all is well on this page, click the “reCAPTCHA” tab. Again, make sure the relevant box is ticked. All FormKeep forms use reCAPTCHA version 3 to root out bots by default, so there shouldn’t be any issues here. Also, if you’d like to read FormKeep’s Spam documentation, you can find it here.

Great, you’ve verified all relevant settings. Now let’s enable some new stuff.

Second: Enhanced Security

FormKeep has two other features for users who want enhanced anti-spam measures. These are Honeypot Fields and Field Validation. Neither of these are set up by default because they require work on the user’s end. We’ll only be going over Field Validation this week, because Honeypots aren’t industry standard anymore. If you’d still like to integrate one into your FormKeep forms you can shoot an email to our support team.

Field Validation simply checks the user’s input against a set of banned values. You have two options here that I think the FormKeep UI explains best:

So, go ahead and pull up the Field Validation tab on your dashboard. As always, tick the box indicating that you want validation enabled.

Now, you’ll see two fields, one for a name and another for a validation option. When we think back to our Vet group’s form, which fields would be best to validate? I think it would be the “Email” and “Reason” fields. So, in the name field write your relevant information and set validation to “Required”. For the most part, you do not want to require unique email addresses, especially if you are a Veterinary Group. This would prevent return customers from submitting more than one form with the same contact information. Let’s set the same validation for “Reason” as well.

Click save, and there you go! Field Validation is enabled with your custom parameters. 

Spam Enlightenment

And now you know all anyone needs to know about preventing spam submissions from web forms! Although most people think that spam won’t affect their business, it can do great harm, especially when you onboard customers via web forms. Luckily for you, FormKeep makes it easy to deploy a near impenetrable wall between you and the bad actors who want to disrupt your operations. Spam affects us all: It can be anything from a full personal inbox to a multi-million dollar business scam. Now that you have reached Spam Enlightenment; may your web forms forever be free of spam. 

Come back next week when I’ll cover using FormKeep to create an email campaign!