A lot of people ask me how to keep bots from spamming their contact forms. Here is a simple way to do it without implementing a captcha code or other complicated security measures.

Most bots will fill in form fields they recognize with the data they are spamming. When they come across an unknown field, they will usually fill it in with a random string just so the form is submitted without error. This is where we can take advantage.

Create an input field in your form.

<input type="text" name="botcatcher" id="botcatcher" />

Then in your css you wanna hide this field.

#botcatcher { display:none; }

When the form is submitted, you want to check if this field has a value. If it does, discard the form as it’s usually a bot. I just send them to the thanks page so it appears to be successful. If it doesn’t have a value then its usually a real user.

<?php
if(empty($_POST['botcatcher'])) {
    //Valid user, Process the form
} else {
    //Invalid user. Discard the form
}
?>

I have been using this little technique on my forms for a few years now and it has drastically cut down on spam bots. Try it out and let me know what you think.