— Eliminate Spam with CSS —
A Neat & Tidy Email Obfuscation Technique
Spam can be very frustrating. Displaying an actual email address on your website will often result in far more spam than "real" inquiries. Email forms using a PHP script were supposed to eliminate this issue, but the spambots have learned to harvest email addresses from within the linked PHP file.
The way I was avoiding spam was to not use my "regular" email address on the website contact form. If the spam was getting out of hand I simply deleted the old contact email and replaced it with a new one.
One day I had enough! It hadn't been more than a couple days since my last contact email switch, and I was getting spammed with Viagra ads! So I did some research for a better way to eliminate the spam …
There are two very common methods around the spam problem that are in common use, both of which I find somewhat annoying:
- CAPTCHA, which displays text and numbers that must be typed correctly in a form field to "prove" that you are a human being to send the email. I am human and still find some hard to read.
- A Question, such as "what is 2 + 2? To me this just looks dumb.
A Better Alternative to Spam Elimination
Then a new technique was unearthed in a Google query. I should have book-marked the URL, as the guy deserves a link-back for sure!
- Trick the Spambots using CSS, which I now use.
The concept is simple: setting up a form with a text field and use CSS to make it invisible. The spambots will "see" the invisible form field and write something in it (they always fill out every field in case it is a required field). Then, if a post is sent to the PHP script and that text box has information in it, that means a human didn’t fill it out, and the email is simply canceled!
I only dabble in PHP, and was unable to find an example script to execute the spam-killing technique using a hidden text input field. I have a business associate and friend that wrote one for me: Derek Lang at LaptopSquad, and I have included it here:
<?php $EmailFrom = "websiteemail@yourdomain.com"; $EmailTo = "you@yourdomain.com"; $Subject = "Website - Contact Form"; $name = $_POST['contact_name']; $emailfield = $_POST['contact_email']; $messagefield = $_POST['Message']; $contact = $_POST['phone']; $verification = $_POST['verification']; $verification_Length = strlen($verification); if (isset($name) && isvalidemail($emailfield) == false) { print ""; } Elseif (isset($name) && $name != "" && $verification_Length < 1) { $Body = ""; $Body .= "\n\n"; $Body .= "Name: "; $Body .= $name; $Body .= " "; $Body .= "\n\n"; $Body .= "Email: "; $Body .= $emailfield; $Body .= "\n\n"; $Body .= "Phone Number: "; $Body .= $contact; $Body .= "\n\n"; $Body .= "Message: "; $Body .= $messagefield; $Body .= "\n"; $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>"); if ($success){ print ""; } else { print ""; } } Else { print ""; } function isvalidemail($email) { $exp = "^[a-z\'0-9]+([._-][a-z\'0-9]+)*@([a-z0-9]+([._-][a-z0-9]+))+$"; if(eregi($exp,$email)){ if(checkdnsrr(array_pop(explode("@",$email)),"MX")){ $output = true; } else { $output = false; } } else { $output = false; } Return $output; } ?>
The PHP script includes a required name, and the email address must have an "@" and a "." or error pages are called telling them that a name is required or that the email address is not valid.
Since launching this new script, not one spam email has been received! I am sure the spammers will eventually find a way to thwart this method in time, but it works perfectly for now without the annoying CAPTCHA text or dumb math questions.
Special Note: because of the PHP code included above for ease of "cut-and-paste" of the anti-spam code, this page will not validate with the W3C code validation tool located to the right of this box.
Professional Graphic Design and Custom Web Site Design & Development
Copyright © 2009 Graphic Connection of Lee's Summit, Missouri • All Rights Reserved
