“What in the world is going on with my contact form?” one of my customers recently asked me. She stated she was getting weird emails. I suspected it was email injection but after she forwarded me an example I knew we were dealing with comment spam.
Comment spam developed when spammers caught on to the fact that posting comments in blogs was another way for them to promote their websites. This is a vastly different activity from posting genuine comment to a pertinent blog. Comment spam happens when spammers post irrelevant comments with links to their sites. Typically the spammer’s site sells pharmaceuticals, porn or some equally unwholesome product.
Again the spammers are very smart and efficient. They often use automated programs to propagate their comment spam. And sometimes these automated programs can’t tell the difference between regular contact forms and blog comment forms. That leads to people, like my customer, getting comment spam from her contact form.
So what to do? One way is to use a CAPTCHA. (That stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”.) I’m sure you’ve seen these. CAPTCHA code asks you to look at some distorted text and type the letters into a form field. While looking at the distorted images is a pain the idea is that the spam programs WON’T be able to pass this test. Thusly your form is protected from comment spam.