The bots are attacking! How to make your contact form secure.
Back to list of articlesContact forms are undoubtedly one of the most efficient ways of building a newsletter database. Thanks to the ability of setting the capping, i.e. the limit on the number of times a unique user is shown specific content, using an interesting graphic design or adding information on a tempting discount by way of thanking for the subscription, the contact form has become a regular feature of most websites. The form can either be a permanent element of the website or a suddenly appearing pop-up.
Email bombing
Unfortunately, such a commonly used solution as the contact form sooner or later had to draw the attention of those Internet users who in various ways strive to make the life of marketers a misery. One such activity is email bombing. What exactly does it mean? Spam bots are malicious programs which try to reproduce human actions and record email addresses in huge numbers through contact forms.
Consequently, the owner of an address under attack often receives thousands of emails confirming the subscription to newsletters he had no idea existed.
It goes without saying that such an attack can paralyse the use of the mailbox. Moreover, if a company uses the “single opt-in” model, i.e. one that does not employ confirmation messages containing a link and the addresses are immediately listed, there is a risk of sending a campaign to recipients who have not agreed to receive correspondence from you, but have fallen victim to an audacious attack.
In this way you send unsolicited correspondence, or simply put, spam, which exposes you to potential problems.
How not to give in to spam bots?
Fortunately, modern email marketing tools provide safeguards which you can use to minimise the risk of email bombing. If you take advantage of a FreshMail contact form, you will have absolutely nothing to worry about. We have secured all forms created by our Form Creator with the so-called reCAPTCHA system – a solution created by Google.
It is worth mentioning that reCAPTCHA verifies the identity of a user by evaluating the user's activity on the website. If the algorithm evaluates the user's behaviour on the website as that which can be attributed to a human, it is enough to mark the “I'm not a robot” checkbox. In the event of any uncertainties, the user will be presented with a graphic task, which humans, unlike spam bots, can solve without any problems.
The entire task is generated automatically. In this case, we are not talking about the annoying necessity of reading unpixellated phrases, which often must be entered several times. This practice is known as the CAPTCHA solution, which is gradually being dispensed with. Below you can see an example of how reCAPTCHA works.
Since bots are unable to solve this task correctly, they cannot add email addresses to your subscribers list.
How do I create a secure contact form in FreshMail?
It's really simple! Log in to our application and hover your cursor over the Library tab. Now select Forms from the menu. Here you will see thumbnails of the forms created by us, which you can edit and adapt to your use. You can also create a form completely from scratch by clicking Create new.
You will find detailed information on how to create your own FreshMail form in our manual: How to use the Form Creator.
Watch this 1-minute video which explains how to use the Form Creator.
How to implement the reCaPTCHA in a form created outside of FreshMail?
What can you do if you have a form created outside of FreshMail which lacks the reCAPTCHA safeguard? It is best if you contact the creator of your website. In most cases, it should be very easy to add to the suitable JavaScript fragment that launches the system to your source code. Before using reCAPTCHA, you must generate security keys from this website: https://www.google.com/recaptcha/.
Remember that Google continues to optimise its solution, providing it with increased effectiveness.
Alternative methods of securing your contact form
The reCAPTCHA system is only one of many ways of making your contact form more secure. As spam bots do not process JavaScript, you can use this fact to cleverly conceal an additional window in the form. The script will prevent the subscriber from being shown a specific window in the form, making it impossible to complete it.
Also, the bot will analyse only the static part of the site, and because of its inability to detect the use of JavaScript, it will complete every field at once. If the hidden field is completed, the form will not record the email address in the subscription list. This simple and effective solution provides you with a peace of mind that no accidental email addresses are added to your list. FreshMail allows you to create this solution using its built-in HTML creator – FreshMail Designer.
An even more advanced option is to add a time limit for the completion of the form. This solution is based on the assumption that spam bots are incredibly fast. They aim to automate entries on the largest possible scale. Therefore, it is safe to say that bots make entries much faster than any human. How can this fact help you?
Set a reasonable minimum time for completing the form, to determine whether the content is the result of the actions of a program or a subscriber. As previously, JavaScript can provide us with assistance, as you can use it to specify the minimum time needed to complete all the fields. If the completion time is too short, the form will simply refuse to work correctly.