Saturday, December 16, 2006

How to stop signup form spam

Several clients have recently reported that they are getting a lot of fake information submitted to their JangoMail Group signup forms on their web sites. These automatic submissions are done by web form robots. For more information about this problem, Google "form spam".

We have come up with a solution that will eliminate most signup form spam. The FORM tag generated by the "Signup Form Generator" looks like:

action = "" method = "POST"
name="J3998964" id="J3998964">

Modifying this to:

<form enctype="multipart/form-data"
action = "" method = "POST"
name="J3998964" id="J3998964">

will fix the issue of form spam, because by setting the form's encoding method, this will cause most robotic spam form submissions to fail because they will submit the form with the WRONG encoding type. Note the differences:

1. The addition of enctype="multipart/form-data" to the FORM tag.
2. Changing PGSF2.asp to PGSF2ENC.asp

Only use this method if your existing form's ACTION tag is set to PGSF2.asp. If your form's ACTION tag uses a different file, then you must re-create the signup form using the "Signup Form Generator" under the "Groups and Email Addresses" section, and then apply this method.