1

I recently launched a new website, and in it, used the form code given to me from Salesforce.com so the form results go into that system. Here is the code:

<form action="https://www.salesforce.com/servlet.WebToLead?encoding=UTF-8" method="POST">
  <div id="email_signup"> 
    <input type=hidden name="oid" value="00000000000000">
    <input type=hidden name="retURL" value="http://www.example.com/thank-you">                                 
    <input type="text" name="email" id="input_newsletter_email" maxlength="80" style="display:none;"/> 
    <label for="first_name">First Name</label>
        <input  id="first_name" maxlength="40" name="first_name" size="20" type="text" /><br>
    <label for="last_name">Last Name</label>
        <input  id="last_name" maxlength="80" name="last_name" size="20" type="text" /><br>
    <label for="company">Company</label>
        <input  id="company" maxlength="40" name="company" size="20" type="text" /><br>
    <label for="email">Email</label>
        <input  id="email" maxlength="80" name="email" size="20" type="email" required /><br>
    <label for="phone">Phone</label>
        <input  id="phone" maxlength="40" name="phone" size="20" type="phone" /><br>
  </div>
</form>

We've been getting some spam signups like " Company: nxlhfzxg, Lead Name: rnsoniinqe rnsoniinqe"

There doesn't seem to be any purpose to these, but they are coming in frequently.

I added in the required attribute to email because I thought that might help, but it didn't. They just started inputting random emails.

Do you know:

  1. Why this would happen
  2. What I can do to prevent it? Is Wufoo a good choice?

Thanks!

Perception
  • 79,279
  • 19
  • 185
  • 195
Syren
  • 1,961
  • 2
  • 15
  • 19
  • 3
    Have you considered adding a captcha? – Undefined Mar 13 '13 at 18:22
  • Yeah, but I'd like to see if there are any other options as well. We are just a small company and this is basically a contact form, so I don't want to encumber the lead generation process if I can help it. – Syren Mar 13 '13 at 18:25
  • 2
    Since you're a small company, why not use some javascript to make the user do a basic math problem. It would be much simpler then implementing the captcha and a lot less of a nuisance for the sender – npage Mar 13 '13 at 19:25

2 Answers2

2

This happens because it is trivial to write a script that submits this type of form.

What can you do:

1) Implement CAPTCHA
2) Implement a question a human can easily answer: i.e. what is the color of the sky
3) Use a simple email regex checker( just validate that it has an @ and a .), this stops a surprising number of these requests.

Woot4Moo
  • 23,987
  • 16
  • 94
  • 151
  • Make sure the question is sufficiently random so that the script doesn't get the same question more than once – Freedom_Ben Mar 13 '13 at 21:31
  • @Freedom_Ben right where sufficient is some arbitrary boundary for what your application needs, so yes I agree. – Woot4Moo Mar 13 '13 at 21:32
0

You may also want to screen IPs from spammers using some of the known spam lists. When someone spams you, add their IP to the list.

Freedom_Ben
  • 11,247
  • 10
  • 69
  • 89