I've been learning and experimenting with NodeJS, and the project I'm using is to port a homemade content management system (CMS) written using the Linux/Apache/MySQL/PHP combination. One of the areas I am trying to update is protecting against spam on a contact form. The NodeJS version is based upon Linux/Mongo/Nginx/Javascript (why Mongo? because I wanted to learn how to work with it!)

I have a server side check that helps to reduce spam by assigning a unique ID to each form downloaded and having that ID entered into the database along with a pointer to the form handler. Each form ID can only be used once, and if a form requires such an ID and no ID is present - then no form handler is called for. (This also helps to secure access to the system through other forms such as administrative functions.)

I understand there are more checks I could use server side and would love to hear about those, but I also want to focus right now on the client side. Do folks have any suggestions for captcha-less forms that are resistant to spamming?

3 Weeks
Discussion Span
Last Post by Damhart

There are many ideas to combat form spam.

If it's just a contact from you to them email entry, then they get emails from you and your email management handles duplicates and failed attempts.

I think you're using the right words by asking for spam resistant as there is nothing spam proof. Something will get through and for that you have to think about adding code/rules for those.

For example my country has strict rules about dealing with some countries so a simple rule would be to exclude by IP or email domain those countries.


Agree with this, excluding certain countries works quite well to eliminate a large percentage of spam.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.