Creating a spam trap (“honeypot”) in Engaging Networks

Recently, a client asked me for ideas on how to tackle spammers. One of their forms was being filled out by a spam bot, and the result was that they were getting a lot of useless supporter records coming through.

In the end, we came up with a solution that other Engaging Networks clients might want to try, too. So I’m blogging about it here.

In Engaging Networks, you can easily add a customised captcha to your form. However, our client in this instance was looking for something a little more subtle. So we borrowed an idea from our corporate site, and set up a hidden form field as a spam trap. I’ve heard this same sort of technique alternately called a “honeypot.”

The principle of the spam trap we created is that, although your human visitors load the page in their browser and fill in the fields that they can see, spambots behave differently. They often grab the HTML code of the page, fill in all the form fields they can find in the code (don’t want to miss any mandatory fields!) and submit.

We set up a form field that is invisible to human users, who will therefore never populate it. But the field is visible to spambots, which will populate it. This gives us a way to differentiate between human users and spambots. We also just added a custom validator to the form field; one that checks that it is still empty when the form is submitted. If the field isn’t left empty, then our software smells a rat (detects a spambot) and blocks the submission!

The client found that this solution stopped the spam submissions cold. And of course the human visitors didn’t even notice the change.

Problem solved!