Contact Form Validation – Options for Checking User Data

A white, rounded square logo with an abstract S-shaped design on a gradient blue and purple background.

Contact forms are great, as they allow service businesses to receive information from potential clients any time of the day. Every business is a bit different, but for PaperStreet, for every phone call we receive for a new client, we receive about one form too. So it is a 1 to 1 ratio. Most of our clients are the same, too.

Since we have used contact forms for over 15 years now, we have experience with spam inquiries and how to prevent them. Here are ways to validate your form:

Required Fields

The first step in form validating is simply making sure that required fields are filled out. We always recommend that the name, phone and email be filled out. This will prevent general spam bots from hitting the form and sending blank emails.

Check User Input

The next step is to check user input. Often spam bots want links, so the easiest thing to do is prevent any link code from being put into any field. This could be HTML code, JavaScript code or anything that could be malicious. Simply run a query before you submit the form and if any suspicious HTML code is present, then stop the form and display an error. These type of validation checks stop almost all spam.

Honey Pot

Another awesome validation check is to put in extra form fields that are hidden from a real user on the page, but a bot would actually see them. If the bot sees the field it will most likely fill out that form field with information.   Since you know the form field should not have anything, you can flag it as spam.


There are tools like CATPCHA to prevent more spam.  CAPTCHA requires the user to repeat a set of letters/numbers before they click send.  However, we do not recommend installing a CAPTCHA, as the are simply barriers to having legitimate users fill out the form.  So CAPTCHAs have their place, but often they are overkill for most forms and hurt conversion rates.

Real Time Lookup

Finally, there are great tools and APIs that take the user input of name, email, or phone of the form and check that against a database of known information to see if they are real.  These services require type to setup and integrate into your email process, but can prevent further spam and give you detailed information about your potential customer.

 Phone Validation (in no particular order)

Email Validation (in no particular order)


Finally, please note that no system is perfect. We recommend a layered approach and start with requiring fields and checking user input. Then install a honey pot, then CAPTCHA and finally, if spam is a big issue, do real-time lookups.

Share This

Join the Sales and Marketing News, receive our last insights, tips and best practices.

Our 7 Guarantees

Keeping 2,000+ Clients Happy Since 2001.

You Will Love Your Design We design to please you and your clients
Same-Day Support 24-hour turnaround edits during business hours
Free Education We provide knowledge to help you expand
No Hidden Charges We quote flat-rate projects
Own Your Site No strings attached
We Create Results SEO, PPC, content + design = clients
We Make Life Easier One agency for web, branding and marketing