Contact Form Validation – Options for Checking User Data
By Peter Boyd on November 8, 2016 in Web Design Tips and Tools
Contact forms are great, as they allow service businesses to receive information from potential clients any time of the day. Every business is a bit different, but for PaperStreet, for every phone call we receive for a new client, we receive about one form too. So it is a 1 to 1 ratio. Most of our clients are the same, too.
Since we have used contact forms for over 15 years now, we have experience with spam inquiries and how to prevent them. Here are ways to validate your form:
Required Fields
The first step in form validating is simply making sure that required fields are filled out. We always recommend that the name, phone and email be filled out. This will prevent general spam bots from hitting the form and sending blank emails.
Check User Input
The next step is to check user input. Often spam bots want links, so the easiest thing to do is prevent any link code from being put into any field. This could be HTML code, JavaScript code or anything that could be malicious. Simply run a query before you submit the form and if any suspicious HTML code is present, then stop the form and display an error. These type of validation checks stop almost all spam.
Honey Pot
Another awesome validation check is to put in extra form fields that are hidden from a real user on the page, but a bot would actually see them. If the bot sees the field it will most likely fill out that form field with information. Since you know the form field should not have anything, you can flag it as spam.
CAPTCHA
There are tools like CATPCHA to prevent more spam. CAPTCHA requires the user to repeat a set of letters/numbers before they click send. However, we do not recommend installing a CAPTCHA, as the are simply barriers to having legitimate users fill out the form. So CAPTCHAs have their place, but often they are overkill for most forms and hurt conversion rates.
Real Time Lookup
Finally, there are great tools and APIs that take the user input of name, email, or phone of the form and check that against a database of known information to see if they are real. These services require type to setup and integrate into your email process, but can prevent further spam and give you detailed information about your potential customer.
Phone Validation (in no particular order)
- http://pro.whitepages.com/lp/phone-validation-api/
- https://www.edq.com/phone-validation/
- https://www.twilio.com/lookup
- https://numverify.com/
- https://www.nexmo.com/products/verify/
- https://datafinder.com/api/overview
- https://www.fullcontact.com/developer/
- …and there are others. If you want your company listed, let us know.
Email Validation (in no particular order)
- http://www.briteverify.com/
- https://mailboxlayer.com/
- http://emailpie.com/
- https://documentation.mailgun.com/api-email-validation.html
- http://verify-email.org/
- http://www.xverify.com/email-verification-signup.html
- https://www.email-checker.com/
- https://kickbox.io/
- https://www.emailhippo.com/en-US
- https://neverbounce.com/
- https://datafinder.com/api/overview
- https://www.fullcontact.com/developer/
- …and there are others. If you want your company listed, let us know.
Conclusion
Finally, please note that no system is perfect. We recommend a layered approach and start with requiring fields and checking user input. Then install a honey pot, then CAPTCHA and finally, if spam is a big issue, do real-time lookups.
