Contact Form Validation – Options for Checking User Data

Services: Law Firm Website Design . SEO . Internet Marketing . Law Firm Marketing Guide . Content Marketing . PPC

Contact forms are great, as they allow service businesses to receive information from potential clients any time of the day. Every business is a bit different, but for PaperStreet, for every phone call we receive for a new client, we receive about one form too. So it is a 1 to 1 ratio. Most of our clients are the same, too.

Since we have used contact forms for over 15 years now, we have experience with spam inquiries and how to prevent them. Here are ways to validate your form:

Required Fields

The first step in form validating is simply making sure that required fields are filled out. We always recommend that the name, phone and email be filled out. This will prevent general spam bots from hitting the form and sending blank emails.

Check User Input

The next step is to check user input. Often spam bots want links, so the easiest thing to do is prevent any link code from being put into any field. This could be HTML code, JavaScript code or anything that could be malicious. Simply run a query before you submit the form and if any suspicious HTML code is present, then stop the form and display an error. These type of validation checks stop almost all spam.

Honey Pot

Another awesome validation check is to put in extra form fields that are hidden from a real user on the page, but a bot would actually see them. If the bot sees the field it will most likely fill out that form field with information.   Since you know the form field should not have anything, you can flag it as spam.


There are tools like CATPCHA to prevent more spam.  CAPTCHA requires the user to repeat a set of letters/numbers before they click send.  However, we do not recommend installing a CAPTCHA, as the are simply barriers to having legitimate users fill out the form.  So CAPTCHAs have their place, but often they are overkill for most forms and hurt conversion rates.

Real Time Lookup

Finally, there are great tools and APIs that take the user input of name, email, or phone of the form and check that against a database of known information to see if they are real.  These services require type to setup and integrate into your email process, but can prevent further spam and give you detailed information about your potential customer.

 Phone Validation (in no particular order)

Email Validation (in no particular order)


Finally, please note that no system is perfect. We recommend a layered approach and start with requiring fields and checking user input. Then install a honey pot, then CAPTCHA and finally, if spam is a big issue, do real-time lookups.

Related Posts

Ready to Take Your Website to the Next Level? Great Ideas & Results Only a Phone Call Away

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

Let's get started.

One Response to Contact Form Validation – Options for Checking User Data

  1. Jeff McGraw
    4:21 pm on January 10th, 2017

    Hi Peter,

    Firstly, thank you for listing your methods in use for checking user data. A couple of them will surely be valuable to me in the near future.

    Your method of validating the email addresses has been my best approach so far to cut down on all bots and most spam. I currently use a combination of https://www.emailverifierapi.com/ and http://www.bulkemailchecker.com/ . I have received great results with both, just wondering why they are not included in your list of Email Validation services?

    Thanks Again,

Leave a Reply

Your email address will not be published.