Forms are the ultimate garbage collector. Hackers, spammers and just plain mean people run little programs called bots which look for forms on the internet. When they find one, the bot fills in the forms with all sorts of gibberish. If you are lucky, the gibberish does nothing more than annoy you when you hit “delete” in your email inbox. If you aren’t lucky, it may allow access to your site or put a virus on your computer.
The First Line of Defense is Email Validation.
Form validation is a method of looking at each piece of information submitted in a form and ensuring that the information makes sense for what you are asking. In this article we cover email validation, however email validation isn’t just a part of your anti-spam arsenal; it is smart business practice. If you don’t get a good address from a potential customer, how are you going to contact them back?
Emails are always going to be in the format firstname.lastname@example.org. A basic validator will look at the email that is being submitted and make sure there is an “@” symbol and a period. A better validator will check that only letters and numbers are used before the period and only letters after the period.
Unfortunately, hackers, spammers and mean people know what email addresses look like too and can tell their bots to look for the word “email” and put a fake or spammy email in the closest input box. Because the submitted email fits the model of what emails look like it will pass through fine.
Superior Email Validation
Superior email validators will not only check the format of the input, but will perform two more functions:
- Check the domain against a list of known disposable email address services, and
- Attempt to contact the server where that email address lives. Only it the server pings back that the email address exists will the email pass validation.
Email Validation is Only the Beginning
Email validation is only going to catch a small percentage of spammers. You really want to validate all of the fields in your form as well as add other features like captchas or honeypots. I’ll talk about them in another post, but for now your take-away is that email validation and other features all work in unison to eliminate as much form spam as possible. While email validation won’t solve all of your spam headaches, it is a good place to start