Quasi-Journalism

Thoughts & Commentary, Jotted Down

Blocking Contact Form Spam

A DIY Approach, That Works


After setting up a totally barebones, super simple contact form, before the website was even officially published, the contact form had become inundated with spam.

This was unacceptable, especially in 2024. Rather than merely complaining about it, I took a note out of Jacque Fresco's book, and sought out to create a working alternative to the issue of contact form spam. Inundate my inbox, ye shall not.

First, we take a look at why spam filters are important, before looking at how the contact form was initially set up, then look at why spam opened a can of whoop-ass through it, before presenting a relatively straight-forward solution that should help put an end to the contact form spam, along with a guided view on how you can use any of the resources I put up on Github, for your own contact form spam filter.

Why Spam Filtering Matters

Spam not only clutters inboxes but also poses security risks and wastes resources. For small to medium-sized websites, implementing a sophisticated anti-spam system might seem like overkill or beyond budget. Here, VirtualJester's tool offers a lightweight, customizable solution.

Initial Set-up

The barebones contact form that was intially being used, was aimed at purely allowing people to submit their name, email address, and a message. Previously I had used this form for gathering data for mailing lists and replying to people that filled out the form.

Jump forward to 2024, and we're in a new age of bots and AI, and while some kind of defense mechanism was once a nice to have, due to the more recent aggresive nature of the spam, it feels mandatory to have one now, even for a brand new domain, with no visitors, and an email address specifically set up for just that contact form.

What Spam Did I Get?

A number of emails started coming through via the form, in mulitple languages, all with the same email address. The contact names used in the emails did vary though. Here you can see a small sample of these introductory spam emails:

spam email example

The emails were in English, Italian, Russian, Hindi, Spanish, and so forth.

The names used in these variations were from Tedfug and Robertfug.

The emaill address used in all of them was kayleighbpsteamship@gmail.com.

One email that stood out above the others, was an English email:

spam email example
The Basics of VirtualJester's Contact Form Spam Filter

Purpose: Designed for simple contact forms, this tool uses lists to recognize and filter out spam submissions.

Components: The filter uses separate lists for names, emails, and messages, facilitating targeted updates.

Implementation: Easy to integrate into existing contact forms, it checks submissions against the lists and directs spam to a success page, mimicking a legitimate submission for security.

How It Works

Customizable Blacklists: Maintain and update lists of known spam entries. This dynamic approach ensures the tool remains relevant against evolving spam tactics.

Multi-Check Strategy: For accuracy, it's recommended to check at least two fields (e.g., Name and Email) to reduce false positives.

Pros & Cons
Pros

  • Simple setup and customization.
  • Effective for low to medium traffic sites.
  • Educates users on basic spam filtering techniques.
Cons

  • May not be robust enough for high-traffic or heavily targeted sites.
  • Requires manual updates to the lists.
Enhancements and Future Development

The repository hints at future expansions into a full PHP solution, potentially including advanced features like honeypots. This suggests a pathway towards more sophisticated spam management while retaining the essence of user customizability.

Community Feedback and Usage

While specific user feedback isn't detailed, the approach resonates with the DIY ethos of many developers and site owners looking for cost-effective solutions. The tool's simplicity aligns with user expectations for straightforward, effective tools.

Conclusion

In the digital age, contact forms on websites serve as a primary touchpoint for user interaction. However, with the ease of access comes the challenge of spam. This article delves into a practical solution I've provided on the GitHub repository "contact-form-spam-filter", offering insights on its setup, effectiveness, and potential enhancements.

VirtualJester's contact form spam filter on GitHub is a testament to how open-source solutions can address common web development challenges like spam. For those starting or maintaining websites with basic contact forms, this tool offers a practical, hands-on approach to manage spam efficiently. However, as your website grows or faces more sophisticated spam attacks, considering additional or more advanced filtering solutions might become necessary.

Call to Action

Interested in implementing or enhancing your spam filter? Dive into the GitHub repository, explore the code, and customize it to fit your needs. Remember, in the fight against spam, every bit of proactive defense counts.

This article provides a comprehensive view of the spam filter, aiming to educate and guide readers on implementing or understanding similar tools, while also encouraging them to explore the GitHub repository for hands-on learning and application.

ewaste the need to get a confirmation email something has happened. shows mistrust of computers in general. Humans are very needy. the need to have double passowrds and 2fa
mask pollution how are they made where are they made how much money has been made from masks what is the government doing to clean up this pollution
Microsoft Always Snapshotting Security Issue Password fields have seen a surge in incorparting a reveal button, especially in the last few years, making it almost an unwritten standard. As someone who prefers to not reveal passwords, rather than deleting a complex password of 27 characters just to change the last one you entered incorrectly, I've fallen victim to clicking the reveal button to fix a simple mistake too. While we could debate the security of revealing a password to those around and able to see the screen, or delve into how advanced security cameras are able to zoom in and see what you type, these issues are far less of blaring issue than the use of Microsoft's new "Snap everything" that has been so valianlty regailed by Sandeep. The issue lies in how Microsoft want to force all Windows machines, [percentage worldwide number] of computers in use, to constantly screenshot everything you're doing, to allow their AI to help you in some beneficial way. Let's be honest, the snapshots are merely using your data to train their models, where your data, as the paying customer, is benefiting their pockets. Again, while not here to discuss the ethics of paying customers being the double bled victims, we can't help but scream and shout at our screens like some Charlie from It's Always Sunny on Philly having an 'uh-huh' moment. Microsfot have the ability to screengrab your revealed passwords through the use of their constant screengrabbing software. If we are to believe Microsoft won't use any of the data it records from screen grabs, that means we are to believe: - No human will look at the screenshots. Practically impossible in setting up training models for AI - [LINK TO SOURCE of how AI are trained] - Screenshots won't be leaked online [Microsfot data/hacks leaks links] - AI models won't Flip side is to never use the reveal password feature. However this would be unrealistic and expect everyone who uses a Windows machine to know not to click this reveal button on all password fields. If used ethically, it means Microsoft could let their AI prefill out forms for you, and considering how many people already trust password managers that have been proven to be hacked, countless times, the apathy would merely continue and any warning would fall on deaf ears. Potential solutions include the ability to intercept web packets and if a password field is found, to stop recording screenshots until a following packet is retrieved that confirmed login. However, there are issues around this for both Microsoft and the users, as if you The trouble with implementing any solution comes from Microsoft being closed source software. While they have shown to be promoting open source software and funding it, at the end of the day, users won't be able to verify if their code actually does do as they say it does.