How To Fend Off Spam Attacks On Your Website

Spam is a problem, and, if you’ve got a website, then sooner or later it will become your problem – if it’s not already.

It’s one of the most common forms of cyber attack, and can be a real nuisance to anyone with either an email address or website – which is pretty much everyone these days.

There is a worrying attitude towards spam. It seems that because it’s so common, people don’t tend to take it seriously. It’s not identity theft, credit card fraud or an actual ‘hack’ as such, so it can’t do any real damage, right?


Despite its rather rascally sounding name, if your website or email gets overcome by a spam attack, then that’s actually quite bad news and will need to be dealt with promptly.

What Is Spam Exactly?

To use’s definition:

“Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send – most of the costs are paid for by the recipient or the carriers rather than by the sender.”

Put simply, spam is the internet’s equivalent of junk mail. Some people define it very broadly as being any type of unsolicited message or comment, though normally when we talk about spam we are talking about large-scale bombardments.

How Is My Website Susceptible To Spam?

Most spam attacks tend to target email addresses – but there are certain ‘entry points’ on your website that will also be vulnerable to spam attacks as well. These are, generally speaking, your comments section and any forms that you have.

What Will Happen If I Succumb To A Spam Attack?

The main goal of spammers is to get onto your server. From there they can send out new spam attacks to any amount of email addresses and websites. If this happens then what you will quickly find is that the server on which your website is hosted will become blacklisted, meaning that no one will be able find your site on Google and any emails you send or receive will not be delivered.

This doesn’t bother the spammers, of course, because, by the time your server is blacklisted, they’ve already done the damage and moved on.

Defending Against Spam – Two Techniques

  1. The Honeypot Technique

One of the most favoured forms of spam prevention is known as the Honeypot Technique, and the reason why it’s so popular is that it does not in any way interfere with your real users’ experiences of your site. Let me explain…

If you’ve got a form on your website, then you will want as many visitors as possible to fill it out. But, what you don’t want is a load of spam bots filling in the details and providing you with bogus data, skewing your metrics and possibly gaining access to your server.

The Honeypot Technique is a rather genius and invisible way of filtering these spam bots out without impinging upon the user – in fact, real visitors to your site won’t even realise that you’re using it.

It works by adding an invisible form field to the form in question on your site. Humans won’t fill out the invisible form field because they can’t see it. But when a spam bot encounters a form, it will automatically fill out every field it comes across – including the invisible ones, and will thusly alert you and your system that the submission can be treated as spam.


To implement the Honeypot Technique, you will need to enter a CSS rule that will look something like this:

The Captcha Technique

Captcha stands for “completely automated public Turing test to tell computers and humans apart”.

You will no doubt have come across a Captcha at some point in your browsing history. They are basically challenge texts and look something like this:

Spam bots can read text (i.e. html markup), but they have more trouble deciphering images, and Captchas are normally presented as an obscured image. It’s quite clever, really.

If you’re a human then it’s presumed that you can beat the challenge of a Captcha, and if you succeed you will be granted access to whatever it is that you are trying to do on a particular site.

Spam bots, on the other hand, will just fill in the field with their usual spammy junk and be denied access.

Challenge Question

There is also another captcha-style option, which is presented as a question rather than an obscured image.

For instance, the question might be – “What colour is an orange?” Now, clever humans can answer this quite easily, but spam bots won’t be able to, so again they will be denied access.

Using any one of these techniques will significantly reduce your website’s vulnerability to spam attacks. The Honeypot Technique is the probably the best one, as it does not interfere with user experience (UX), whereas Captchas inevitably require your users to do something, which can increase your bounce rate.


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *