I'm running a small marketing agency managing various client websites, and we're facing a frustrating issue. My client, a US manufacturer, keeps receiving inquiries through their contact form from people who ordered products from other companies but never received them. These individuals seem to be contacting us because of bad tracking numbers linked to another site, 17track.net. While we recently updated the captcha on our form to try and combat this, I'm looking for more effective solutions. My developer has also added a mandatory "Who are you" field, but I'm not comfortable with this requirement as it might discourage genuine inquiries. How can we handle this situation better without complicating the contact process?
3 Answers
You could try implementing Google reCAPTCHA if you haven't already. It really helps reduce spam inquiries by making sure that a real person is filling out the form.
Do you feel like these are mostly spam bots, or are they real people who are just confused? Nowadays, distinguishing between the two can be tricky because of AI's capabilities. If you think it's bots, definitely use reCAPTCHA and consider adding a honeypot field to trick them. I even wrote a blog post on this; it provides some decent tips on preventing spam in contact forms.
Thanks for the recommendation! I'll definitely check out your blog post.
We also tried a math problem, but I found it too complicated when paired with other tasks like identifying images, so I had him remove it.
Consider adding a CSRF token to your form. This way, you can validate requests and ensure that they’re coming from legitimate users. This is a useful method alongside your updated captcha.
We use Gravity Forms, and it apparently has a built-in CSRF feature already.
Actually, reCAPTCHA was there but wasn't fully implemented. It's up and running now!