![](https://m.bbb.org/terminuscontent/dist/img/jumbotron/News2-min__1440w.jpg?tx=w_1905)
BBB Business Tip: How to spot and prevent contact form spam
![](https://m.bbb.org/prod/corecmsimages/2022/38a5fdf2-5e17-483c-a374-3f70698f73aa.jpg?tx=w_763)
(Getty Images)
The contact form on your website allows your customers to get in touch, but it also enables spammers to flood your inbox. These messages come from fake people, sometimes feature abusive or obscene language, and can even contain malicious links that put your personal information, your website, and your contact lists at risk. Plus, this spam buries legitimate inquiries and slows you down when trying to follow up with genuine leads.
BBB recommends the following tips to help you reduce the amount of contact form spam you receive and stay safe while dealing with it.
Tips for dealing with contact form spam
- Build a multi-step form. Multi-step forms require users to answer questions one at a time. Because they don’t display all fields at once, they are harder for bots to attack. Manual spammers are less likely to want to spend time filling out fields one at a time too.
- Use a reCAPTCHA form. reCAPTCHA forms work together with your contact forms and ask users to prove they are human. They are easy for website visitors to use and will block any spam coming from bots. There are a few different versions, so choose the one you think your customers will feel most comfortable using.
- Use an invisible reCAPTCHA. Sometimes called a “No CAPTCHA,” these forms are invisible to real human visitors. No CAPTCHAs are an invisible reCAPTCHA form that only appears if a visitor displays suspicious behavior on your website – for example, if they arrive directly to your contact form page, without looking at any other pages on your website, and try to fill out the form.
- Trick spammers with hidden fields. Honeypots are bits of code that display additional fields that only a spambot can see. The bot will automatically fill out all fields, giving themselves away as spammers. The extra information gets flagged, and their message won’t make it to your inbox.
- Implement geo-fencing. If it makes sense for your business, you can restrict access to your forms based on a person’s physical location. For example, this might be a good solution if you are a small business offering service only to a limited area. It can help you focus on relevant leads and cut down on spam messages.
- Disallow links. You can set your contact forms to not allow links. This is especially useful if you have a comment section where spammers love to leave unauthorized links.
- Confirm email addresses. You can also reduce spam by making users confirm their email addresses. They receive an email as soon as they submit a form asking them to confirm their address. Bots won’t usually complete this extra step, nor will a manual spammer using a fake email address.
- Be cautious, even when a message seems legitimate. Even if you’ve taken precautions to filter spam, exercise caution with unsolicited messages. Never click on a link if you don’t know where it leads. In addition, keep your eyes peeled for common spam messages, which often encourage you to get involved in an investment scheme, take steps to increase your web traffic, or purchase a miracle product.
For more information
Visit your BBB business scam headquarters at BBB.org/BizScams to stay informed about the latest business scams. Read about the top 10 scams targeting small businesses.
If you’ve been the victim of a contact form scam or any other scam, report it at BBB.org/ScamTracker.
Still Need Assistance?
Contact Your Local BBB
Your local Better Business Bureau can assist you with finding businesses you can trust. Start With Trust®.
Additional Resources
Central Ohio BBB Business Podcast