I've used the following method to reduce spam entries in the past. It works by ensuring that any data posted to the form processor has come from the form on my website, and not directly from another package.
- user visits your form page and a token is created with a fixed expiry time and placed in a hidden form field
- user submits the form. the form processor checks if the token field is present, valid and still in time (how this is done depends on your language but session handling functions are a big help here)
- if the token passes the checks above the rest of the form is processed.
This may not remove all your spam but should help to reduce it, with the added advantage of no extra fields for your visitors
Mike
|