Published: 21/04/2020

Form Spam

Form spam is the submitting unwanted content into website forms by bad actors.

Spammers typically harness automated bot traffic to generate profit via phishing messages or advertising links.

The effects of a form spamming attack can be significant and wide-ranging, with perpetrators planting malicious messages in various guises on forms across all industries and geographies.

Entire forums, jobs boards and advertising platforms can be overrun by spam comments, that can ultimately slow down a website due to the sheer volume of traffic or cause real users to lose confidence in the quality of the website.

How to prevent form spam

Form spam can be prevented using CAPTCHA and sophisticated bot management technology, that quickly and accurately detects automated bad bot traffic. However, by learning what ordinary traffic looks like, you are equipped to quickly and accurately detect anomalies and block bad bots.

Collaborate with an expert bot management vendor that specialises in analysing intent and identifying patterns in user behaviour to ensure you understand what constitutes normal in the unique context of your traffic environment.

How to detect form spam

Analysing and classifying the various types of form spam is an ongoing process, as spammers use many different methods to bypass security. A good bot management technology vendor will constantly seek out new tools that improve detection rates and adapt their service to protect your website from evolving threats.

Ensure you work with a partner who has experience in identifying anonymizer techniques designed to make traffic appear legitimate, or IP ranges used by perpetrators that look like duplicates but are not.

Ultimately, bot management vendors should ensure they instantly detect and block any automated spam traffic that could affect your business. To do so effectively requires a thorough understanding of intent and patterns in user behaviour, which can only be achieved through constant adaptation and service improvement.

Frequently asked questions about form spam

How can form spammers bypass CAPTCHA?

CAPTCHAs are not entirely secure, many techniques have been developed to obfuscate CAPTCHAs including reCAPTCHA which has since removed its generic application and now requires human testers to solve reCAPTCHAs. Some spammers also use automated voice recognition software to decipher text in CAPTCHA images, whilst others have access to large numbers of email addresses that can be used to test security with a single click of the mouse.

Some spammers also use cookies to submit spam or exploit other loopholes such as cross-site scripting vulnerabilities, so ensure all plugins are kept up-to-date and only install them from trusted sources.

What is the best way to combat form spam?

It’s important to train your staff to spot suspicious forms, it may be as simple as watching for abnormal spelling or grammar in submission messages. It’s also advisable to have a clear anti-spam policy on your website that ensures customers know what you do with their details when they provide them.

Additionally, contacting hosting providers and having them monitor server logs for malicious activity can help protect your website from spam.

How does form spam affect my business?

A common form of spam is to share phishing links that appear to be coming from a trusted source or business. Phishing messages can often relay malware or compromise personal information stored on your server, potentially leading to the theft of customer details.

It’s important to note that spam comments can also affect SEO and cause traffic drops if they overwhelm website pages. Potential customers may also become frustrated with receiving replies from fake profiles, leading them to believe real people are ignoring their queries when this could not be further from the truth.

Schedule Your Demo

Tired of your website being exploited by malicious malware and bots?

We can help

Subscribe and stay updated

Insightful articles, data-driven research, and more cyber security focussed content to your inbox every week.


By registering, you confirm that you agree to Netacea's privacy policy.