Spam: 4 Methods to Fight Against It

September 26, 2018
Share on facebook
Share on twitter
Share on linkedin

Get the best of
The Daily Bundle in your inbox every week

Methods To Fight Spam

Get the best of The Daily Bundle in your inbox every week

If you own a website you know this: Spam is a true nightmare. Long gone are the days when only big sites were targeted with spam related to its services or products in an attempt to draw their customers. Nowadays, spambots will indiscriminately target any site regardless of its size, reach, or content. There are abundant countermeasures and security techniques to stop spam but they all present a question for site owners: “How much of my UX am I willing to sacrifice to stop spam?

As anti-spam techniques advance and evolve, so do spam methods, which has been so far a never-ending race between the two. You can easily make your site bulletproof by combining different methods but this will tear to shreds your user experience, making the navigation and interaction through your site hard, distracting or time-consuming, thus affecting your key metrics and conversion rate. This means that your approach should be carefully designed based on your optimal tradeoff between UX and anti-spam measures, and that’s why it’s often best to have a team of experts set-up and maintain your defenses. This list shows some of the spam solutions that BairesDev offers to its clients.


CSFR Protection

One of the staple options, Cross-Site Request Forgery is a common security issue in any site that exposes you to threats other than just spam. Protecting from it allows you to stay safe and stop a big percentage of automated spam. The main way to do so is to store a unique ID in the PHP session for a user. The ID is then placed as a hidden form field when that user is presented with a submission form. Then, your server checks that the ID in the session’s copy matches the one in the form. This ensures that the form has actually loaded in order to retrieve the correct hidden field value.


The Honeypot

This interestingly named technique consists of luring a bot into a sort of “code trap” which will reveal it as a spambot. You do this by including a separate field in your HTML form that simulates a real field and hide it with CSS. This way, a human won’t be able to see the field or fill it, but a script will most likely fill it out, as they’re programmed to fill every field possible, which will give it away.

There are some collateral aspects with this technique, however. Some advanced bots can detect lines such as “display: none” and recognize the trap. Other complications involve actual users filling out the hidden field, which can happen if someone has an outdated browser or a browser with CSS turned off; although extremely rare, these users would probably fill out the field leading you to the mistake of labeling them as bots.


Session Tokens

Through the use of cookies, you can set session tokens each time a customer visits your website. As most bots don’t set cookies, or just arrive directly at the forms, the token would be a sort of “entry ticket” that only humans can retrieve and use to fill out your forms. There is, as always, a setback, and it’s that users that enter directly to the form link or have it bookmarked won’t generate a token and won’t be able to submit the form. This is another reason to monitor your audience and choose the method according to their behavior and the type of forms you present.


IP Address Filter

A very efficient method that poses no risk for your users is the collection of IP addresses to generate a filter. If you receive many submissions from the same IP address, you can discard it as a spambot. The shortcoming of this method is that it will only block spambots after they’ve submitted a few times, which makes it a great resource against strong spikes of activity but not against casual or continuous spam. Once again, it all comes down to the type of activity you receive.


A Spam-Proof Site

Anti-spam techniques come in many shapes and forms; these are just some of the ones our engineers recommend the most. Each technique has its weak points and disadvantages, which is why having an expert team studying your case and applying a combination of solutions is the ideal scenario. There’s no silver bullet against spam. At BairesDev we treat spam like any other cybersecurity issue, and we encourage you to do the same.

Notify of
Inline Feedbacks
View all comments

How useful was this post?

Click on a star to rate it!

Please enter a valid E-mail address.

Contact Us

How can we help you?

  • This field is for validation purposes and should be left unchanged.
Scroll to Top

Get in Touch

Jump-start your Business with the
Top 1% of IT Talent.

Need us to sign a non-disclosure agreement first? Please email us at [email protected].


By continuing to use this site, you agree to our cookie policy.