How to reduce spam messages sent via Magento contact form without using Captchas

(Last Updated On: 24. August 2018)

A lot of my clients complain about the fact that they receive lots of spam messages via the Magento contact and review forms.

Basically in most of these cases I recommend using professional services like Akismet and an appropriate Magento extension which effectively reduce the amount of spam messages to a minimum. (I don’t want to mention Captchas because I do not want to loose potential customers;-)

But there are also some simple code modifications that can easily be made in a couple of hours by yourself, e.g. for the contact form:

  • Add “validate-alpha” class to the “name” field as well as Zend_Validate(.., ‘Alpha’) in the contacts controller
  • Use an extension like Magento Honeypot to add a hidden field (Magento does this already but it can be easily detected as “honeypot” for bots)
  • Track the time between rendering the page and submitting the form and add some threshold checks
  • Block certain IP addresses/user agents
  • Implement a black list of words that are typically used in spam messages

Of course generally its a game of cat and mouse because spam bots learn with each form and get better and better. Thats why – depending on your amount of spam – using professional services may make sense.