Basically, form spam is when unwanted and malicious messages come through websites’ form usually, without letting the users know about it.
Once you have developed an application, it is a matter of time that you tackle a spam bot. If you want to prevent form spam, you should make it more difficult for spam bot to make it through your form.
There are some of the ways you can reach out if you want to deal with the spam messages and comments in your application.
Captcha was a genius concept by google. Basically, this program requires the user to recognize words by generating random letters before submitting form. Nowadays, google has invisible reCaptcha which is really option.
reCAPTCHA is a free service and lets you protects your site from spam and abuse without any payment. It uses advanced risk analysis techniques to tell humans and bots apart.
To implement reCAPTCHA, use this link https://www.google.com/recaptcha/. Sign up if you’re new or just login to admin console. You’ll have two different types of captcha options : reCAPTCHA v3 (Verify requests with a score) and reCAPTCHA v3 (Verify requests with a score) with allowed domain names.
If you find Google captcha uneasy or boring, honeypot is another method you can use. It is pretty easy to setup as well. It is used to catch spam bot by presenting hidden form to spam bot only.
Honeypot works by tricking spam bots trying to submit fake values into your form. Once bots fall into your honeypot trap, the bots will fill all fields including the honeypot. This including other factors like time it took to submit the form will trigger the anti spam.
Furthermore, you can also access the information about the spammer/bot (i.e. their ip address) and use this to block and prevent further spams in the future.
Users can implement this feature themselves. Luckily however, packages like laravel-honeypot helps to make it easier for you.
You can use “page rules” setup of Cloudfare to URL with form submission down. This service does not work as well as others but its really easy to implement it.
I would only recommend it if you are already using Cloudfare.
Email Validation is another popular way of tackling spams. Normally, sign up forms use this method to register new customers. You can verify if the email actually exists by making the user to click button to confirm registration.
This helps to separate bots and real users. There are various API in the internet regarding email validation. These API make the work easier and saves a lot of time.