Oliver
Oliver

Spam? Pah! Filtering out the noise from my contact form

Wednesday 05 June 2024

I host this site on Netlify. It's a really cool platform - it makes the complexities of git, branches, and pushing/pulling seem like a walk in the park.
One of the things I love about Netlify is Netlify Forms.
The main contact form above (feel free to try it out!) uses it, with background spam processing to help prevent anything unwanted filtering through to my inbox.

On logging in one morning, I discovered a new page - 'spam submissions'. Intrigued, I opened it.

Wow.

Oh. Right. Wow. Clearly the spam filter wasn't as good as I believed!
I suppose that's my lesson to start using challenges on everything - it's a low traffic site, or so I thought! Hello to my robot readers!!

To help deal with this, I wanted to include a CAPTCHA on the page, which would filter out the robots from the real people.
However, I hate reCAPTCHA as much as the next person, and it's too Google-y.

In my quest to de-Google, I didn't want to start building it into my site in new places.

For a few days, I did use a reCAPTCHA, in an effort to understand if that helped to curb the spam. I quickly found that it did indeed work! I still wanted to find an alternative though...!

Another of my favourite platforms is Cloudflare, which this site also uses (extensively!). They offer Cloudflare Turnstile, a 'frustration-free' CAPTCHA alternative. Sounds good!

However, Netlify Forms would only accept me using reCAPTCHA - none of the alternatives were supported (as of June 2024).
Therefore, I needed to bid farewell to Netlify Forms, and find an alternative.

I quickly settled on using a Cloudflare Worker to process the data, having verified the CAPTCHA was still intact.
I found this tutorial from Ubaverse, which was a great help in this project.

After following that tutorial (pretty much down to the letter), throwing some incense, and praying to the gods of DNS, I managed to get a working prototype setup on a staging domain:

A screenshot of my initial prototype

And it worked! And I didn't have to choose the image that looked most like a zebra! Wonderful!

Now I needed to build it back into my main site, and ensure that it worked properly.

After fiddling around with it for a bit, however, I went off my grand idea. I've always loved the simplicity of my website, and that it just works!.
I felt that incorporating any third-party scripts (even from companies I like and trust, such as Cloudflare) goes against my vision for this site.
I wanted to keep it simple, and this was adding too many layers of complexity.

Looking back over the Netlify Docs, I saw they also added an option for a Honeypot field, which a bot would see, autofill, and submit - but a human wouldn't!
The submission would then be discarded if the field was filled in, which no legitimate user would do (as it wouldn't be visible)!

This seemed like an ideal solution, so I added it, and it works fine. It very much does the trick, and it's not too fancy either!

So sorry about this everyone - this was a very long winded way of telling you that I'm not going to change anything! Whoops!
Well, I've written this now, so I may as well publish it anyway! Sorry for the disappointment.


June 2024