Honeypot for spam/best practice for mailto links
Evening!
Just wondering if anyone has a good link/advice for cutting down spam for forms/mailto links? A while ago I read that for forms you can have some success with an invisible field which a bot will likely check - and filter based on that. I was also considering taking that IP and banning on the backend based on that range or something? (I run fail2ban on the server, but don't really know much about this)
RE the mailto link - don't i have a similar problem here too in terms of exposing the email address?
Thanks!
4 Replies
sry miss read this at first so forms you would want some kinda captcha probably
https://developers.google.com/recaptcha
for mailto links I typically do something like this
https://github.com/b1mind/bfolio/blob/dev/src/routes/contact.svelte
so its not a "real" mailto ref but works like one via the form js handler* haha
you could add captcha too it and brrrr
you also could put in a debounce of some sort to prevent fast spams
but yea ban the bad ips for sure
oh ok, so is it right to think that as long as I keep the email address in the JS it'll be less accessible to bots? I was thinking more scraping the address, but maybe that isn't really a concern. Debouncing's not a bad idea too.
but ugh, I've looked at captures before - was hoping to avoid them, seems to be a lot of (justified imo) hate for average use, but if it's the only real option...
ooh, feel like timing the submission is a good one, forgot about that set a timer from the first click of the input field, if < 3 seconds, discard
I've seen tell of people using JS to add the mailto link a second or two after page load, so when bots initially scrape the page there is no mailto link but by the time a person scroll down far enough it's there.
Something like this:
Minor downside to this is if the JS doesn't load (or if the user turns JS off) it won't populate the mailto link
Sorry, been away for a couple of days - yeah that looks like a decent option for the mailto links, thanks.
I was also wondering if there's a way to have my server respond with a mailto link or redirect or something - basically I turn what looks like a mailto link into a form submission that I can then use recaptcha (or in this case I'm going to try out cloudfare turnstile) and honeypots as i would for a form