Reputation: 965
Client-side Validation working but still receiving spam
I have implemented a jQuery client-side validation on my contact form after receiving multiple spam emails. After ensuring the validation works correctly, I am still receiving the spam emails. Somehow the fields do not meet the validation rules I set, yet are still going through. For example, I am testing for a valid email address, but the form allows a number "1" to be used in the email field. I investigated the Google Analytics and it doesn't appear a user was even on the Contact Page at the time the emails are being sent. Can anyone offer any explanation? I would like to avoid back-end validation, if possible.
Upvotes: 1
Views: 265
Answers (1)
Reputation: 428
The answer is simple : you "would like to avoid back-end validation, if possible", but it's not possible to defeat spam only by a client side validation.
As you said it, a part of your spam comes from clients that don't appear in Google Analytics, which is likely to mean client not running javascript.
Although it is theoretically possible with a scripted headless browser, most spam is sended through non browser software, running in botnets (zombie PCs). The spam software just sends lot of HTTP POST requests to your server. This kind of sofware just doesn't execute your javascript and jquery code.
Client side code may help to defeat spam, but there should be always some kind of server-side filtering.
Upvotes: 2
Related Questions
- Spam responses from website contact form bypassing 'required' and 'pattern' attributes
- JQuery Validation does not show the right message
- Email not validating completely with jQuery validation
- jQuery Email Validator - Implementation Issue?
- Client side Email Validation
- Validating Email using html5
- jQuery email validation issue
- Jquery email validation seems to get ignored
- jQuery/Javascript custom email validation not working
- Email validation through jquery unobtrusive