Web forms and spam

In early November, we were made aware of at least two web forms that began receiving large quantities of spam submissions. We have some safeguards we can recommend for your web forms to avoid the spammers: the anti-spam honeypot and invisible reCAPTCHA.

Anti-spam honeypot

This is a feature available to all web forms in the form settings. On that settings page, you will find a “Form Options” section toward the bottom. The “Anti-spam honeypot” can be activated here, and is our recommended first step toward avoiding spam.

This feature is regularly updated and maintained by the Gravity Forms software, and works by creating a hidden form field that a regular visitor would not see (but a robot would). More information about this feature is available on Gravity Forms website.

Invisible reCAPTCHA

There is another method for detecting robots filling out your form, the Completely Automated Public Turing test to tell Computers and Humans Apart, or “CAPTCHA” for short. You have likely encountered these with the checkbox you select to claim you are not a robot, at which point the website may prompt you to prove you are a human by identifying traffic lights.

Unfortunately, many of the CAPTCHA solutions on the market introduce barriers for visitors who may rely on assistive technologies. For this reason, we advise only using the “invisible reCAPTCHA” version of this technology. Invisible reCAPTCHA simply displays a badge on your form and does not require every user to complete a CAPTCHA test — the test is only displayed if the software suspects suspicious traffic.

To implement reCAPTCHA, please contact us at um.weboffice@maine.edu and our team will add the appropriate “key” information into your website’s form section, and will add the invisible reCAPTCHA option to the form(s) you identify.