The Ultimate Toolbox for creating
amazing web sites!

Anti spam features in forms

The built-in form processing script offers a versatile range of functionalities, including email sending, data storage in formats like CSV or MySQL, and file uploads. However, it also provides valuable tools aimed at limiting spam submissions through the form. These tools encompass various approaches, such as incorporating a CAPTCHA field into the form, implementing server-side (PHP) validations, deploying honeypot anti-spam techniques, and more. This tutorial will provide an overview of the diverse options at your disposal to enhance the security and functionality of your forms.

CAPTCHA

CAPTCHA may help to stop spammers from submitting form data automatically. CAPTCHA (an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart,") dynamically generates an image with (random) letters and numbers.
These characters, because they're part of an image and not text, are difficult for a spambot or other computer program to read. Yet, a person has little trouble reading the letters in a captcha image.

WYSIWYG Web Builder has built-in support for different types of CAPTCHAs:

Default, Displays random characters, with several options to control the way the text and image looks. For example, you can set the font, character rotation, distortion (wave effect), add noise, lines or a random background.

Related tutorials


Creating forms
Form Wizard
Form Validation
Form Conditions and Calculations
Creating a Form with a popup confirmation
Frequently Asked Questions about Forms

Check if the domain of the specified email address is valid

When this option is enable, the script checks the DNS records of the sender's domain to see if it has valid MX (Mail Exchange) records.
This is done using the checkdnsrr function with the "MX" parameter. MX records are used to route email for a domain. If there are no MX records for the domain, it means that the domain is not set up to receive email. Next, it checks if there are "A" (IPv4 address) or "AAAA" (IPv6 address) records for the domain using checkdnsrr. If there are no A or AAAA records either, it means that the domain does not have a valid DNS setup for email or web hosting.

This option can be enabled in Form Properties -> Advanced -> Miscellaneous

Honeypot Anti-Spam

The anti-spam honeypot is a hidden form field that bots can’t avoid filling, but it’s invisible to human users. If the hidden field is filled in, it’s a sign of spambot activity and can be blocked. If the field is not filled in, it indicates that the form was filled by a human user as intended. The name of the Honeypot Anti-Spam field name can be set in Form Properties -> Advanced -> Miscellaneous.

Note: Make sure the field name is not the same as one of your existing input fields.
math
Displays a (random) mathematical challenge, instead of characters.
reCAPTCHA v2
Use  Google 's reCAPTCHA v2. You will need reCAPTCHA keys to use this functionality.
Please visit https://www.google.com/recaptcha/admin/create. for more information.
reCAPTCHA v3
Use  Google's reCAPTCHA v3, also known as 'Invisible reCAPTCHA';
This CAPTCHA is actually invisible. To verify that it works, a small icon should appear in right bottom corner of this page.
 

hCAPTCHA
hCaptcha is a free, private and secure CAPTCHA service that helps protect your forms against spam. It works along similar lines to Google’s version but offers more methods of identifying and blocking bots.
More information is available here: https://www.hcaptcha.com/signup-interstitial

 

Form Validation

Form validation is useful for making sure users enter the correct data. For example, to verify if a required field is not empty or that the email input fields has a valid email address. Unfortunately, it is not effective against spammers ,because the browser script can easily be bypassed by disabling JavaScript. However, WYSIWYG Web Builder also support server sided validation. This adds extra security to the form by also validating the input on the server side (using PHP), so even if JavaScript is disabled in the browser or the form has been modified (by spammers/hackers), the submitted will still be validated. This feature uses the same settings as the JavaScript (client side) validation.

More information is available here: Form Validation