Growth & Marketing

October 25, 2020

January 27, 2020

How to block spam on registration forms and clean your UX

Table of contents

Over the last few years, spam bots have become a serious problem for marketers, developers and software product businesses in general. Recent studies indicate that spam accounts for 45% of all emails sent, which means that about 14,5 billion spam emails are sent every single day.

It’s essential to prevent these attacks if we want to protect our customer’s information and our business in general.

Fake signups harm your databases

Spam bots are computer programs created to send unsolicited emails massively, with different purposes. They usually spread advertisements, but they can also try to look for weaknesses in your website, hoping to exploit it or to damage your email campaigns.

They surf the Internet looking for signup forms to fill, adding false user data to them. Having a lot of new signups could seem like good news for our metrics, even if most of them are fake, but they can really ruin our work in different ways. Do you know how?

1. They mess up your contacts list.

Your database will contain plenty of fake users and that can compromise your next marketing campaigns.

Fake email example, from Hackernoon.

You won’t be able to know who really wants to read your emails and you will send them to people who are not interested in your service; a very invasive practice...

2. Forget metrics coherence.

Regardless of the fact that some part of the data is false, spam contacts will not open your emails or click on anything to get more information. So your open and click metrics will rate very low.

3. Diffuse customer image.

If your metrics aren’t fed with real, quality data, they can lead you to draw wrong conclusions about your audience and, in consequence, to make bad decisions about them and your product.

4. Send your own emails to spam.

Yes… If users receive unsolicited emails from you, they will probably mark them as spam, and you will end up in that folder.

Email automatically tagged as spam, from Gmail.

Nowadays, recipient servers also filter and reject automatically emails from domains that send them to too many bad addresses… Does taking this risk really compensate?

Usual ways to block spam bots

With the increase of spam bots activity, developers and other web security professionals have created different methods to protect registration forms and users databases.

These are the most common and efficient ways to achieve this. We are pretty sure that you have heard about them, but here is some information:

1. Adding a CAPTCHA.

«Clouds are white and the sky is = ______». Does this type of field feel familiar to you? We are sure that you have seen this before. Maybe as a simple maths operation or hidden elements/words in a picture.

CAPTCHA example, from Facebook.

Bots can’t read content inside images, only text in HTML. That’s why this is one of the most common methods. Besides adding another step, the problem is that sometimes they are also hard to resolve for humans.

2. Honeypots.

This is a more user-friendly way to identify spam bots without annoying our customers with extra steps to sign up.

Using CSS styles, we can place an invisible field to our users. They will fill in all the form except that field, but bots can’t appreciate the difference and they will fill the complete form. That’s how they are identified!

3. Double opt-in.

Also known as confirmation email. Sending a link by email could seem obvious but this is an action that a bot could never complete.

Email verification message, from a SaaS registration process.

They don’t have access to your personal email to open and click it, so this is a really effective way to distinguish them and not very invasive!

4. Verification SMS.

It is essentially the same as the double opt-in, but replacing the link with a PIN code and the email with an SMS to your mobile phone.

Evidently, bots also don’t have access to it, so it really operates in a very similar way. They’re two different types of two-step authentication.

These features have to be implemented by developers, who marketers depend on, but now there are easier solutions to manage these requirements in a faster and more efficient way.

Take it easy with Arengu!

We have developed a software product to help save time for marketers and developers with these frequent and repetitive issues.

Arengu provides you with a set of tools to build your user onboarding process without development overhead, security risks or maintenance. You can focus on lead conversion while we do the hard work.

Examples of form templates, from Arengu.

A form may look like something very simple, but we support and simplify tens of features out-of-the-box that will save you several weeks of development and maintenance, such as:

  • Multi-step forms.
  • Improved form inputs.
  • Inline validations.
  • Compatibility with old browsers.
  • Double validation on client and server side...

In addition to all of these features, which you can consult in our documentation, our software automatically rejects more than 90% of spam bots, because we inject the form at the moment that the page is loading.

Goodbye to CAPTCHAs and honeypots

The biggest part of spam bots are crawlers, looking for the <form> HTML tab to fill it with fake information. But they will not be able to find it on any website that uses our forms, because we embed them dynamically through a specific script.

So… you can say goodbye to most of them without CAPTCHAs and honeypots, saving the corresponding development time and providing an easy and elegant UX in your registration forms!

Effortless two-step authentications

We have also simplified the inclusion of email and SMS authentication with a drag and drop interface, to make protecting them even easier and faster.

Email verification flow example, from Arengu.

Have you tried Arengu yet? If the answer is no, we invite you to try it for free!

We hope this post has been useful... and to see you soon again!

You might like to read

Subscribe to our newsletter

Subscribe to our email newsletter to receive article notifications and regular product updates.