A technical insight into DA-FormMaker’s anti-spam measures.
Our DA-FormMaker software has been in use for over 20 years. In the beginning, it was no problem to put a contact form on your homepage. It was only filled out by real people. Well, every now and then there was a prankster who entered nonsense, but that was it.
But we can’t have nice things in the long run. Spammers soon discovered the opportunity to place their adverts there. According to the motto “a lot helps a lot”.
What is a spambot?
Spambots on the internet are automated programmes designed to distribute unsolicited messages and content, often in the form of advertising or misleading information, on a large scale. They operate in various digital spaces, including email inboxes, website comment sections, forums and social media, and can cause significant disruption and frustration for users and administrators. The motivations behind spambots range from harmless, albeit annoying, advertising to malicious intentions such as phishing attempts, spreading malware or artificially inflating online popularity by, for example, generating fake clicks or likes.
Which spam filters are used
The first spam filter mechanisms we introduced were IP blocking and Captcha. IP blocking prevents a form from being sent again and again. The captcha block is designed to prevent bots from submitting forms. Ideally, bots cannot read these numbers. In practice, captcha spam protection no longer works. Bots can now read these things.
But what else is there? Over time, we have implemented further spam filters. Many spam mails contain recurring terms, for example. These can be blocked with a simple blacklist.
Other spam simply generates random texts. These can be detected by statistical means. The various combinations of upper and lower case letters can be recognised. This is not so easy, as combination calculator shows. There are simply an extremely large number of variants, whether through different text combinations or randomly generated texts.
Other options include a global IP block. Some spammers repeatedly use the same IP address as the sender. Intervention is also possible here. Sending forms quickly is also always a good indication of a spam bot. A human needs at least a few seconds to complete the form.
Other possibilities are to look for HTML code or a high number of links. The latter usually indicate spam bots targeting guest books or forums.
The danger of spam filters
Our spam filters all work well. Not very well. There is always a bit of wastage, so customers complain that spam still gets through here and there. There are various reasons for this. A blacklist has to be maintained, i.e. new terms and URLs have to be entered here first.
Furthermore, spam filters must not be set too hard. Nothing is worse than legitimate mails being blocked. It’s better to put up with a little spam.
Which spam filter works best
Interestingly, the simplest. The blacklist. Most spam is recognised and filtered with this. It will be exciting when spammers use AI systems to generate better and better spam messages. At the moment, however, the effort involved still seems to be too high. Theoretically, an AI could keep generating new messages that differ from all the others in terms of content.
The world would be better without spammers, that much is certain. The maintenance and implementation of spam filter mechanisms is time-consuming. It costs programming effort, computing power and memory. There is also a risk that legitimate emails will be filtered out.
In the end, it remains a game of cat and mouse.