Learn how to block spam in your contact forms using a simple hidden field technique in .NET Core 8.0 MVC. This quick, effective solution filters out unwanted submissions, ensuring you only get genuine leads without complicating the user experience.
How to Prevent Spam in Contact Forms with .NET Core 8.0 MVC – A Step-by-Step Guide
Dealing with spam submissions in your lead or contact forms can be incredibly frustrating—especially when you’ve already implemented CAPTCHA and other spam prevention measures. But what if I told you there's a simple yet effective solution that could help you significantly reduce unwanted form submissions?
In this post, I’ll walk you through a quick tip for blocking spam in your forms using .NET Core 8.0 MVC. While this solution is tailored to .NET Core, the logic can be adapted to other technologies as well, making it versatile and easy to implement across different platforms.
Why Spam Forms Are a Problem
Spammers often use automated bots or scripts to find and submit contact or lead forms on websites, flooding your inbox with irrelevant, sometimes harmful, content. CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) has been a popular solution for this, but it’s not foolproof. Bots are becoming smarter and can sometimes bypass CAPTCHA mechanisms.
Luckily, there’s a much simpler method to keep spammers out while ensuring legitimate visitors can still submit forms without a hitch.
The Simple Trick: Adding a Hidden Field
The solution? A hidden input field. It’s a basic technique that prevents bots from submitting forms, as they typically “fill out” all fields, including hidden ones. By checking if this field is empty when the form is submitted, you can easily determine whether it was filled out by a bot or a human.
Let’s take a look at how to implement this in a .NET Core 8.0 MVC application.
Step 1: Build the Contact Form
Here’s a basic contact or lead form that users can fill out. This example uses .NET Core MVC syntax:
<form asp-action="contact" asp-controller="home" method="post"> <input class="form-control" type="text" maxlength="255" asp-for="FullName" placeholder="Your Name" required> <input class="form-control" type="email" maxlength="255" asp-for="Email" placeholder="Your Email" required> <input class="form-control" type="text" pattern="^[0-9]*$" maxlength="15" asp-for="Phone" placeholder="Your Phone with Country Code"> <textarea class="form-control" asp-for="Message" cols="40" rows="5" maxlength="1000" placeholder="Your Message" required></textarea> </form>
Now, let’s add a hidden field to this form:
<input class="additional-note" type="text" style="display:none;">
Step 2: Implement the Spam Check Logic
When the form is submitted, we check whether the hidden field is filled out. If it’s empty, the submission is likely from a human. If it's not, it’s probably a bot, and we can discard the submission.
In the controller, add the logic to handle this check:
[HttpPost("contact")]
[ValidateReCaptcha]
public async Task<IActionResult> Contact(LeadModel model)
{
if (!ModelState.IsValid)
return View();
try
{
bool result = await _contactService.SaveLead(model);
TempData["success"] = result ? "We have received your request, and we'll get back to you shortly!" : "Sorry, we couldn't process your request.";
return RedirectToAction("contact", "home");
}
catch (Exception ex)
{
TempData["fail"] = "Sorry! Something went wrong while processing your request.";
_logger.LogError(ex, $"Error occurred while saving lead - {Helper.Dump(model)}");
}
return View();
}
Step 3: Business Logic Service
In the business logic service, we need to ensure that the lead is saved only if the hidden field is empty (indicating it wasn’t filled out by a bot):
public async Task<bool> SaveLead(LeadModel? leadModel)
{
if (leadModel == null || !string.IsNullOrWhiteSpace(leadModel.RepeatLead))
return false; // Discard leads where the hidden field is filled out (likely spam).
var lead = _mapper.Map<Lead>(leadModel);
return await _contactRepository.SaveLead(lead);
}
How It Works:
- Bots vs Humans: Bots usually fill out all fields, including hidden ones, whereas humans won’t interact with hidden fields.
- Quick Spam Detection: If the hidden field is filled out, we treat the submission as spam and reject it.
- Seamless User Experience: Legitimate users can still submit the form as usual without any interruption.
Why This Works
Spammers use automated scripts to find and submit forms, but they don’t know about hidden fields that are intentionally left blank. This simple trick helps filter out spam without adding extra layers of complexity or affecting user experience. Plus, it’s incredibly easy to implement with .NET Core MVC.
Conclusion: A Simple Yet Effective Spam Prevention Solution
Implementing a hidden field in your forms is a quick and effective way to fight spam without over-complicating things. This approach works across various technologies, so feel free to adapt it to your tech stack.
By using this method, you can keep your contact forms clean and only receive genuine submissions. 💪
What Do You Think?
Have you tried similar techniques to block spam in your forms? What methods have worked best for you? Share your thoughts in the comments below!
Also, feel free to share this post with anyone who might benefit from a spam-free experience on their website. Let’s keep our forms secure and user-friendly!
Notice Inappropriate?
If you come across any inappropriate content, please report it to our administrators!
