Thursday, March 12, 2009

Combating Spam (part 4 of 6)

... Client-side Validation continued ...
Empty Spaces

This should go without saying. If you have empty fields, the form should not be submitted, and an error should be displayed. You don’t want empty data being sent to your mail now do you? Sometimes empty email is far worse than those persistent Viagra ads. With the latter, at least you have something to read and curse at. ;-)

You could create a class called “required” and assign it to all fields that require data. Then validate and check all “required” fields for empty data. Keep in mind “empty” data could mean many things. It could mean a null value, an empty string, single space or series of spaces, or even a carriage return. You should test for all these conditions.

Testing for empty spaces is also a great way to promote data integrity, especially if you are collecting information and storing it in a database.


Phone Number

Usually people don’t like entering phone numbers into contact forms. If you require this information, then you better validate the field so that, at the very least, you don’t get random letters and numbers.

Checking for valid phone numbers not only prevents garbage text from being entered, it is also another way to slow spammers down, if only for a little bit. It also forces persistent spambot programmers to adapt their code.

... generally spammers and hackers are kind of lazy. They like to do as little as possible with the highest possible gain. So, rewriting spambot programming is not always in their best interest. They would rather take advantage of people who are careless enough to leave the back door open...

Make sure your phone numbers are in the format of ten digits, including area code.

TIP: A common practice for user friendliness is to separate a phone number into three fields and auto-jump to the next field. A hidden field can be used to concatenate the values for easy validation.


Postal Code

Much like the validation for a phone number, correct syntax will slow spammers down. This really aggravates them because they don’t care about entering postal codes. The great thing about the World Wide Web is that it is all one big postal code! An e-mail address is an e-mail address regardless of where you live.

Having to enter letter-number-letter-number-letter-number is really annoying, even for regular users. Therefore, by forcing spammers and spambots to do this, you are cutting down on invalid data as well as trimming the spam.

Canadian postal codes must be in the format T0T 0T0.


E-mail

E-mail validation is fairly important because you want to ensure your visitors leave a valid return address of their choosing. Usually people don’t want you to reply to the e-mail address provided by their web server. Furthermore, you want to annoy your spammers by entering valid data.

Hey, it’s not like a spammer or spambot is going to leave you a return address so that you can exchange in witty banter. But, at least you have fired one more torpedo at the little buggers.

This field must be in the correct format of having a minimum of one “@” and one “.” Furthermore, the “@” must not be the first character, and the “.” must not be the last character. This is a simple check to do, and goes a long way.

Part 3
Part 2
Part 1

Labels: , ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home