Contact forms make it easier for people to contact you without opening up Gmail, typing out your email and pressing send. It also helps protect your email from being picked up by spammers and email harvesters.
However, just as contact forms make it easy for customers to contact you, they also make it easier for others to spam you.
Unfortunately, Shopify’s native spam filtering software leaves much to be desired. For one client, we consistently received so much spam that we had to disable the contact form entirely.
However you can stop Shopify form spam by:
- Removing the form
- Using an externally provided contact form
- Installing spam protection plugins (Recommended)
- Adding a HoneyPot to filter spam submissions
🎯 I recommend using Shop Protector from experience as it was the easiest method. The bonus is that it doesn’t rely on a captcha so that only human interactions are let through (submitting a form, checking out, etc) without affecting your conversion rates.
1. Remove the form
If you aren’t looking for much customer contact, you may try removing the contact form entirely and spelling your email out in this fashion:
yourname (at) domainname (dot) com
Yes, it’s a pain for users but it is one method. It won’t catch commenters or newsletter subscribers, though.
2. Use a 3rd party form
Forms like Wufoo allow you to collect responses elsewhere, through another company’s email sever and spam filtering system and captcha options. Other form options include:
⚠️ The Problem With Captchas: The problem with captchas is that they can significantly limit the amount of real submissions you get by up to 40%. Source: Are Humans Good At Solving Captchas? Stanford University 2010
3. Install a spam protection plugin (Recommended)
Another option is to make use of a form protection plugin. There are now multiple plugins on the market.
1. Shop Protector by HumanPresence
While there are paid and unpaid versions, Shop Protector allows you to protect forms against spam by using HumanPresence’s AI which distinguishes human behaviour from robotic (read: spam) actions.
Basically it filters bots from accessing or using your website.
There are some extra features of Shop Protector that are an added bonus:
- Filtering of auto-purchases
- Identification and patching of vulnerabilities in your site/theme
Clean talk works by routing form submissions, blog comments and registrations through their cloud server. There are rules and checks on the server that work out whether or not the action was done by a bot, and if so, stops it from executing. But for humans, it lets them through.
This plugin leverages Google’s captcha technology to add forms to your website. You can customise the appearance of the form by using CSS. The plugin costs $4.95 per month.
As mentioned above, captchas aren’t a good long-term solution but may be useful if you’re looking for another option.
4. Add a HoneyPot
A honey pot in form submissions is basically an invisible field that only bots will fill out. Like a honey pot for flies (bears?) the idea is that you’ll draw in the traffic that you don’t want into filling out that part of the form and filter them out.
Unfortunately, this is a technical process and requires a developer. Eduard Fastovski has written a guide on how to do that here.
Frequently Asked Questions
Bots regularly trawl the web looking for sites to spam. It’s very common.
Kind of. Spam can contain nasties like viruses, phishing links, etc. So that can affect you if you engage with them.
Spammers visiting your site can also hog your sever bandwidth and make it slower to use, losing you revenue.
Also, spamming your forms might sign up spammers to your email marketing service which costs you because you’ll pay for the fake subscribers.