This isn't a full solution, and can lead to many problems (eg, users w/o javascript, on mobile devices, etc), but it can be part of your attack plan. You can combat many of them by using some javascript to manipulate the form request before its sent (ie, setting an additional field based on some client variable). Many of those spam-bots are just server-side scripts that prowl the web. after (!) the "bot-bait" input for the actual user Email address.ĭeveloper.Mozilla - Turning off form autocompletition
![spam bot google forms spam bot google forms](https://www.cloudflare.com/resources/images/slt3lc6tev37/7cpY9JUifcevQAKH8EjK1R/7f6122cfa7b6daac14e0e7ac895cd501/spam-bot-comment.png)
Bots like ( really like) saucy input elements like:.Var serializedData = $(this).serialize()
![spam bot google forms spam bot google forms](https://i.pcmag.com/imagery/articles/020PHZNiJDqSIrR1QrMbkrV-1.fit_scale.size_1028x578.v1569486309.jpg)
Name : "Message", // Needed for serializationĮvent.preventDefault() // Prevent Default Form Submission Name : "Email", // Needed for serialization