Anti-Spam Feature for Forms

EPA builds all web content in the Drupal WebCMS as of January 2013. All new microsites and resource directories will be created using Drupal.  There is still content on EPA's legacy servers and this content will be maintained there until it is transformed and moved into the Drupal WebCMS.  The following information should be used only for minor updates/maintenance of existing pages; any significant updates or revisions to existing pages should be done in the context of One EPA Web content transformation into the Drupal WebCMS.

Are you getting spam from your "contact us" forms? If so, you can take advantage of an additional field element in the mail.cgi script. By asking the human submitter to type a simple keyword, the script will prevent spam while allowing human users to send comments with ease.

You can see how this "spam filter" works on EPA's Web training site, at

NOTE - you do not have to use the "spam filter" for your e-mail forms. But if you want to, there are six things you need to do:

PART A: Adjust the mail form to handle a keyword.

  1. Select one keyword that the visitor will type in. Choose a simple word; use only lower case; and avoid numbers and odd characters like "&." This is not a password and is not about security. Example words: human, light, or carpet.

  2. Next, add a hidden field called "Word" that will contain the keyword your users will type

    <input type="hidden" name="Word" value="human">

    (this example uses "human" as the keyword)

    PART B: Update the page where the user types the keyword.

  3. On the page, under the large field where the user types the comment text, insert a new paragraph of:
    "Type the keyword "human" below, to help stop spam."
    (or replace "human" with whichever keyword you chose in step 1).

  4. Under that new paragraph, in the HTML code, add a field called "UserWord" for users to type the keyword (the background is colored yellow to help draw attention to it),

    <input type="text" size="20" name="UserWord" style="background:yellow">

  5. On the page, next to the Userword field, add "*required" so that users will know they must do this.

    Screen shot of the new keyword field and how it should look:

    PART C: Create an error page to inform the user.

    Provide the user with a custom error page. The user will get this error page if they use the wrong keyword or do not fill in the keyword.

  6. Create a new HTML page, using your template, with the information you'd like to provide. For example:


    We're sorry, but we could not process your comments without the spam keyword.

    Please use your browser's "Back" arrow to return to the form. Be sure to type the spam keyword in the box under your comments.

  7. In the same form where you added the hidden field "Word" (see Part A), add another hidden field called "Error" to check for the missing keyword and the URL for the error page:

    <input type="hidden" name="Error" value="/directory/exampledir/example.html">

    (replace the URL above with your correct TSSMS name, path, and the error page filename created in step 6)

  8. Test to make sure it's working correctly. Try all three options: no keyword, a wrong keyword (both should return the custom error page), and the correct keyword (which should return your custom thank you page).


Top of Page