The pros and cons of staying secure and blocking spam with a contact form

So you’ve got a website! Now what? If you want to connect with your visitors, you’re going to need a contact form. But what are the security advantages and disadvantages associated with a contact form?

I’m sure you, like me, have had your fair share of spam email; people trying to sell you everything from prescription drugs to watches. Worse still, some of these offers will probably be coming through your companies contact form, which is both annoying and a time waster.

Securing response forms with a CAPTCHA

OK, I confess, this is a buzzword. After everything I said about buzzwords and jargon being a pain, I go and do this! But, there’s a a very good reason.

There is a way of preventing a good percentage of the unsolicited email you receive, and it’s a security feature you can add to your contact forms. It’s called CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Human Apart. If you go to the contact page of the Octane website, you’ll see one in action.

Manually submitting contact forms

However, CAPTCHAs aren’t a silver bullet, or some kind of cure-all. Because of the various tools I use, I can see where people come from before they send me a message via my contact form.

The vast majority of the spam I get is from India. So rather than this being some automated system trying and failing to complete my response form and navigate its way around the CAPTCHA, it’s a real person at the other end. That’s a problem you can’t solve with software alone.

However, some feel having a CAPTCHA on your response forms might be doing more harm than good. As an example, a recent body of research shows that CAPTCHAs have a measurable effect on conversion rates:

“From the data you can see that with CAPTCHA on, there was an 88% reduction in SPAM but there were 159 failed conversions. Those failed conversions could be SPAM, but they could also be people who couldn’t figure out the CAPTCHA and finally just gave up. With CAPTCHA’s on, SPAM and failed conversions accounted for 7.3% of all the conversions for the 3 month period. With CAPTCHA’s off, SPAM conversions accounted for 4.1% of all the conversions for the 3 month period. That possibly means when CAPTCHA’s are on, the company could lose out on 3.2% of all their conversions!”

Those figures do certainly offer pause for thought. But it’s also worth mentioning this is a relatively small study group, and I have a feeling that the type of visitor could play a major part in conversion and abandon rates.

Respondr response form script

Because I got sick of relying on other people, I wrote my own response form script, called Respondr, which you’ll find being used here on Octane, as well as on the Blah, Blah! Technology blog, and several clients of mine.

Rospondr is free to download, and if you’re a web developer, it should be easy enough for you to install and configure. Rospondr also includes a built-in CAPTCHA, which can also be configured.

In the time I’ve been using CAPTCHAs, I’ve seen several people get stuck with them, but very few have abandoned them. My feeling is, people know why they’re being asked to enter a security code, because they’re just as sick of unsolicited mail as I am.

But if you are concerned about people abandoning your contact form, make sure your telephone number is near by, so they can call you direct.

Masked passwords versus usability

I’ve always disliked masked passwords. What’s a masked password? It’s any text field on a contact form that turns all of the characters you’re typing into bullet points. Let’s face it, if you can’t see what you’re typing, how can you be at all sure you’ve typed the right thing?

Recently, usability expert Jakob Nielsen weighed in on the subject of masked passwords:

“The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.”

This is a problem for both new and seasoned web users alike. As a web developer, I don’t use masked password form fields. If a client asked for them, I explain why they’re such a bad idea, who’s positives are massively out-weighed by the negatives.

If you’re worried about people looking over your shoulder, that’s a people thing and not something software can get around. At the very least, if web developers are going to use masked passwords in their response forms, they should include a little check box which enables and disables it, to give the user the option.

Conclusion

Ultimately, if you choose to use CAPTCHAs or masked passwords on your company website, it’s about balance; are you doing the right thing by your customers / clients visiting your website?

And knowing your audience is essential, which is why I highly recommend you track the visitors to your website, to help widen that knowledge.


5 simple ways to improve your business website

Most business websites are under performing, and the reasons are all too common. Thankfully, most websites can be improved without too much effort.

Here’s a list of 5 easy methods to improving your business website:

  1. Prompt the visitor to act — by adding in a “Call to Action” at the end of a web page; such as your sales telephone number, or a button to place an order, or to contact support or sales, you’re preventing your product / service pages from becoming dead ends.
  2. Making contact — speaking of getting your visitors to contact you, just listing your email address is neither professional or sensible. Firstly, if you have a proper contact form, your visitors will have much more confidence in you. Secondly, by listing your email address on your website, you’re essentially inviting people to send you junk email. As well as giving your potential customers a way to contact you, also list your main telephone numbers and postal address, too.
  3. The write stuff — bad grammar and poor spelling are a turn-off. Most businesses have a copy of Microsoft Word, so make sure you use it! Also, when writing about your company or your products and services, think about your audience and write with their needs in mind. You’re not out to win any literary awards, but you don’t want to bore them, either. Be concise, descriptive, informative and use words and phrases appropriate to your product / service, and avoid jargon.
  4. Image is everything — you don’t have to be a professional to take professional-looking photographs of your products. A lot of websites have very poor photos, which do more harm than good and don’t give a good impression of either their products or the company itself.
  5. Broken links — possibly one of the most heinous of website design crimes is the broken link. Finding them is both frustrating and unprofessional. Periodically check your website for broken links and fix them!

Think your business website is suffering from some of these problems, but don’t know how to fix them? Well I do, so contact me straight away and let’s get that website of yours earning you money!