The pros and cons of staying secure and blocking spam with a contact form

So you’ve got a website! Now what? If you want to connect with your visitors, you’re going to need a contact form. But what are the security advantages and disadvantages associated with a contact form?

I’m sure you, like me, have had your fair share of spam email; people trying to sell you everything from prescription drugs to watches. Worse still, some of these offers will probably be coming through your companies contact form, which is both annoying and a time waster.

Securing response forms with a CAPTCHA

OK, I confess, this is a buzzword. After everything I said about buzzwords and jargon being a pain, I go and do this! But, there’s a a very good reason.

There is a way of preventing a good percentage of the unsolicited email you receive, and it’s a security feature you can add to your contact forms. It’s called CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Human Apart. If you go to the contact page of the Octane website, you’ll see one in action.

Manually submitting contact forms

However, CAPTCHAs aren’t a silver bullet, or some kind of cure-all. Because of the various tools I use, I can see where people come from before they send me a message via my contact form.

The vast majority of the spam I get is from India. So rather than this being some automated system trying and failing to complete my response form and navigate its way around the CAPTCHA, it’s a real person at the other end. That’s a problem you can’t solve with software alone.

However, some feel having a CAPTCHA on your response forms might be doing more harm than good. As an example, a recent body of research shows that CAPTCHAs have a measurable effect on conversion rates:

“From the data you can see that with CAPTCHA on, there was an 88% reduction in SPAM but there were 159 failed conversions. Those failed conversions could be SPAM, but they could also be people who couldn’t figure out the CAPTCHA and finally just gave up. With CAPTCHA’s on, SPAM and failed conversions accounted for 7.3% of all the conversions for the 3 month period. With CAPTCHA’s off, SPAM conversions accounted for 4.1% of all the conversions for the 3 month period. That possibly means when CAPTCHA’s are on, the company could lose out on 3.2% of all their conversions!”

Those figures do certainly offer pause for thought. But it’s also worth mentioning this is a relatively small study group, and I have a feeling that the type of visitor could play a major part in conversion and abandon rates.

Respondr response form script

Because I got sick of relying on other people, I wrote my own response form script, called Respondr, which you’ll find being used here on Octane, as well as on the Blah, Blah! Technology blog, and several clients of mine.

Rospondr is free to download, and if you’re a web developer, it should be easy enough for you to install and configure. Rospondr also includes a built-in CAPTCHA, which can also be configured.

In the time I’ve been using CAPTCHAs, I’ve seen several people get stuck with them, but very few have abandoned them. My feeling is, people know why they’re being asked to enter a security code, because they’re just as sick of unsolicited mail as I am.

But if you are concerned about people abandoning your contact form, make sure your telephone number is near by, so they can call you direct.

Masked passwords versus usability

I’ve always disliked masked passwords. What’s a masked password? It’s any text field on a contact form that turns all of the characters you’re typing into bullet points. Let’s face it, if you can’t see what you’re typing, how can you be at all sure you’ve typed the right thing?

Recently, usability expert Jakob Nielsen weighed in on the subject of masked passwords:

“The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.”

This is a problem for both new and seasoned web users alike. As a web developer, I don’t use masked password form fields. If a client asked for them, I explain why they’re such a bad idea, who’s positives are massively out-weighed by the negatives.

If you’re worried about people looking over your shoulder, that’s a people thing and not something software can get around. At the very least, if web developers are going to use masked passwords in their response forms, they should include a little check box which enables and disables it, to give the user the option.


Ultimately, if you choose to use CAPTCHAs or masked passwords on your company website, it’s about balance; are you doing the right thing by your customers / clients visiting your website?

And knowing your audience is essential, which is why I highly recommend you track the visitors to your website, to help widen that knowledge.

9 essential reasons for tracking visitors to your company website

Having the best company website in the world counts for nothing if you can’t track who’s visiting. Be you the managing director, or part of the sales and marketing team, knowing the where, why, when and what of your website is essential.

Tracking visitors to your company website

When I build a company website, I have a list of prerequisites, one of which is installing options to track and monitor visitors to those websites. Without an understanding of your visitors, you run the risk of steering your website into rough seas, less trafficked than the calmer waters more popular websites are to be found sailing through.

Here are some of the top benefits of gathering web statistics for your business website:

  1. know how many visitors you’re getting daily, weekly and monthly;
  2. see where those visitors are coming from (such as other websites, search engines, or typing your web address directly);
  3. if you’re getting visits from the search engines, like Google, you’ll see what words they searched for;
  4. see how long each visitor spent on which web pages, and what they did next;
  5. monitor downloads of things like software, PDFs, white papers et cetera;
  6. if you have a search tool on your website, you can track what people are searching for and which web pages they’re visiting.

They are but a small selection of the things you’ll be able to do once you start tracking visitors to your company website.

Using web statistics to improve your sales & marketing

But you don’t just want to accumulate all of this data. You want to put all of this data into action. So here’s some ways you can make use of your visitor data, which include:

  1. track marketing campaigns, which include campaign codes;
  2. use your web statistics to build a demographic profile of your visitors, which will help your sales & marketing team target their campaigns with more precision;
  3. spot recurring trends, such as visits from particular web pages or articles, and use those sources to hone your marketing activities.

So the next question is, now? I use a number of tools, but the main two I use and recommend to clients are Google Analytics and Clicky Web Analytics.

Web analytics software

Google Analytics is free. All you need to sign up is a Google Account, which is also free. As well as a huge wealth of data at your disposal (far too many options here to cover in any real detail), you can also add profiles for different people, like colleagues and perhaps your own clients, as I do.

Clicky Web Analytics is a paid service, but there are some very unique features particular to Clicky what you won’t see in Google Analytics. For example, Clicky has a Spy feature, which allows you to see visits to your website live. The advantages of this might not be immediately apparent, but over time, you’ll appreciate being able to respond to currently active marketing campaigns in real time.

Clicky really comes into its own once you have a business blog. There are options to track buzz, such as who’s talking about you and your brand on Twitter, for example.

In both instances, Google Analytics and Clicky Web Analytics require you to install a small portion of code into each web page for them to do their magic.

So what have we learned? Data is good! Data can give your business a critical edge, one perhaps not shared with the competition…

Recommended reading

Of projects, payment and planning

In business, it’s often the basics that we get snagged up on. I’m a web designer first and foremost and a businessman second. But it’s the criticality of your business that can usurp your day-to-day plans, throwing your future into doubt. A good example would be billing clients — but it needn’t be that way.

A while ago, I had to write out a set of terms & conditions. In all the years I’d been in business (Octane celebrated it’s tenth birthday in June), I’d not given serious thought to such things, largely because there’d never been a real need. But one particular client project changed all of that.

Even though the final stage of the project had been demonstrably complete, the client insisted on additional unscheduled activities being complete first before the final invoice being issued.

When the final invoice was issued, they were shocked by the cost. But why? Because these additional activities weren’t planned for, within the scope of the project, I was essentially supplying estimates on a daily basis. So over time, the client had lost track of the amount of work they had requested.

What we had was a classic case of “mission creep“, where a project has expanded beyond its original goals, often after initial successes.

I’d always been mindful to invoice as often as a project would allow, for two reasons:

  1. to mitigate cash flow problems, and;
  2. to fend off the damage delayed or none payment can cause.

Mitigating the cost of “mission creep”

Well, this one client project made me think again about this policy. As a rule, I have invoice breakpoints, which can be better explained by quoting straight from my terms & conditions:

“Our standard practice is to divide projects into separate stages, with each stage being billable. However, stages may be billed prior to an agreed milestone if the cost of the stage exceeds £2,000.00 or a cost breakpoint previously agreed between the client and Octane Interactive Limited is met.”

This way, we limit the prospect of any one stage within a project running on further than it should. And because we agree these terms & conditions up front, me using this condition as a fall back later within the project shouldn’t come as an unwelcome surprise to the client.

The other advantage to billing often is that you give your client a clear insight into just how much each stage of a project costs, and how much of a commitment of work that stage of the project is / was.

By encouraging your client to pay in stages, they’re making a major financial commitment, which then helps them to work towards completing a project with you, rather than just abandoning it and walking away, owing thousands, thinking that they have no financial liability.

Once a client is happy that the progress you’ve made is consistent with the agreed stage, they’re endorsing your progress with a financial seal of approval.

Because of what I do, it’s often very easy to demonstrate to a client the progress being made. I can often grant them access to any given website or web application during the various stages of its development.

In fact, I often encourage clients to begin using a website or web application (even if only for internal purposes), to trigger feedback, and for them to become comfortable with their project.

I’m sure you can find similar examples within your own work process.

In this current economic climate, it’s imperative that we all work together and not apart. For my part, I’m actively working on innovative web applications than can help my clients save money during the recession.

Hopefully, this advice may help you start a new conversation with your clients that could help stave off financial problems in the future…

Mindset as a barrier to the uptake of new technology

How can we push the boundaries of event management further still? By taking the events to the people, says Wayne Smallman, author of the Beginner’s Guide to Social Media.

“It’s not that people resist change for no reason, it’s that the resistance comes as a result of there not being compelling enough reasons to do things any differently.”

Octane in the media — sharing knowledge, expertise and insights

As a business in the information technology industry, Octane’s greatest asset is my own greatest asset, and that’s my expertise. What I know is what my clients benefit most from.

So it makes perfect sense that I should use that knowledge, expertise and know-how to help make Octane a more attractive target for businesses looking to expand their web presence via social media, or to help lower costs with a web application.

I thought I’d take a different direction, departing from the usual marketing routine and engage with fellow business people by more direct means. Since so many businesses rely on trade magazines and publications for news and updates, it made perfect sense to explore those channels as a means of exposing my knowledge to people keen to learn more about social media, trends and directions in web technologies, and how they can benefit their businesses.

Over the last two months, Emily Cagle, a client of mine whose website I recently re-developed is now performing an admiral job as my PR. Yet another example of the kind of reciprocal relationship my clients and I have.

As of yesterday, Octane launched its very own media page, which will feature “articles and excerpts taken from publications both on the web and in print” all ready to download as PDF files.

So in addition to my blogs, including the Octane blog, where I also share some of my ideas and professional experiences, among other things, I’ll also be sharing the views and insights I’m sharing elsewhere.

If you’d like to know more about the kind of things I write about, or perhaps you would like me to write something for you, please feel free to contact me right away.