The pros and cons of staying secure and blocking spam with a contact form

So you’ve got a website! Now what? If you want to connect with your visitors, you’re going to need a contact form. But what are the security advantages and disadvantages associated with a contact form?

I’m sure you, like me, have had your fair share of spam email; people trying to sell you everything from prescription drugs to watches. Worse still, some of these offers will probably be coming through your companies contact form, which is both annoying and a time waster.

Securing response forms with a CAPTCHA

OK, I confess, this is a buzzword. After everything I said about buzzwords and jargon being a pain, I go and do this! But, there’s a a very good reason.

There is a way of preventing a good percentage of the unsolicited email you receive, and it’s a security feature you can add to your contact forms. It’s called CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Human Apart. If you go to the contact page of the Octane website, you’ll see one in action.

Manually submitting contact forms

However, CAPTCHAs aren’t a silver bullet, or some kind of cure-all. Because of the various tools I use, I can see where people come from before they send me a message via my contact form.

The vast majority of the spam I get is from India. So rather than this being some automated system trying and failing to complete my response form and navigate its way around the CAPTCHA, it’s a real person at the other end. That’s a problem you can’t solve with software alone.

However, some feel having a CAPTCHA on your response forms might be doing more harm than good. As an example, a recent body of research shows that CAPTCHAs have a measurable effect on conversion rates:

“From the data you can see that with CAPTCHA on, there was an 88% reduction in SPAM but there were 159 failed conversions. Those failed conversions could be SPAM, but they could also be people who couldn’t figure out the CAPTCHA and finally just gave up. With CAPTCHA’s on, SPAM and failed conversions accounted for 7.3% of all the conversions for the 3 month period. With CAPTCHA’s off, SPAM conversions accounted for 4.1% of all the conversions for the 3 month period. That possibly means when CAPTCHA’s are on, the company could lose out on 3.2% of all their conversions!”

Those figures do certainly offer pause for thought. But it’s also worth mentioning this is a relatively small study group, and I have a feeling that the type of visitor could play a major part in conversion and abandon rates.

Respondr response form script

Because I got sick of relying on other people, I wrote my own response form script, called Respondr, which you’ll find being used here on Octane, as well as on the Blah, Blah! Technology blog, and several clients of mine.

Rospondr is free to download, and if you’re a web developer, it should be easy enough for you to install and configure. Rospondr also includes a built-in CAPTCHA, which can also be configured.

In the time I’ve been using CAPTCHAs, I’ve seen several people get stuck with them, but very few have abandoned them. My feeling is, people know why they’re being asked to enter a security code, because they’re just as sick of unsolicited mail as I am.

But if you are concerned about people abandoning your contact form, make sure your telephone number is near by, so they can call you direct.

Masked passwords versus usability

I’ve always disliked masked passwords. What’s a masked password? It’s any text field on a contact form that turns all of the characters you’re typing into bullet points. Let’s face it, if you can’t see what you’re typing, how can you be at all sure you’ve typed the right thing?

Recently, usability expert Jakob Nielsen weighed in on the subject of masked passwords:

“The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.”

This is a problem for both new and seasoned web users alike. As a web developer, I don’t use masked password form fields. If a client asked for them, I explain why they’re such a bad idea, who’s positives are massively out-weighed by the negatives.

If you’re worried about people looking over your shoulder, that’s a people thing and not something software can get around. At the very least, if web developers are going to use masked passwords in their response forms, they should include a little check box which enables and disables it, to give the user the option.


Ultimately, if you choose to use CAPTCHAs or masked passwords on your company website, it’s about balance; are you doing the right thing by your customers / clients visiting your website?

And knowing your audience is essential, which is why I highly recommend you track the visitors to your website, to help widen that knowledge.

Adobe versus web usability and common sense

Adobe’s website is a good example of bad web usability. I discovered this for myself only last week. If you thought buying software from Adobe would be easy, you might want to think again.

Since buying their main rival Macromedia, Adobe have a huge collection of software for creative businesses like Octane. I represent their target audience, and as a web designer and developer, people like me have very high standards indeed. So we expect very high standards from Adobe.

The most profound genius is that borne of precise observation. Sir Arthur Conan Doyle must have been only too aware of this as the attraction for his most famous yet personally disliked character Sherlock Holmes grew.

Sadly for Adobe, their website offers an exceptionally bad experience for people like me. Clearly demonstrating that the simple act of observing how people do things and then anticipating their next actions is neither art, science or practice for Adobe. Instead, they’ve made the purchasing experience as difficult as possible.

As big as Adobe are, I have to wonder how many sales they lose each week because of their appalling sales funnel. Only recently did a story emerge of a “$300 million button”, highlighting the perils of a bad shopping experience. Adobe’s problems are much more than a simple button fix — the entire purchasing experience is broken from the very beginning to the very end.

So you thought buying software from Adobe would be easy, right?

Because I’m from England, I use their website, which then re-directs to their .com/uk/ address. Clearly we can see that the Adobe website is aware of where I’m visiting from, yes?

I’m interested in buying Adobe’s Creative Suite. Adobe’s home page seems neat enough, but this is a superficial appearance. The first thing I notice is that there’s no one Creative Suite, there are in fact four variations. So which Creative Suite is right for me?

the Adobe home page

And how do I decide? I clicked the: “Learn more” button, only to discover that there are actually six different Creative Suite collections; Design Premium, Design Standard, Web Premium, Web Standard, Production Premium and Master Collection. Rather surprisingly, this page doesn’t really offer any more information than the last.

I’m reminded of my first visit to the US back in 1996. During an eight week college exchange program to Northridge in Los Angeles, we paid a visit to a book store in Santa Monica. Downstairs was a cafe where people could sit and read through some of the books they’re considering buying, or the ones they’d just bought.

I decided to buy a coffee. And, not knowing any better I asked for a coffee. As the words tripped off my tongue, I saw behind the assistant a huge collection of coffee bean bags all sat in neat little square shelf boxes. I’m talking about hundreds of varieties of coffee. Needless to say, the assistant and I laughed.

Adobe, Microsoft: don’t make me think!

I now remember how I felt that day and someone must feel when trying to buy Microsoft Windows and discovering there isn’t just one version of Windows, but seven.

I’m being forced to make a decision about a product I clearly know very little about, and the paucity of information isn’t helping me make that decision. Sometimes, thinking isn’t automatically a good thing.

It’s at this point that I realize I have no idea what I need. Sure, I know what I want, but because of the different choices available to be, I don’t know what I need. Since simply asking (or rather looking) for a copy of Adobe’s Creative Suite is pointless, I click on the: “Suite selector” link, to try my luck elsewhere.

The first thing I see is a huge selection of check boxes. I feel my heart sink. Exactly what is: “cross-media design”? And what’s the difference between: “prepare digital images for print” and: “edit digital images”? Or the difference between: “import and organize images” and: “manage a pro photography workflow”?

choose an Adobe Creative Suite by activity

As my heart sinks, my head begins to spin. I don’t even attempt to choose from the check boxes and click on the second tab, to select by product. All I want is Photoshop, Illustrator and Flash. Alas, there is no Creative Suite that includes those three software packages. Instead, I’d have to choose Photoshop Extended, which forces me to choose the Premium and Master versions. I can see a correlation between Premium / Master and extremely expensive.

choose an Adobe Creative Suite by products

My heart sinks further. This isn’t any kind of choice, certainly not the kind of choice I expected to see from Adobe.

OK, let’s say for the sake of argument I was going to buy Adobe Creative Suite 4 Design Premium. I still don’t know what else is in this collection and I still don’t have a clue how much it’s likely to cost me. So I click the illustration of box .. and I click again, only to realize you can’t actually click on the graphic because it’s not a button. I have to click the: “See our recommendations” button below. Is this intuitive? No, it’s not.

The resulting page offers hardly any more information than the last. To learn more, I have to click again. It appears the Web Premium package looks about right, but I don’t want Fireworks, Acrobat or Dreamweaver. Sadly, I have no choice.

Adobe recommendations for the Creative Suite collection

Now I have three buttons to choose from: “Buy”, “Try” and: “Learn more”. I choose the former, because I still don’t know what this lot is going to cost. I’m taken to the Adobe Store, where I’m now being asked to choose which region I’m from. Why? Adobe already know I’m visiting from England.

the Adobe Store

Frustration creeps in. I click on the: “United Kingdom” option, which is right at the bottom of the page. I’m now taken to the Adobe Store proper. Where’s the Web Premium package? That’s right, the very package I chose to buy is not on the store page. Instead, the Adobe website just dumps me onto their main Adobe Store page.

I’m sure Steve Krug would be just thrilled to see his “Don’t make me think!” mantra being shot to pieces by a company like Adobe who really should know better.

At this point, I’ve totally lost patience with Adobe and decide it would be much easier to call their freephone 0800 number. Well, the idea was excellent, sadly for Adobe, their automated call handling system isn’t. After selecting an option, I’m transferred into the ether and the line goes dead. Thinking this might just be me, I try again. Dead. I call from my mobile phone. Dead.

This isn’t the first time I’ve had problems with Adobe. Back in April 2007, I discovered that Adobe Contribute is broken. Worse still, Adobe don’t care that Contribute is broken.

What was it I said about professionalism again?