I have a contact form on my website with 3 fields (email, comment and spam prevention). The email and comment fields work. The spam field works online and stops people (It displays the message: "You failed the spam test") but I still get emails with the wrong answer.
The spam question is "what colour is this balloon" (with a picture of a blue balloon).
Any help would be greatly appreciated.
<script type="text/javascript">
function hgsubmit()
{
if (/^\S+@[a-z0-9_.-]+\.[a-z]{2,6}$/i.test(document.hgmailer.email.value) == false) alert ("A valid email address is required.");
else if (/\S+/.test(document.hgmailer.comment.value) == false) alert ("Your email content is needed.");
else if (/blue|Blue/.test(document.hgmailer.spam.value) == false) alert ("You failed the spam test.");
else {
document.hgmailer.submit();
alert ('Thank you!\nYour email is sent.');
}
}
</script>
I'm using FormMail if that matters.
Spam bots won't be running the script in the page, the will just scrape the HTML code for a form where they can post data, so you can't protect yourself from those using Javascript.
To prevent those, you need code on the server side that can reject requests depending on what's in the form. You can use Javascript to put specific information in a field, and if that is missing when it arrives at the server, you know that it wasn't posted by a browser.