Use honeypot to fight spam

When reading about email marketing, you may have encountered a couple of terms: a spam bot and a honeypot.

A spam bot (short for a robot) is an automated program designed to perform specific tasks on the internet. Not every bot is malicious; some have a legitimate purpose. However, some bots are built to make our lives difficult. They post unwanted advertisements, links or irrelevant text in web forms, send spam emails (a lot of them!), and even infiltrate social media or online forums to post promotional content. Bots add so much noise to online traffic that it’s often hard to recognize a genuine post or user from a bot. The last thing anyone wants is these bots signing up to email lists, artificially inflating the subscriber number.

Honeypot is a spam protection strategy, alongside CAPTCHA, IP blocking or rate limiting strategies, to filter out and block these bots. And while the term honeypot may evoke a sweet Winnie The Pooh image in one’s mind, the purpose of honeypot on the web is slightly different.

In the context of spam protection, a honeypot is a trap to attract spam bots. It is a hidden input field that is added to an online form. It is invisible to the naked eye, so when a regular user fills out a form, let’s say a subscription form, to sign up for an email list, they won’t see this field, they won’t interact with it, and they won’t fill it out.

However, a spam bot doesn’t look at the form itself. Remember, it is an automated program that is told to read the code of the web form and fill it out with random content. And while the form was hidden from the regular user with some clever styling, it doesn’t matter to the bot. The bot will fill out the field anyway and get trapped as a result.

Once a bot is identified and trapped, the system will either reject the form submission, mark it as spam, or take other appropriate actions, such as redirecting the submission to a moderation queue.

Most email marketing software uses some spam protection strategy to filter out spam bots. Mailcoach recommends turning on the double opt-in for email lists that allow form subscription and using a honeypot to ensure only genuine users will make it to the email list.

Here is an example of a honeypot field added to a subscription form:

		<label for="email">Email</label>
		<input name="email" />
	<!-- Honeypot field (hidden from users) -->
	<div style="display: none;">
		<label for="honeypot">You cannot see this!</label>
		<input type="text" id="honeypot" name="honeypot" />
		<!-- The CSS "display: none;" style hides the field from regular users -->

	<button type="submit">Subscribe</button>

Ready to get started?