Both suggestions seem good ways of preventing spam bots, but in the UK now all websites need to be accessible by law so this does raise some problems. Although Sandra's option is accessible I'm not keen on human maintenance side of it.
How do spam bots work? I'm guessing they work like search engines looking for new pages & forms within these pages. Then parse out all of the fields and then submit to the action page directly rather than actually filling out the form. Is that right? If that's the case can it not be checked that the form was actually submitted from within the site? Also is there a spam bot & a submit bot? Is there some time lapse between the two, enough perhaps to check for encrypted time from load to submit. i.e. if the form isn't submitted within 30 minutes of loading then don't accept it and make the user resubmit? Lastly, I haven't used this but would the scriptProtect function in Application.cfc have any relevance here? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:260305 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
