How Form Armor Works

How Form Armor Works

"So Form Armor stops spam and abuse on my Web site forms without CAPTCHA." But you're also wondering, "How does it really work?"

Form Armor stops Web form spam and abuse in a way that's somewhat similar to how you might process credit card payments online. In case you're not familiar with this, I'll give you the quick 3-step explanation. (If you already know how payment processing works, skip ahead to Identifying Spam with Form Armor.)

  1. When your customer submits an order online, her credit card data is sent through a payment gateway (special software) and your Web server waits for a response from the merchant bank.
  2. The merchant bank responds back immediately through the gateway to say the transaction is accepted, declined, failed an address match, or any number of other responses.
  3. Your Web server uses that response to act on the order – whether it's adding details to your database for fulfillment, sending a notice to your staff, or sending an email receipt to your customer.

All this happens in milliseconds (and it's actually a little more complicated) but as far as your user is concerned, the whole process is invisible and filling out that order form seems pretty near instant.

Identifying Spam with Form Armor

Form Armor blocks spam on your Web site forms by handling data in a way that's similar to how a merchant processor reviews and responds to payment transactions. Unlike a merchant bank though, we have a very small list of response codes: everything's either "good" (a valid entry) or "bad" (that includes spam, malicious attacks and other kinds of form abuse).

  1. When your user completes a form on your Web site, his form data and browser details are sent through the Form Armor Web service for analysis.
  2. Form Armor responds back immediately to say the submission is either "good" or "bad" based on our latest research and the current tactics for form spam and abuse.
  3. If it's the good stuff, valid form results are posted back to your database, sent to your staff in an email, processed by your own Web site or application, or handled however you want to handle your now non-spammy data. (Some of those options depend on whether you're using a simple HTML setup or one of our APIs. Either way, you get to choose.)

When Form Armor identifies an entry as spam or abuse, that data gets added to our research database and you never have to see it (unless you're into that kind of thing).

All this happens in milliseconds. As far as your user is concerned, the inner workings of how you block form spam and abuse remain invisible and submitting a form seems pretty near instant. Your forms can look like regular forms again.

You'll Notice This Happens Without CAPTCHA

One missing item from the Form Armor process is CAPTCHA. (That's the whole reason why we invented Form Armor in the first place.)

CAPTCHAs are simple tests designed to tell computers and humans apart. Even though CAPTCHA doesn't work for stopping Web form abuse and spam, you'll still see many forms with squiggly letters or words that must be deciphered correctly before you're "allowed" to submit a form.

Form Armor uses none of that crazy stuff.

Instead of asking your customer to sacrifice her time (and patience), we've put all the spam detection and processing details behind the scenes where it belongs.

What Happens to Your Data

The most common question we hear is "What happens to my form data?" That answer's pretty simple: you (and only you) keep the valid entries, and we keep the spam entries for research, analysis and to improve the Form Armor service.

Form Armor handles all of your Web form submissions in real-time. That means our staff never sees any of your form data – unless (and not until) it's been identified as spam or abuse and included in our research database.

For every form submission we keep a few tracking details – like the date and time, and the IP address – but the data that your user enters before clicking submit, that stays with you.

The Benefits of Research

We've been figuring out how to block Web form spam without CAPTCHA since 2002, and every day we review piles of new data about form spam and abuse. (It's a quirky little niche, but we've gotten good at it.)

Since we collect and review data across our entire subscriber base and from a variety of Web sites and industries, when spammers develop new tactics we're able to identify and respond to those threats quickly.

Often when we identify a new spam tactic used on one form, we'll have developed counter-measures and have updates in place before that same tactic is even attempted on most other subscribers' forms.

How to Stop Spam on Your Web Site Forms

Now that you know how to stop spam and abuse on your Web site forms with Form Armor, we'd like to invite you to sign up for a free trial and see how it works first-hand.

We offer a 100% satisfaction guarantee so if you're not happy for any reason, just let us know within your first 60 days and we'll promptly give you a refund.

No obligation. No hassle. You've got nothing to lose except spam.

If you still have questions about Form Armor, you can read our FAQs or contact us and we'll be glad to respond personally.