Is there a way to record the time when the contact.asp form is loaded and when the form is submitted and calculate the difference in time between the two, and if the time difference is below a user defined amount (say 5 seconds), then the form would not be sent? I've been reading about implimenting some form of CAPTCHA functionality or some other alternative in an effort to eliminate as much spam as possible.

Thanks in advance.

You would need to add ASP code to create a hidden form field. Set the value to the vbscript TIME function. When the form is submitted, add ASP code to compare the current TIME against the value of the hidden time field in the form. If they are less than 5 seconds, then do whatever you want to stop spam.

You could also use code similar to the advanced security features built into product cart where logins require the user to enter a code matching a graphic that is displayed.

Thanks Netprofits. The reason I even started thinking about this is that I began to think about the potential benefits of having something like what PC uses when people log into these forums, in an effort to stop unwanted information requests from being sent to our customer service department. Since we offer people a complimentary item if they request it using a form similar to the contact.asp page, I wanted to make sure that it was going to go to an actual person, not some non-existant entity.  So I checked out the PC forum login page source code and saw that PC uses Web Wiz Guide CAPTCHA http://www.webwizguide.com/webwizcaptcha/ - http://www.webwizguide.com/webwizcaptcha/  and since I have no experience in this decided to start researching it online. There seems to be a lot of debate regarding using methods like CAPTCHA and that it can be problematic for people without excellent eyesight. One method I came across was the method of disallowing forms from being sent if the time difference between the loading and submitting of the form was too quick. Obviously it would take a person more than a few second to properly complete the form with the required information, and by setting a time constraint for form sumtittal would eliminate potential automated spammers since most of them complete forms within a second or two (from what I read online). Since I'm not a programmer I'm just going to have to poke around until I can get something working where the user doesn't even know it's happening, or just resort to using something like the CAPTCHA method.

Thanks again for pointing me in the right direction.

I have implemented V2 of webwizcaptcha on several forms.  The reduction, or I should say virtual elimination of spam being posted to those forms was frankly a relief.  Their code appears to be very solid and I was able to integrate it into a variety of forms handlers without significant difficulty. 

Greg,

After thinking about if for a while I think I'm just going to go with the captcha way. Would you be kind enough to help impliment this into the PC forms? I'm not exactly sure what the form handler is and how to tell it that if the code entered is incorrect, then what do you do?

Thanks in advance.

well, to be brief, there is a requirement for a bit of logic that tests the entry against the displayed characters.  If they match, you allow the e-mail to be sent.  If they do not match, you display an error and offer a link that takes you back to the entry form.

It is implemented here: http://www.greybearddesign.com/contact.asp - http://www.greybearddesign.com/contact.asp

The form handler is the script that reads the content of the form and ships it off in an e-mail.  Such a script is the target of the above page.

I have not yet installed this code on the ProductCart contact page but I don't expect it to be difficult.  If you'd like this done, please e-mail me directly. 

On edit, I became curious and went in to poke around the contact.asp page, and ended up implementing it.  Details here: http://www.greybearddesign.com/productcart/contact-captcha/ - http://www.greybearddesign.com/productcart/contact-captcha/

EDIT...Note to future readers: this message was submitted prior to looking at Greg's solution. Read my response after this one for more current information.

Thanks again Greg. I downloaded the free version just to try it out and I was able to place the form where I wanted in the Contact.asp file, as well as add a few new items to the languages.asp file for a title and description of the captcha. The problem I have now is that I tried to add the validation part of the code into sendmail.asp (the file that I think is the form handler) but I get a Microsoft VBScript compilation error, which turns out to be an issue with PC since I think the Contact.asp "submit" button is submitting to the same page that the captcha image is displayed on. There was a post on the Web Wiz forum about this issue, but not specifically relating to PC. If I understand how the Contact.asp page works; when the form is filled out and the "submit" button is clicked, the form fields are checked to make sure they're completed and if they are, the information in those fields are passed to the sendmail.asp file for e-mail submission, at the same time the PC Contact.asp page is reloading and displaying the "your message has been sent" message. All this programming code is a foreign language to me but I'll keep trying to decipher it. If anyone has successfully implemented the Web Wiz captcha system into PC, please lend some assistance. I greatly appreciate it.

Just an update,

After looking at how elegantly Greg implemented the Web Wiz CAPTCHA system (and fast I might add), and not being a programmer myself, I went ahead and purchased his solution. All I can say is that the documentation was very easy to understand and the implementation was flawless. I don't think it took more than 5 - 10 minutes and we were good to go. I would definitely recommend this solution to others looking for a way to eliminate unwanted form submissions as much as possible. Good job Greg. Thanks again for all your help and speedy replies to my questions.