Search Engine Optimization is quickly becoming a key piece of creating a commanding web presence. Unfortunately, getting real people to come to your Website sometimes means that Spammers and Spamming Bots or Programs will also go to your website…and then bombard your posts section or inbox with all sorts of undesirable (and sometimes grotesque) messages.

If you have an HTML e-mail form on your Website’s contact page or elsewhere, there’s always the chance that you’ll be under threat of a Spam Attack when you least expect it.

There are several ways you could go about stopping spammers from using your HTML email form to send you spam, but there’s one in particular solution using PHP that I’ve found particularly effective. If your inbox is flooded with Spam Messages, you’ll notice that more often than not they’ll have HTML tags with links directing you to something absurd like Charm Bracelets or cheap prescription medications. Additionally, you’ll notice that legitimate e-mails that potential clients, customers or readers are sending you through your e-mail form usually NEVER contain any HTML tags of any kind.

Using this logic, I’ve found an easy way to prevent spam by checking the message body (or subject) for HTML tags of any kind. Real, genuine e-mailers never know the difference because 19 out of 20 times they either don’t have any knowledge of HTML or have absolutely no need to use HTML in a website’s contact form.

This is the function I use before processing form data and using the PHP mail() function:

function isSpam($email_message) {

    if (strlen($email_message) != strlen(strip_tags($email_message))) {
        return true;
    } else {
        return false;


What the function does is measure the length in characters of the original Email Message as provided by the user (or SpamBot) and then compare it to the length in characters of the Email Message without HTML tags. If the two are NOT equal, the function will return a “true” value, indicating that the message does have HTML tags and is probably spam. Therefore, you can set up your script so that if HTML tags are found in the e-mail message, it won’t send the actual e-mail message. This technique can also be used when visitors on your site attempt to post comments with spam related material in it.

There is the possibility that you run a coding blog or offer your users a rich text editor to send e-mails via HTML Email Form, in which case this solution WILL NOT work for you. It’s highly recommended from this author that you leave the HTML power in the hands of the programmers and let you clients send you e-mails in plain text to get their point across. If this is the case, you should probably create your spam filtering function to utilize PHP’s preg_match function to search the e-mail message for words like “pills” and “free trial” and whatnot. This technique may trigger false positives as well depending on your website and the content your users may try to e-mail you about.

For more information, questions or comments on this post, please e-mail us at We love feedback and want to hear what you have to say! Mission Bay Media is a small Ecommerce and Web Development Firm in beautiful San Diego, California. We’ve worked on projects in San Diego, La Jolla, Pacific Beach, Carlsbad, San Francisco, Los Angeles, Beverly Hills and New York City. To see examples of our Web Design and Development projects, check out our portfolio or Contact Us.