How does the honeypot work part II

I understand the principle of the honeypot but how does it actually work? For example, when a ‘bot’ fills in the hidden form, does this prevent it from being sent at all, or is the completed form flagged in some so that your own email filter will pick it up more easily? Or is it something else?



It is a basic sort of “if this, then that” logic. If the hidden field(s) are filled out the form is not sent by the server.

I would have no way of doing that, that I know of.

So it’s the web server that stops the form from being submitted?

It isn’t that something stops it from being sent, it is simply that the form never sends in the first place.

When the form is submitted the page reloads. In the process of reloading the PHP that processes the form looks over its contents. It checks to make sure required fields are filled out, and all that jazz. During this time it also checks to see if the hidden honeypot field(s) are filled in or not. If they are the form data is not sent – very much like if you as a human had forgotten to fill in a required field.

So it isn’t that something stops it from being sent, it just isn’t sent at all. Hopefully that all makes sense.

1 Like

Yes, that’s great. For simplicity’s sake, that’s the equivalent of ‘stopping it’ because it amounts to the same thing. I’m building a site for a client who has had problems with spam in the past and I need to reassure them that the form has robust safeguards. This plus the human test should do the trick. Thanks.

Hopefully so. I’m sure that bots get smarter and trickier every day.

1 Like