Personal SPAM is one thing. Business SPAM, coming from your online forms, is another. It is best to understand the problem before attempting to implement a solution. Generally, I classify form SPAM into 1 of 2 categories:

1. Form hijacking attempts
2. Automated scripts

Strategies to tackle both types rely on tightening form validation and security. Hijacking attempts are much more of serious problem, because the attack is trying to use your form and mail server to send out SPAM to hundreds or thousands of other people. Identifying hijacking attempts can sometimes be tricky, but if you see a lot of bounced back SPAM originating FROM your servers, you should definately start investigating.

Here are some things you can to do to curb your form SPAM issues:

1. Enforce tight server side validation - Javascript validation is lazy and useless. Most of these attempts come from automated scripts that won’t ever hit your javascript.
   1. Make sure form values don’t include email header data
   2. Validate form data based on type and strip out HTML code
   3. Limit the number of characters to something reasonable
   4. Check for certain words, phrases, or code that might lead you to believe its SPAM
   5. Never pass critical mailing data as hidden fields (such as the mail to address)
2. Use CAPATCHA - makes the submitter enter in some words, letters or numbers in an image before submitting the form. This ensures that the form is being submitted by an actual person and not an automated script.
3. Validate user sessions - for each visitor, create a unique session. Store a random and unique value on the server. Include that value as a hidden fields on the form, and validate it against the value stored on the server. If it is an automated script completing the form, that value will most likely be wrong.
4. Log IP addresses - chances are that someone at an IP is not going to submit your form multiple times over a short period of time. Keep track of this and use some validation to restrict and detect.

Tightening your validation is the most critical step in stopping form SPAM. If you have a vulnerability in your form, adding CAPATCHA won’t stop someone from exploiting it. Post your form if you want us to run some checks.

SitePoint has a great article entitled Web Site Optimization: 13 Simple Steps detailing some great ways to improve the performance of your site.

Inspired by Yahoo’s best practices for speeding up your website, the article details some more practical details for the average website as well as greater detail on implementing the changes.

To analyze your sites performance, get Yahoo’s FireFox/FireBug plugin YSlow.

In a nutshell, here are some of the best tips in the article:

1. Decrease file sizes - writing efficient HTML, CSS and Javascript will help to reduce file size, page load times, and often times SEO efforts
2. Optimize external files, such as CSS and Javascript - Combine multiple style sheets or Javascript files into one
3. Compress your HTML, CSS and Javascript - use Apache’s gzip/deflate to server compressed version of your pages to compatible browsers

One of the most critical steps in building a website that is often overlooked is quality assurance. It is critical to make sure that your web pages render properly in different browsers across different platforms. Understanding your target audience can assist you in determining if testing for more obscure platforms and browsers is necessary, but as a general rule of thumb, it is important to test the most commonly used browsers. After the top 5, the usage significantly drops off. According to W3 Counter, these are:

Each browser annoyingly has its own nuances. There are host of services out there to help you test. Smashing Magazine has an excellent write up on these different services. I have used BrowserCam in the past, and it is very good. It lets you pick and choose which platforms and browser versions to test and then captures screen shots for you.

Does anyone have any experience with these other services?

Mashable has a great posting featuring 120+ web development resources.

As we make it through the list, we’ll highlight of our favorites and others to check out.