Super Secure Contact Form

Why I Built This

When I first added a contact form to my website, I thought it would be simple. Just a few input fields and done, right? Wrong!

Within days, I started getting flooded with spam, bot attacks, and fake submissions. Messages about winning lotteries, viagra ads, and random gibberish. I realized I needed to build something much smarter.

So I decided to create a contact form with 10 layers of security—something so tough that spammers would give up immediately.

The Problem with Simple Contact Forms

Most contact forms on the internet are sitting ducks for attackers:

• 🤖 Bots can submit fake messages automatically
• 📧 Spammers send bulk emails through your contact form
• 💥 Hackers try to inject malicious code
• ⏰ Attackers can flood your inbox in seconds

I needed a different approach.

My Solution: 10 Layers of Security

1. Cloudflare Turnstile

Instead of annoying CAPTCHAs asking you to read distorted text, I use Cloudflare Turnstile. It works silently in the background—you won’t even notice it’s there. It catches bots before they even submit.

2. Invisible Honeypot

I added a hidden field that only bots would try to fill. Real users can’t see it, but if it gets filled? Instant rejection. Bots always fill every field they find.

3. Email Validation

Every email gets checked to make sure it’s actually a real email format. No fake addresses slip through.

4. Message Length Limits

I set reasonable limits on how long each message can be. Your name can’t be 500 characters long. Your message can’t be a book. This blocks spam and weird attacks.

5. Spam Keyword Blocking

The form automatically scans for common spam words like “viagra,” “casino,” “buy now,” and sketchy URL shorteners. If it finds any, the message gets blocked silently.

6. Rate Limiting

Users can only submit one message every 60 seconds from their IP address. This stops bots from flooding my inbox with hundreds of messages per second.

7. CORS Protection

The form only accepts requests from my actual website. Random scripts trying to use the form from other sites get blocked immediately.

8. Input Cleaning

Everything gets trimmed and cleaned before processing. Extra spaces, special characters, and potential injection attempts are removed.

9. Required Fields

Your name, email, subject, and message all have to be filled in. No sneaky empty submissions.

10. Secure Delivery

Your message isn’t stored in a database. It gets sent directly to my Telegram, so there’s no data sitting around waiting to be hacked.

The Real-World Impact

After implementing all this, my spam dropped from 85% down to almost 0%. Now when I get a message through my contact form, I can be confident it’s real.

Try It Yourself

Want to see how it works? Visit my website and try the contact form:

🌐 Check it out at https://nipunsgeeth.top/#contact

🌐 Code : https://github.com/NipunSGeeTH/contact-form-with-high-security-features

The form is fast, smooth, and just works. You won’t feel like you’re fighting against security checks—it all happens invisibly.

The Tech Behind It

• Frontend: Next.js, React, Tailwind CSS
• Backend: Cloudflare Workers (serverless)
• Bot Protection: Cloudflare Turnstile
• Message Delivery: Telegram Bot API

Everything is modern, fast, and secure.

Lessons Learned

Building this taught me that security doesn’t have to be annoying. Good security should be invisible to the user while being brutal to attackers. It’s all about thinking like a hacker and then building walls they can’t climb.

If you’re building a contact form for your website, don’t use a basic one. Spam is only getting worse, and you owe it to yourself to protect your inbox.

---

Have questions about the form? Feel free to use it to reach out! 😊