Honeypot
A hidden form field or email address used to catch spam bots and protect against automated abuse.
Definition
A honeypot is a security technique using hidden elements to detect automated bots. In email marketing, honeypots typically mean either: (1) hidden form fields invisible to humans but filled by bots, automatically flagging submissions as spam, or (2) honeypot email addresses (spam traps) planted to catch senders using scraped or purchased lists.
Why It Matters
Honeypots protect your signup forms from bot submissions that pollute your list with fake addresses. They also protect email senders - hitting honeypot spam trap addresses indicates list quality problems and damages sender reputation. Understanding both uses helps maintain list quality.
How It Works
For forms: A hidden field is added that users cannot see (via CSS). Humans leave it blank; bots fill every field. Submissions with the honeypot field filled are rejected as bot activity. For spam traps: Old or planted addresses catch senders using non-permission-based lists.
Example
Form honeypot implementation:
<form> <input type="email" name="email" required>
<!-- Honeypot field - hidden from users --> <div style="position: absolute; left: -5000px;"> <input type="text" name="website" tabindex="-1" autocomplete="off"> </div>
<button type="submit">Subscribe</button> </form>
Server logic: if (formData.website !== '') { // Bot detected - reject submission return; } // Process legitimate submission
Best Practices
- 1Add honeypot fields to all signup forms
- 2Use CSS hiding rather than type='hidden' (bots detect this)
- 3Name honeypot fields attractively to bots (website, url, phone2)
- 4Never purchase or scrape email lists (risks hitting spam trap honeypots)
- 5Monitor form submission patterns for bot activity