This project is not covered by Drupal’s security advisory policy.

Gotcha is sort of a take off on "captcha." The idea was first mentioned on as a possible way to trick spam bots who try to use the Drupal contact form. I don't particulary like the extra step humans are required to perform in these "verification" methods, and some just don't work.

The idea is simple: Basically you place a bogus input field on a contact form, and use CSS to not display it. On submission you check for a value. If there is a value entered, then that means a non-human has been blanketing form fields, and the form post can be ignored as spam. The spam bot will probably never know.

Gotcha adds a field labeled "Subject" at the top of the contact form. It uses a "div" tag to render the field as "display: none" so human users shouldn't see it, and won't enter any data there. Hopefully, the suspected spam bot will see "Subject" and be enticed to enter something there. There is descriptive text to encourage a human (whose browser might be set to display it anyway) to ignore this field.

Gotcha intercepts the contact form submission and checks the hidden field. If something is there, Gotcha simply returns to the front page and ignores the message. The attempt is logged, along with the submitter's IP address, and the suspect message is saved in the database. If the field is empty, then the message is passed on through to the contact module for normal processing.

Unfortunately, most of the spam was still getting through. And most of that was a bunch of links to drugs or porn. From exerience, I knew that the Spam module was already good at dealing with this in comments. After browsing that module, I found that I could "hook" into its filters and use them to identify spam.

All of my spam emails stopped immediately!

Only local images are allowed.


With the delays in Spam 3 and the introduction of Mollom, I am soliciting comments as to whether or not to continue this module. Please post those comments in the "D6" issue.

Required Modules

The Gotcha module requires the core Contact module and the contributed Spam module (which you can also use to limit comment spamming).


Normal module installation procedures.


I run the translation extractor when I update the module, so if someone wants to provide translations, the template is available. Please open a feature request with the translation (.po) module.


Since Jeremy is actively developing V3 of the Spam module and adding more form filtering, I am postponing nearly all issues. V3 may even so grossly change things that Gotcha might become unnecessary.

Project information