technical question about spam bot filling out contact form

my site has been getting hundreds of spam messages through its contact form. These are the typical spam sent by bots, like "cheap oakley glasses buy cheap glasses online. have you ever wondered where to buy cheap oakley glasses online?"

my contact form has a phone number field, and upon looking at hundreds of these messages, I noticed they all have something in common: the phone number field is filled out with a url. so using php regex, I banned letters in the phone number field. only numbers and dashes are allowed, no letters.

if someone enters anything that doesn't look like a phone number and presses submit, the form will give an error, saying "your phone number does not seem to be valid. only numbers and dashes are allowed"

Now, here comes the question. is this a permanent solution? or will the bots somehow "learn" what is allowed in that field, and start filling it out with numbers?

The bots will hardly learn from it. You have to understand that most bots work by the method "take it or leave it", meaning that if 1 out of 10000000 sites has that kind of validation, it's just one off from that list.

Now, it's possible that they will get coded again taking in mind that validation, but I would bet against it.

If you're using wordpress, there are a handful of plugins that let you use captchas to avoid this problem.

Unless you have a large site and somebody modifies their bot to work with your new form, you should be fine.

I'd also add the + sign to your allowed list, as that's used in international phone numbers