If you’ve verified the email address using our JavaScript snippet, you may wonder why you should bother to certify the address on the back end? It is completely optional, after all.

There are a few reasons why you might want to certify addresses. One is that most spam bots don’t process or execute JavaScript at all! So those form submissions might still make it to you, without being verified. 

Another can be that sometimes a user might disable JavaScript in their web browser for some reason. That would of course skip the verification step, which is invoked via JavaScript.

One simple thing you could try is to just check for the goodforms_checksum value - make sure it’s a non-zero-length string. That at least implies that the JavaScript has probably been run. But it’s not a guarantee.

Eventually, we expect spam bots to grow smarter, and be able to pass a false checksum along with their submissions. Once this starts happening, we’ll want to really Certify that a verification that’s been submitted to your back-end really was verified. This is where you would use Certification.

In conclusion, if you want to be really sure that any email address that is submitted to your form is guaranteed to have been verified by goodforms.com, then you’ll want to Certify the verification when it’s submitted.