Spam Protection
Overview
The Form Platform includes multiple layers of spam protection to prevent abuse.
Protection Methods
1. Honeypot Fields
How It Works:
Hidden field added to form
Bots often fill hidden fields
Immediate rejection if filled
Configuration:
{
"spamProtection": {
"honeypot": {
"enabled": true,
"fieldName": "website"
}
}
}2. reCAPTCHA
How It Works:
Google reCAPTCHA integration
Score-based validation
Configurable threshold
Configuration:
{
"spamProtection": {
"recaptcha": {
"enabled": true,
"siteKey": "your-site-key",
"threshold": 0.5
}
}
}3. Custom Rules
How It Works:
Field-based spam detection
IP-based rules
Email domain rules
Regex patterns
Configuration:
{
"spamProtection": {
"customRules": [
{
"field": "email",
"operator": "regex",
"value": ".*@spam\\.com$",
"action": "reject"
}
]
}
}Spam Detection Flow
Processing Steps
Honeypot Check: Check if honeypot field filled
reCAPTCHA Verification: Validate reCAPTCHA token
Custom Rules: Evaluate custom spam rules
Heuristics: Basic spam heuristics
Action: Accept, reject, flag, or quarantine
Spam Score
0-30: Likely legitimate
30-70: Suspicious
70-100: Likely spam
Actions
accept: Allow submission
reject: Block submission
flag: Mark as spam but allow
quarantine: Hold for review
Rate Limiting
IP-Based Limiting
Rate limits by IP address
Prevents rapid-fire submissions
Configurable thresholds
User-Based Limiting
Rate limits by user
Prevents account abuse
Quota enforcement
Best Practices
Configuration
Enable honeypot for all forms
Use reCAPTCHA for public forms
Configure custom rules for known spam patterns
Monitor spam detection rates
Monitoring
Track spam detection metrics
Review flagged submissions
Adjust thresholds based on results
Update custom rules regularly
Next Steps
API Reference - Submission processing
Security - Security best practices
Last updated