Getting Spam Submissions: How to avoid spam?

  • Profile Image
    Asked on November 30, 2018 at 09:56 AM

    One of my forms receives 2 spam messages every day. I am tired of it.

    I have noticed all spam messages contain a link. So is it possible for me to blacklist certain characters, like http and www

    this way if the message contains such characters, it doesn't get submitted?

  • Profile Image
    Answered on November 30, 2018 at 11:55 AM


    We're sorry for the inconvenience you have.

    Unfortunately, are really hard to stop! Sometimes, they use automated scripts in order to replicate certain action- replicating the actual submission. They can also use some tools, in order to have a list of proxy servers to constantly change their IPs. Even, sometimes, they can use VPN, to re-route their connection, that has a goal to hide their original IP address from where the actual first-byte is sent from.

    First of all, as I have checked some of your forms on your account, and I have noticed that you do not use any captcha or reCaptcha to avoid spams.

    - I recommend you to add a captcha to your form as you can see the following document: 

    - In order to add Google Recaptcha Widget to your form as you find it at the following link: 

    Besides, what you can do additionally, is, you can use is a drawing captcha: Please follow the link: Drawing captcha is much harder to bypass, although the Google reCaptcha should already be enough. 

    Also, what you can use is getting the email verified. In this way, it would be an additional step for a spammer. First, they'll need to enter a valid email address, then make an actual verification of it using the link inside of the e-mail HTML body.

    - Here are some of the e-mail validation/ verified widgets that you can use in this case:

    Furthermore, one of the scenarios is where the website page where the form is embedded is the one that is used for spamming.
    - Was your form embedded on your website page using the form's full source code? If you have used the full source code, and it was not properly secured on the website page, then the spammers might have found a gateway(security hole), or a bug that they are using for sending spam mail( submissions).

    If this is not the case, then spammers are just either doing an automated way of spamming, running some kind of API script, or they are manually doing it. Either way, the email validation/verifier should slow and stop them eventually. 

    What I would also advise you is to set Unique Submission on your from which is being spammed. In order t do this, please follow the following guide on this link:

    For more help, we would require you to send us your form ID and the URL of the website where you might have inserted the form.

    I hope this helps!

    If the problem persists, or if you have questions related to this or to any other issue, please do not hesitate to contact us.

  • Profile Image
    Answered on January 13, 2019 at 11:08 AM


    There is no way to blacklist certain characters? If I could just blacklist any message that contains http all the spam would stop.

  • Profile Image
    Answered on January 13, 2019 at 01:12 PM

    You may add a condition to hide the form submit button when the message field contains the http value.

    Unfortunately, it might not stop the unsolicited submissions in case they use some automation tools to submit the entries.

    I am escalating your report to our developers. We actually have a spam filter, so I hope we will be able to help.

  • Profile Image
    Answered on April 01, 2019 at 05:56 AM

    Hello SlipFall,

    Did you received same keywords in spam submissions?

    Our system is calculating keywords usage and possible spam valuation. If you can provide specific keyword(s) we can inspect and block these keyword.