Getting quite a lot of spam from form

Hiya all, I’m using the F3 form with it’s in built honeypot. Now this isn’t a ctisicm or fault of Bootstrap or Foundry, just wondering if anyone has any suggestions to this… I’m getting quite a few emails everyday generated from my form, they haven’t got hold of my email address used for the form as the emails are all data fields of the form that get sent to me in the email. Just wondering if anybody has any views as to whether this is manually input by teams of people at some secret location on our globe or whether it could be cantankerous bots that have ‘learnt’ how to fill in a form and bypass the honeypot field? I realise there is little I can do about it, it’s not the end of the world I can skim through them all and realise which ones are spam at a glance, is there anything else I could maybe do? It is worth noting though that the level of spam is nowwhere near as bad as in the past compared to the email address being on the website (obviously) and also an obfuscated email address, which is good but only takes one person to manually add the legible version of the obfuscated email address to a mailing list. Anyway just thought I’d ask what people think, people or bots, any other layer of defence I could use? Thanks

Spam is a huge problem. Especially on contact forms. I’ve changed to Formsnap 3 with re-captcha 3, which has cut down on form farming, as Adam @elixirgraphics says his specialty is not forms. I’ve also found this article quite helpful on reducing bots that do content scraping. Block the Bots that Feed “AI” Models by Scraping Your Website – Neil Clarke


Thanks that is an interesting read, I’m used to rules in Robots.txt but didn’t realise there are now rules for AI scraping.

Unfortunately , yes. :cry:

1 Like

I was having this issues a lot with my form for signing up emails to my Sendy email list. I really started to dislike the use of google’s recaptcha service, always seems too tedious for the end user.

Luckily there are other alternatives to form security. Cloudflare came out with Turnstile, a captcha service. It’s free to use and you just signup and get a site key.

I also released a free stack Form Turnstile to put Turnstile into any framework form. I’d give that a try and see if it helps.

I was able to completely remove all spam from my forms this way.

1 Like

That’s great, thanks for that, I will certainly check all that out. I agree fully with the Google ReCaptcha, it is off putting for users, I would rather ‘suffer’ spam that put off potential real users of my form, I do like the homeypot approach of the Bootstrap/Foundry forms, it’s just if there is something a little bit more I can do with this. As I say thanks again so much for those suggestions I’ll check them out.

1 Like

I’ve added a ‘key word’ to my forms a while back, and the flood of spam stopped:

Capto_Capture 2024-02-29_17-57-21_

The text mentions which word the visitor needs to put in the field - any other value in the field will stop the form being sent.



I must have had super bots, my email form, they would learn the challenge in 2 days, and even get past the honey pot.

Who writes a bot to fill email lists with random emails anyways? Who benefits from that?

Happy bot fighting!

1 Like

Thanks Erwin, that is very good idea indeed, can’t believe I didn’t think of that with the existing setup, very helpful, thanks. I’ll add that and see what happens, it will be interesting to see how that turns out, whether it is humans or bots. It could be regularly changed also.

That’s exactly what I’m thinking, why send me these emails from my form, they have absolutely nothing to gain from them :grinning: