If you enable it, we’ll check the form submissions against millions of other similar spam comments and flag things appropriately. If we miss one, you can manually mark it as spam and we’ll use that in future detections. It might take a couple of samples before we’re all trained up, but this has been an effective solution for us.
Letting us know which specific fields contain an email and which field contains a message or other user typed content can help us, but we’ll check all the data that’s being sent over even if you just let us take our best guess.
See the Form Settings->Spam tab for details.
You can have the server check the values send to us. Rules like ‘if email is blank mark as spam’ are simple to setup.
Or you can check for specific values or ip addresses if you’ve got a specific spammer hitting you.
See the Form Settings->Field Rules tab for details.
Additionally, you have the option to integrate Googles reCAPTCHA solution into your forms. You’ll need to create a key on Google’s site and then enter the information in our system for us to validate the responses.
We’re looking for a form input named ‘g-recaptcha-response’ which is the default for the normal reCAPTCHA ui. If you’re using the hidden reCAPTCHA then you’ll want to set the response token to a hidden field of that name so we can process it on the server side.
In the past the idea of a honey field was popular, this is a hidden field that a normal user wouldn’t see but a spam bot would fill in and we could guess that the submission was spam. Over time this has become a less reliable indicator and we generally don’t recommend it, but you can get the field name specific to your form from the Form Settings->Spam page.
See the Form Settings->Spam tab for details.
One last approach we’ve seen be successful relies on observation that the spam bots do not run the javascript on your pages. So set a form field to XXXX and using javascript set it to a randomized value (something that will be unique each time). Then use the Detect spam by validating data sent to FormKeep feature setting the validation to unique. If the javascript doesn’t run, then the value will always be XXXX and it will be marked as spam.
Most people use the Detect spam by validating data sent to FormKeep feature to only accept form submissions from an email once, but it’s handy in this case as well.
We’ve seen all kinds of spam and we’ve built many layers of defense over the years to help protect you from unwanted data. Occasionally, a persistent spammer might slip through our radar. If that happens, please reach out to us and we’ll take care of it personally.
See the Form Settings->Field Validation for details.
<!-- following the v3 instructions https://developers.google.com/recaptcha/docs/v3
1. create an reCAPTCHA_site_key key for version 3 of reCaptcha
2. copy the script sections into the <head> of your page
3. replace the reCAPTCHA_site_key with the actual value from the google site
4. Update your Spam Settings on your formkeep.com form to include the reCAPTCHA Secret Key and reCAPTCHA Domain
5. replace 'exampletoken' with your actual form token
6. add the hidden input field id="g-recaptcha-response" to your real form
-->
<html>
<head>
<script src="https://www.google.com/recaptcha/api.js?render=reCAPTCHA_site_key"></script>
<script>
grecaptcha.ready(function() {
// the action: value doesn't matter, it's just a string (see the docs)
grecaptcha.execute('reCAPTCHA_site_key', {action: 'contact_form'})
.then(function(token) {
// this is the important part, store the token so it gets sent back to us
document.getElementById('g-recaptcha-response').value = token;
});
});
</script>
</head>
<!-- set your formkeep form token in the action='' here -->
<form accept-charset="UTF-8" action="https://formkeep.com/f/exampletoken" method="POST">
<input type="hidden" name="utf8" value="✓">
<label for="email-address">Email Address</label>
<input type="text" id="email-address" name="email">
<!-- also important is to include the hidden element with the id
(so it can be found by the js above, and name so formkeep can see it -->
<input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">
<button type="submit">Submit</button>
</form>
</html>
