Spam protection

In order to further prevent the abuse of spamming your forms, provides you with several features and settings options. Of course, you can use several of these techniques at the same time, but we recommend using at least one method.

Spam filter

Our in-house spam filter automatically detects junk submissions and sorts them out into the spam folder. For new forms, this filter function is activated by default. You can turn the filter on and off at any time in your form's spam settings.

The filter works fully automatically and becomes increasingly more reliable over time as a result of its machine learning capabilities. In this process, the form submissions are analyzed by the filter and classified as either valid or as spam based on previous knowledge about known junk submissions.

Submissions that are recognized as spam are not deleted but moved to the spam folder. There you can view these submissions and move them back to the inbox if necessary.


The captcha function prevents automated form submissions from so-called bots. Bots are computer programs that independently submit web forms and are used to send masses of spam mails.

To reliably prevent this, you can activate the Captcha function. This means that your form will not be sent until the user has successfully completed the captcha task.


To provide this captcha function, we use the service hCaptcha. Only necessary and no personal data is transmitted to the provider. For more information, please see our Privacy policy.

Domain restriction

If you enter domain names, the sending process checks whether the form was sent from a website with an enabled domain. If it is a different domain, the submission will be placed in the spam folder. If the sender's address (referer) cannot be determined, for example because the transmission is suppressed by the browser or an anti-virus program, the submission is accepted and ends up in the inbox.


Honeypot means a hidden input field in your form. If this field is submitted with content, it is a clear indication that the form was sent by a bot (computer program) and not by a regular site visitor. In this case, the submission of will be placed in the spam folder.

If you want to use this method to avoid spam, enter what the field name of your honeypot field is in the form settings. By default, the field name _gotcha is used here. But you can also use any other name if you enter it in the form spam settings.

HTML code of the honeypot field for your form:

<input type="text" name="_gotcha" value="" style="display:none;">

Email address validation

When this function is activated, the e-mail addresses entered by the user in the form are checked for technical accessibility. Addresses for which no mailbox is available will be identified as invalid and thus the submission will be recognized as spam. This check is carried out by our partner ZeroBounce.

In order for the input field for the check to be recognized, it must be named with one of the following names: email, e-mail, e-mail-address, e-mail-address, email address, e-mail address, e-mail address, courriel, Электронная почта.