Spam submissions on SiteNow Webforms can be a nuisance, but with the right strategies and configurations, you can effectively minimize or eliminate them altogether. In this guide, we'll explore various techniques and best practices to combat spam submissions and protect your website.

Default protections

It's important to note that Honeypot and Antibot functionalities are already enabled and actively covering all webforms by default. These robust tools work seamlessly in the background to limit spam submissions across the board. With Honeypot's invisible captcha and Antibot's bot-detection capabilities in place, our webforms are fortified against automated spam attempts, providing a strong first line of defense against unwanted submissions.

CAPTCHA

To extend that protection, we now offer different CAPTCHA strategies that can be added by webmasters on a per-form basis. When editing a webform, you will find a CAPTCHA type dropdown with the following options.

Default Challenge / Math

Both of these options present the user with a simple math equation to solve. They function the same way and use similar form inputs to support keyboard navigation. For most websites, this is the recommended starting point.

Cloudflare Turnstile

An invisible (non-interactive) widget for visitors that leverages Cloudflare's bot-detection technology. Visit Cloudflare's website to learn more.

Note: Websites using the *.uiowa.edu domain are automatically supported. If your website uses a non-uiowa.edu domain, please contact us so we can allowlist your domain in the Cloudflare settings before using this option.

Unique values, min/max limits

Configure your webform settings to ensure that certain fields, such as email addresses, only accept unique values per submission. This prevents users from submitting multiple entries with the same email address.

Set minimum and/or maximum character/word limits for text areas to prevent spammy submissions that contain excessive or insufficient content.

Limit file upload element usage

While the file upload element is available for forms, these are often a target for spam bots attempting to upload a file that can either cause issues on the server or that is publicly available in order to establish search engine results. SiteNow already limits what types of files can be uploaded to our servers and sends them to a private directory that cannot be indexed by search engines. While these protections are in-place spambots might still make the attempt to cause havoc.

Monitor website activity

Make sure you set a site email address and configure your webforms with an email handler that notifies you of recent submissions. This can help identify patterns or let you be proactive in implementing additional protections.

Final word

In addition to all of these strategies, we are committed to continually evaluating new tools and strategies to enhance our spam protection measures while ensuring that our webforms remain accessible to human visitors. By staying proactive and adaptive, we aim to maintain a secure and user-friendly experience for all users interacting with our website forms.