We use a variety of different techniques to reduce and protect your forms from spam.

If you enable it, we'll check the form submissions against millions of other similar spam comments and flag things appropriately. If we miss one, you can manually mark it as spam and we'll use that in future detections. It might take a couple of samples before we're all trained up, but this has been an effective solution for us.

Additionally, you have the option to integrate Googles reCAPTCHA solution into your forms. You'll need to create a key on Google's site and then enter the information in our system for us to validate the responses. 

We're looking for a form input named 'g-recaptcha-response' which is the default for the normal reCAPTCHA ui. If you're using the hidden reCAPTCHA then you'll want to set the response token to a hidden field of that name so we can process it on the server side.

In the past the idea of a honey field was popular, this is a hidden field that a normal user wouldn't see but a spam bot would fill in and we could guess that the submission was spam. Over time this has become a less reliable indicator and we generally don't recommend it. If you feel strongly about enabling it, please reach out to support and we can share the details around implementing it in your form.

We've seen all kinds of spam and we've built many layers of defense over the years to help protect you from unwanted data. Occasionally, a persistent spammer might slip through our radar.  If that happens, please reach out to us and we'll take care of it personally.

Below is a short sample of HTML / JS to enable Google's reCaptcha v3

<!-- following the v3 instructions https://developers.google.com/recaptcha/docs/v3

    1. create an reCAPTCHA_site_key key for version 3 of reCaptcha
    2. copy the script sections into the <head> of your page
    3. replace the reCAPTCHA_site_key with the actual value from the google site
    4. Update your Spam Settings on your formkeep.com form to include the reCAPTCHA Secret Key and reCAPTCHA Domain
    5. replace 'exampletoken' with your actual form token
    6. add the hidden input field id="g-recaptcha-response" to your real form

<script src="https://www.google.com/recaptcha/api.js?render=reCAPTCHA_site_key"></script>
grecaptcha.ready(function() {
    // the action: value doesn't matter, it's just a string (see the docs)
    grecaptcha.execute('reCAPTCHA_site_key', {action: 'contact_form'})
    .then(function(token) {
        // this is the important part, store the token so it gets sent back to us
        document.getElementById('g-recaptcha-response').value = token;

<!-- set your formkeep form token in the action='' here -->
<form accept-charset="UTF-8" action="https://formkeep.com/f/exampletoken" method="POST">
  <input type="hidden" name="utf8" value="✓">
  <label for="email-address">Email Address</label>
  <input type="text" id="email-address" name="email">
  <!-- also important is to include the hidden element with the id
    (so it can be found by the js above, and name so formkeep can see it -->
  <input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">
  <button type="submit">Submit</button>
Did this answer your question?