Ways of Tackling Form Spam

Form spam is when unwanted and malicious messages come through websites’ form usually, without letting the users know about it.

Once you have developed an application, it is a matter of time before you tackle a spam bot. If you want to prevent form spam, you should make it more difficult for spam bots to make it through your form.

There are some ways you can reach out if you want to deal with spam messages and comments in your application.

Google reCAPTCHA

Captcha was a genius concept by Google. This program requires the user to recognize words by generating random letters before submitting the form. Nowadays, google has invisible reCaptcha which is an option.

reCAPTCHA is a free service that lets you protect your site from spam and abuse without any payment. It uses advanced risk analysis techniques to tell humans and bots apart.

To implement reCAPTCHA, use this link https://www.google.com/recaptcha/. Sign up if you’re new or just log in to the admin console. You’ll have two captcha options: reCAPTCHA v3 (Verify requests with a score) and reCAPTCHA v3 (Verify requests with a score) with allowed domain names.


If you find Google captcha uneasy or boring, honeypot is another method you can use. It is pretty easy to set up as well. It is used to catch spam bots by presenting hidden forms to spam bots only.

Honeypot works by tricking spam bots and trying to submit fake values into your form. Once bots fall into your honeypot trap, the bots will fill all fields including the honeypot. This includes other factors like the time it took to submit the form, which will trigger the anti-spam.

Furthermore, you can also access the information about the spammer/bot (i.e. their IP address) and use this to block and prevent further spam in the future.

Users can implement this feature themselves. Luckily, however, packages like Laravel-honeypot help to make it easier for you.


You can use the “page rules” setup of Cloudfare to URL with form submission down. This service does not work as well as others but it’s really easy to implement it.

I would only recommend it if you are already using Cloudflare.

Email Validation

Email Validation is another popular way of tackling spam. Normally, sign-up forms use this method to register new customers. You can verify if the email exists by making the user click the button to confirm registration.

This helps to separate bots and real users. There are various APIs on the internet regarding email validation. These APIs make the work easier and save a lot of time.

Asmit Nepali, a Full Stack Developer, holds a Software Engineering degree from Gandaki College of Engineering and Science. Proficient in PHP Laravel, Vue.js, MySQL, Tailwind, Figma, and Git, he possesses a robust technical skill set.

Leave a Comment