Webflow Forms

Minimizing Form Submission SPAM

Overview
Webflow Forms Basics
001
Webflow Forms Limitations & Bugs
002
Basic Form Controls
Form Select
051
Form Textarea
052
Customizing Input Controls
Customizing Radio Buttons & Checkboxes
101
Input Number & Decimal Places
102
Numeric Range Sliders
102
Multi-Select Dropdown
104
Auto-Size Textareas
110
Date Pickers
111
Forms Validation
Forms Validation Basics
200
Input Types
201
Using Regex Patterns in Forms Validation
202
Validating Phone Numbers
202
Custom Validation Errors
203
Custom JS Validation
204
Forms Validation Techniques
Validating Emails
301
Blocking Free Email Provider Addresses
302
Requiring Checkboxes
302
Address Autocomplete
302
Autocomplete / Predictive Input
302
International Phone Numbers
6:50
304
Databinding
Databinding CMS Collections to a Form Select
8:42
401
Forms Validation Techniques
3rd Party Form Handlers
401
Making Forms Dynamic
Displaying Form Parts Conditionally
14:36
501
Multi-Step Forms (MSFs)
501
SPAM Blocking Techniques
Minimizing Form Submission SPAM
600
SPAM Blocking Techniques
CAPTCHA Approaches
601
Form Handlers
3rd Party Form Handlers
901
Integrating the Basin Form Handler
902
Uploading Files
Uploading Files
950
Uploading Files with Uploadcare
951
Uploading Files with Basin
952
No items found.
Published
April 21, 2024
Updated
October 31, 2024
in lightbox
Webflow announced some new anti-SPAM features in development as part of the 2024 Webflow Conf.

Since early 2023, the Webflow platform has been the target of several SPAM-bots, which found a way to bypass sites entirely and go directly to the Webflow form submission handler.

Besides the SPAM, this attack factor comes with some interesting downsides for the community;

  • From what we've seen, reCAPTCHA can't help much here, since the site is bypassed
  • SPAM will continue even if you delete the form entirely
  • Clients receiving the SPAM notifications are more likely to click unsubscribe, which means they no longer get any of their form notifications
  • The only way to stop SPAM notifications is to stop all notifications by removing the notification email addresses from the site's form settings entirely

Webflow has been working on this problem since, however it's lead to

  • Less spam, but certainly not gone
  • Unreliability in the form's handler, sometimes it appears to stop capturing results- perhaps false positive detections

Solutions

Webflow Bot Protection

In Oct-2024, Webflow added some additional protection in the form of bot protection via a client-side Turnstile integration. This is still settling in, and facing some teething problems.

https://help.webflow.com/hc/en-us/articles/34277758554771-Prevent-spam-in-form-submissions

Use a 3rd party form handler

In a Webflow form, when you change the action setting, Webflow disables its in-built form handler and the form content can be posted to your own handler destination.

When you use this in combination with javascript or SA5's Form Webhook Handler library, you get;

  • Neatly JSON packaged form contents for submission to a webhook
  • Support for the Webflow form success and error messages
  • The ability to return data from your webhook, such as order confirmation numbers, or error messages, and display them

The Basin Form Handler

Sygnal exclusively uses Basin for our form handlers, it's incredibly reliable, easy to implement, customizable, and has phenomenal SPAM handling.
If you want to use it, Sygnal has a full Basin integration guide.

Besides the general "custom form handler" benefits above, here's what our Basin setup provides;

  • Replaces the Webflow default form handler with our own custom one
  • Submissions go to Basin directly
  • Basin does best-of-class SPAM detection and when it identifies SPAM, it puts that message in a special folder you can review - rather than deleting it. While we've never once seen a false-positive detection, the peace of mind knowing that it's not deleting submissions is excellent.

Basin's email notifications;

  • Can be styled, branded, and customized
  • Can be sent to the form submitter as well, for GDPR compliance
  • Do not have an unsubscribe link, which means no more unsubscribe problems

Robert Simmons offers more detail and discussion of the spam problem here, plus

https://www.reddit.com/r/webflow/comments/12dpo0h/avoid_webflows_default_forms_at_all_costs_a/

Formspark + Botpoison

Mike Pecha has an excellent video tutorial here-

https://www.youtube.com/watch?v=C80hhcwPX3o&ab_channel=MikePecha

Cookie Consent + Form Submission

David Proler recommended a cookie consent approach using Termageddon. I haven't investigated how it works, but my guess is that the cookie consent must be accepted before a form can be submitted. Since bots don't do that, they can't submit forms.

It's not clear to me how that helps with a gateway attack, but David's walkthrough is here;

https://www.facebook.com/groups/webflowdesigners/posts/1913625682483429/

Postmark

Also in relation to email spam solutions, Nicolás Ordaz recommends Postmark.

...consider using https://postmarkapp.com. This service allows you to create your own domain for all customer forms and assign them an email account. Alternatively, you can set up a domain for each client with their email account. For example, you can purchase .email domains, which are very cheap. Postmark is secure, fast and easy to use, and you can set up DMARC

FAQs

Answers to frequently asked questions.

Videos
No items found.
Table of Contents
Comments
Did we just make your life better?
Passion drives our long hours and late nights supporting the Webflow community. Click the button to show your love.