Three new tools to fight spam
Formspree launches invisible reCAPTCHA, authorized domains, and profanity filter
Fighting spam is one of the hardest challenges for any form backend, whether you build your own or use a service like Formspree. To help our customers cut back on spam, today we’re announcing three new tools: Custom reCAPTCHA support, authorized domains and the profanity filter.
Custom reCAPTCHA support
Since 2015 we’ve relied on reCAPTCHA as a front line defense against spam. By default, all Formspree forms redirect to a reCAPTCHA page where submitters click to verify that they’re not a robot. However, that reCAPTCHA page is hosted by Formspree, and the redirect takes visitors away from the original website. We know that’s not acceptable for some websites, so we allow Gold and Platinum subscribers to disable the reCAPTCHA redirect.
But what if you want to keep visitors on your website and benefit from reCAPTCHA spam protection? What if you want to use an invisible reCAPTCHA, so your visitors don’t have to click a box? Well, if you’re a Gold or Platinum subscriber, now you can add your own reCAPTCHA to your website and give us the site-key. We’ll use your site-key to verify the submission and skip our reCAPTCHA redirect. We call this a custom reCAPTCHA.
To set up a custom reCAPTCHA check out our help article.
Authorized Domains
There are two ways to create forms on Formspree today.
- There’s the open API where anyone can post to Formspree to create a form for free. However, these forms must be activated separately for each page.
- Logged in users can create a form in the Formspree dashboard. These forms don’t need to be activated and work on any web page. This option is great for users that want to use the same form on several pages (like in a blog footer).
The latter aproach can be more convenient. However, since the same form will work on any page, even across websites, nothing prevents someone from taking your form and embedding it on their website. At least not until now.
With Authorized Domains you can restrict the use of your forms to a trusted domain.
For example, lets say you’ve created a form in Formspree, and copied the action
URL into your website’s HTML. After some testing on localhost, your ready to deploy your changes to a live website at mysite.com
. Now before going live, you can set the Authorized Domain to mysite.com
in your form settings.
Once an Authorized Domain is set, Formspree will check the referer
header on all submissions to ensure they’re comming from mysite.com
. Otherwise it will reject the submission.
Profanity Filter
Sometimes you’re working on a project that’s gonna get a lot of traffic. We all know that some people are jerks. If a form is popular enough, you’re likely to receive some nasty submissions. If you’d like to keep it professional, or you want to protect your client’s inbox, now you can enable the Profanity Filter.
The Profanity Filter will stop submissions with sexual or vulgar language from arriving in your client’s inbox. It marks those submissions as spam
and puts them in the spam folder of your forms submission table, where you can review tham later.
We hope these tools will help cut back on spam while preserving your website’s brand. As always if you’ve got questions, drop us a line below!