Spam filtering

Akismet

The Akismet.com API is integrated into the form builder forms to filter spam submissions. If a form submission is flagged by Akismet as spam, we do not send a copy to the form recipients, but we do store a copy in the backend for audit purposes.

We believe that the spam blocking is sufficient to block majority of spam so that the site is not flooded. But we can't guarantee all spam will be blocked.

From our analysis, the Akismet spam protection will block 90-95% of spam messages. If a site form is receiving spam and more than 90% of spam is being blocked, we consider this within normal spam limits before we might step in with custom blocking or filtering for a form.

Recaptcha

We don't recommend captcha due to reductions in conversion rates for visitors. But it is an option if desired for a project. But we can't guarantee all spam will be blocked, even with captcha.

False positive spam

If you determine that messages that look legitimate are being flagged at spam, the common cause of this is the field names that are incorrectly set or changed.

Example would be if you have a field that was originally called "Your Email", we create a field name of your-email. But if you change the label of that field to "Your message", you will also need to update the field name to match. Otherwise the spam filtering system will infer that this field should look like an email address.

You can edit the field name under the "Advanced" section within the form field editor under "slug".

Form field filter

Flag specific words/terms for the entire form or individual fields.

This spam filter is configured under the "Advanced" section within the form editor under "Filter Configuration".

Config Example:

[
    {
        "filter": "dhplatform.formbuilder.filters.filters.FieldFilter",
        "config": [
            {
                "field": "email",
                "flags": ["mike@tv.com", "blart"]
            },
            {
                "field": "message",
                "flags": ["Eat more spam", "trash"]  
            },
            {
                "field": "*",
                "flags": ["test"]
            }
        ]
    }
]

The field values in the config must match the field slug which can be found under the "Advanced" section within the form field editor. If "*" is used for field this will check all fields on the form for any flags.

Excluding fields

When using the wildcard option (*) for the fields, you also have the ability to exclude fields that you do not want the filter to be applied to.

"config": [
    {
        "field": "*",
        "flags": [".com"],
        "exclude": ["email"]
    }
]

Special filter example: url_block

Within the config, you also have the ability to enable a special filter to catch form submissions with URLs in fields. This can be used to block unwanted links like somespamdomain.com or https://www.example.com

"config": [
    {
        "field": "*",
        "special_filters": ["url_block"]
    }
]

It can also be combined with other flags and exclude values

"config": [
    {
        "field": "*",
        "flags": ["badword.com"],
        "special_filters": ["url_block"],
        "exclude": ["email"]
    }
]