Information on how our platform filters spam and how to implement custom configurations for blocking messages that are getting through our standard filters.
Standard Filtering - Akismet
If a form has Akismet Spam Filtering enabled in the builder, the Akismet.com API is integrated into the form builder forms to filter spam submissions. If a form submission is flagged by Akismet as spam, we do not send a copy to the form recipients, but we do store a copy in the backend for audit purposes.
We believe that the spam blocking is sufficient to block the majority of spam so that the site is not flooded, but we can't guarantee all spam will be blocked. From our analysis, Akismet protection will usually block 90-95% of spam messages. If a site form is receiving spam and more than 90% of spam is being blocked, we consider this within normal limits before we might step in with custom blocking or filtering for a form.
Recaptcha
DevHub cannot guarantee all spam will be blocked by adding captcha. Therefore, we don't recommend captcha due to reductions in conversion rates for visitors. However, it is an option if desired for a project.
False Positive Spam
If you determine that messages that look legitimate are being flagged as spam, one common cause of this may be if form field names have been incorrectly set or changed.
For example, if you have a field that was originally called "Your Email", we create a corresponding field slug called "your-email". If you decide to change the label of that field to "Your message", you will also need to update the field slug to match. If not updated, the spam filtering system may infer that this field should still look like an email address, rather than a message, and block form fills.
You can edit the field name under the "Advanced" section within the form field editor, under "slug":
Form Field Filter
Here, you can flag specific words/terms for the entire form or individual fields. This spam filter is configured under the "Advanced" section within the form editor, under "Filter Configuration":
Config Example:
[ { "filter": "dhplatform.formbuilder.filters.filters.FieldFilter", "config": [ { "field": "email", "flags": ["mike@yahoo.com", "hot"] }, { "field": "message", "flags": ["car insurance", "trash"] }, { "field": "*", "flags": ["test"] } ] } ]
The field values in the config must match the field slug, which can be found under the "Advanced" section within the form field editor. If "*" is used for a field, it will check all fields on the form for any flags.
Excluding Fields
When using the wildcard option (*) for fields, you also have the ability to exclude fields that you do not want the filter to be applied to. Example:
"config": [ { "field": "*", "flags": [".com"], "exclude": ["email"] } ]
Special Filter Example: url_block
Within the config, you also have the ability to enable a special filter to catch form submissions with URLs in fields. This can be used to block unwanted links, as long as you are sure that legitimate form responses would not contain any.
"config": [ { "field": "*", "special_filters": ["url_block"] } ]
It can also be combined with other flags and excluded values:
"config": [ { "field": "*", "flags": ["badword.com"], "special_filters": ["url_block"], "exclude": ["email"] } ]
If you have any questions at all about this setup or what configurations your forms are already using, please reach out to your Customer Success manager or support@devhub.com.