> ## Documentation Index
> Fetch the complete documentation index at: https://docs.spike.ac/llms.txt
> Use this file to discover all available pages before exploring further.

# Spam Protection

> Keep your inbox clean with multiple spam protection methods

Spike offers multiple layers of spam protection to keep your forms secure.

## Honeypot Field

The simplest spam protection. Add a hidden field that bots will fill out:

```html theme={null}
<form action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
  <input type="email" name="email" required>
  <textarea name="message" required></textarea>
  
  <!-- Honeypot - bots will fill this, humans won't see it -->
  <input 
    type="text" 
    name="_gotcha" 
    style="display:none" 
    tabindex="-1" 
    autocomplete="off"
  >
  
  <button type="submit">Send</button>
</form>
```

You can also configure a custom honeypot field name in your form settings.

***

## reCAPTCHA

### reCAPTCHA v2 (Checkbox)

1. Get keys at [google.com/recaptcha](https://www.google.com/recaptcha)
2. Enable reCAPTCHA in your form settings
3. Add the widget to your form:

```html theme={null}
<script src="https://www.google.com/recaptcha/api.js" async defer></script>

<form action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
  <input type="email" name="email" required>
  <textarea name="message" required></textarea>
  
  <div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY"></div>
  
  <button type="submit">Send</button>
</form>
```

### reCAPTCHA v3 (Invisible)

For invisible protection:

```html theme={null}
<script src="https://www.google.com/recaptcha/api.js?render=YOUR_SITE_KEY"></script>

<form id="contact-form" action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
  <input type="email" name="email" required>
  <textarea name="message" required></textarea>
  <input type="hidden" name="g-recaptcha-response" id="recaptcha-token">
  <button type="submit">Send</button>
</form>

<script>
document.getElementById('contact-form').addEventListener('submit', async (e) => {
  e.preventDefault();
  
  const token = await grecaptcha.execute('YOUR_SITE_KEY', { action: 'submit' });
  document.getElementById('recaptcha-token').value = token;
  
  e.target.submit();
});
</script>
```

***

## hCaptcha

Privacy-focused alternative to reCAPTCHA:

```html theme={null}
<script src="https://js.hcaptcha.com/1/api.js" async defer></script>

<form action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
  <input type="email" name="email" required>
  <textarea name="message" required></textarea>
  
  <div class="h-captcha" data-sitekey="YOUR_SITE_KEY"></div>
  
  <button type="submit">Send</button>
</form>
```

***

## Cloudflare Turnstile

Cloudflare's privacy-preserving CAPTCHA alternative:

```html theme={null}
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>

<form action="https://api.spike.ac/f/YOUR_FORM_SLUG" method="POST">
  <input type="email" name="email" required>
  <textarea name="message" required></textarea>
  
  <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY"></div>
  
  <button type="submit">Send</button>
</form>
```

***

## Blocklists

Block specific emails, domains, IPs, or words in your form settings:

| Type    | Example            | Description                        |
| ------- | ------------------ | ---------------------------------- |
| Emails  | `spam@example.com` | Block specific email addresses     |
| Domains | `spammer.com`      | Block all emails from a domain     |
| IPs     | `1.2.3.4`          | Block submissions from an IP       |
| Words   | `crypto`, `viagra` | Block submissions containing words |

***

## Work Email Validation

Require business email addresses by enabling "Require Work Email" in settings. This blocks common free email providers:

* gmail.com
* yahoo.com
* hotmail.com
* outlook.com
* And 100+ more

***

## ML Spam Filtering

Enable ML-based spam detection for advanced filtering. This analyzes:

* Content patterns (crypto spam, phishing, etc.)
* Email address patterns
* Submission metadata
* Link density

Configure the spam threshold (0-1) in your form settings. Higher values are more strict.

***

## Rate Limiting

Prevent abuse with rate limiting:

| Setting | Default | Description                     |
| ------- | ------- | ------------------------------- |
| Enabled | Yes     | Enable/disable rate limiting    |
| Count   | 100     | Max submissions per window      |
| Window  | 3600    | Time window in seconds (1 hour) |

When rate limited, submissions return a `429 Too Many Requests` error.