Skip to main content
Free tools

Free form spam checker

Paste a contact form submission and see which defense layer would catch it: a honeypot, a CAPTCHA challenge, or a keyword blocklist. Everything runs in your browser, and nothing is sent or stored. No signup required.

Try an example:

These are simple, transparent heuristics that show how each layer works, not a production spam filter. A clean verdict here is not a guarantee.

The layers

Three layers, three different jobs.

No single defense stops form spam. Bots and human spammers slip past different layers, so the useful question is which layer catches what.

Honeypot field

A form field hidden with CSS. Visitors never see it, but naive bots autofill every field they find, so a filled honeypot marks the submission as spam.

Free and invisible, but it only stops bots that fall for it. Human spammers and smarter scripts get past, so treat it as the first layer, not the only one.

Challenge

Turnstile and reCAPTCHA make the browser prove a human is present before the form submits, which blocks most automated spam.

Blind to intent, though: a person pasting an SEO pitch solves the challenge like any customer would.

Keyword blocklist

Rules that match content: known spam phrases, link shorteners, suspicious domains. The only layer that can stop spam a real human typed.

Exactly as good as its rules. Too loose and pitches slip through; too strict and real customers get silently dropped.

How to use it

Test your contact form spam in three steps.

A spam score alone tells you a message is bad without telling you what would have stopped it. This checker names the layer too, so you know whether your form needs a honeypot, a challenge, or better content rules.

  1. 01

    Paste the submission

    Copy a suspicious message from your inbox, with the sender name and address if you have them. Nothing you paste leaves this page.

  2. 02

    Read the layer verdicts

    The checker scores the message and names which layer reacts: automation tells trip the behavioral layers, content matches trip the blocklist.

  3. 03

    Adjust your defenses

    If every layer would miss it, you know what to add: a honeypot or challenge for bots, content rules for human-sent spam.

Building the form itself? The free HTML form generator includes a honeypot in its output, and server-side spam protection adds the challenge and filtering layers without any backend code on your side.

FAQ

Questions before you
blame the bots.

Crawlers find published forms and submit anything they can, and human workers get paid to paste pitches into them, so even a brand-new site gets hit. The mix matters: behavioral layers stop the bots, but human-sent spam can only be filtered on content.

One line. Zero backend.

The form backend you don’t have to build.

Free foreverNo credit cardSet up in under a minute