step1: in the main form stack.
-enable the honeypot traps.
-set the identifier set of characters. If you use
-- then make sure that the name of your input file has those characters. For example:
my--address. Use meaningful names, that make sense within the form.
-make sure to set a minimum form fill time (it’s very effective). Bots fill forms very quickly. You can adjust this time base on the length and complexity of your form.
-add a new input field, and give it a name using the ‘identifier’ that you selected above, as part of the name. For example:
-enable the ‘send logged robot attacks’ and select an email address to send the log, which should be different from the form’s destination email address. Usually the site administrator or something like that.
-publish your form, and fill the info including the ‘honeypot’ input field. You should receive a log report that a robot filled the form. If you enabled the ‘get remote host IP address’ you can figure out if it’s a repeat offender.
- if your form passes these tests, then set the ‘honeypot’ field to
hidden and republish your form.
-also remember to test the minimum fill time for the form. I set my forms sometimes to 8 secs, sometimes to 10, it just depends. As I mentioned, this is very effective.
The only spam in 2 years came from an actual human filling the form, not a bot.
The I get 1-10 log reports per day per website with form. But no spam goes to the customer.
I hope that this helps, let me know if you have more questions or issues.