stop form spam
Stop form spam at the edge
An edge-served content model that scores contact, lead, signup, and comment submissions for spam, fraud, and cold outreach, returning allow, review, or block in about 40ms.
The problem
Blocklists don't scale, and triage isn't shipping
Contact and signup forms are a magnet for spam, fake leads, and templated cold pitches, and regex blocklists or honeypots only catch the laziest bots. You end up hand-tuning rules and still triaging junk in your inbox instead of shipping.
How it works
One POST, one decision
Send the submission, score it at the edge, and branch your form handler on a single field.
POST the submission
Send the form fields (and any IP, email, or user agent you have) to POST /v1/check with a Bearer key. For text you already have in hand, POST /v1/content scores the message body alone — no other metadata required.
Score at the edge
A content model running in the Cloudflare edge classifies the text for spam, fraud, and cold outreach, fused with IP and email signals into one calibrated 0.0–1.0 score. The full check returns in about 40ms, so it fits inline in your submit handler.
Act on the decision
You get back a decision of allow, review, or block plus per-category probabilities. Allow saves it, review queues it for a human, block drops it — your form handler branches on one field instead of a pile of heuristics.
What it catches
Spam, fraud, and cold outreach, scored separately
Every submission is classified across distinct categories — with human-readable flags and a calibrated probability for each.
Spam and promotional content
Catches pharma, SEO and backlink pitches, gambling, crypto schemes, and templated bot copy. Surfaces human-readable flags like promotional_language, urgency_markers, and suspicious_links alongside a spam probability.
Cold outreach detection
A dedicated cold_email category scores unsolicited sales and partnership pitches separately from outright spam, so you can block junk while routing real-but-unwanted outreach to review instead of silently dropping it.
Fraud and scam signals
Flags phishing attempts, fake job and work-from-home offers, and requests for personal or financial information through a distinct fraud category, kept separate from generic spam scoring.
Server-side behavioral checks
When you pass form metadata, honeypot trips and submission timing fold into the same score, so obvious bot fills get caught without relying on client-side JavaScript.
The API
POST a submission, get a verdict
A spammy backlink pitch scored by /v1/check — block, with per-category probabilities and content flags in the same response.
curl -X POST https://api.formshield.dev/v1/check \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"form_id": "contact-form",
"form_data": {
"name": "John Smith",
"email": "john@example.com",
"message": "Boost your SEO rankings fast! Limited time backlink package, act now."
},
"metadata": { "ip": "203.0.113.42" }
}'FAQ
Common questions
POST each submission to /v1/check from your form handler and branch on the returned decision: allow saves it, block drops it, review queues it. The content model scores the text server-side, so there is no CAPTCHA challenge or client-side widget for legitimate users to clear.
/v1/check takes the full submission — form fields plus optional IP, email, and user agent — and fuses content, IP, and email signals into one decision. /v1/content scores a single block of text on its own when that is all you have. Both return the same 0.0–1.0 score and category probabilities.
Each check costs 2 credits. The decision and per-category probabilities (spam, fraud, cold_email) come back in the same response, so a single 2-credit call covers all three classifications.
Stop fighting spam by hand
One API call. IP, email, content & behavior signals in a single intelligence platform. Start free, no credit card required.