Spam prevention

Honeypot fields

A honeypot is a hidden form field that real users never see or fill in. Bots that auto-fill every input will trigger it, and RizzForms marks the submission as spam.

Add a field named _hp (or its alias _gotcha) and hide it with CSS:

<form action="https://forms.rizzness.com/f/your-token" method="POST">
  <!-- Honeypot: hidden from humans, visible to bots -->
  <div style="position: absolute; left: -9999px;" aria-hidden="true">
    <input type="text" name="_hp" tabindex="-1" autocomplete="off">
  </div>

  <label for="email">Email</label>
  <input type="email" id="email" name="email" required>

  <label for="message">Message</label>
  <textarea id="message" name="message"></textarea>

  <button type="submit">Send</button>
</form>

How it works: If the _hp or _gotcha field contains any value, the submission is flagged as spam. The field value is truncated to 50 bytes and stored for audit purposes, but the submission does not trigger notifications or plugin deliveries.

Tip: Use position: absolute and left: -9999px rather than display: none. Some sophisticated bots skip fields with display: none, but will still fill in off-screen inputs.

Turnstile CAPTCHA

Cloudflare Turnstile provides an invisible, privacy-friendly challenge that stops automated submissions without annoying real users.

To enable Turnstile:

1. Open your form settings in the RizzForms dashboard.
2. Toggle Turnstile CAPTCHA on.
3. Add the Turnstile widget to your HTML form:

<!-- Add the Turnstile script -->
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>

<form action="https://forms.rizzness.com/f/your-token" method="POST">
  <label for="email">Email</label>
  <input type="email" id="email" name="email" required>

  <!-- Turnstile widget -->
  <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY"></div>

  <button type="submit">Send</button>
</form>

RizzForms verifies the Turnstile token server-side. Submissions that fail verification are rejected before storage.

Rate limiting

Each form endpoint allows 60 submissions per minute per IP address. This prevents brute-force spam floods.

• When the limit is exceeded, RizzForms returns a 429 Too Many Requests response.
• The limit resets after one minute.
• Legitimate users submitting a single form will never hit this limit.

Rate limiting is always active. No configuration needed.

Keeping notification emails out of spam

The sections above focus on preventing spam submissions to your forms. This section addresses a different problem: making sure RizzForms notification emails reach your inbox instead of your spam folder.

Gmail

Method 1: Create a filter (recommended)

1. Open Gmail with the search pre-filled
2. Click "Create filter" (the search criteria is already filled in).
3. Check these boxes:
   • "Never send it to Spam"
   • "Always mark it as important"
   • "Star it" (optional)
4. Click "Create filter" to save.

Method 2: Add to contacts

1. Open any email from RizzForms.
2. Hover over the sender and click the add-to-contacts icon.
3. Add [email protected] to your Google Contacts.

Method 3: Mark as not spam

1. Go to your Spam folder.
2. Find any RizzForms emails.
3. Click "Report not spam".

Outlook

Method 1: Add to Safe Senders (recommended)

1. Open Outlook Settings (gear icon) and select "View all Outlook settings".
2. Navigate to Mail → Junk email.
3. Under "Safe senders and domains," click + Add and enter [email protected].
4. Click Save.

Method 2: Create an inbox rule

1. Open Outlook Settings and navigate to Mail → Rules.
2. Click "Add new rule".
3. Name it "Always Move RizzForms to Inbox".
4. Set the condition to From = [email protected].
5. Set the action to Move to Inbox.
6. Click Save.

Method 3: Mark as not junk

1. Go to your Junk Email folder.
2. Select any RizzForms emails.
3. Click "Not junk".

General tips

• Check spam folders periodically to catch any misclassified emails.
• After configuring filters, submit a test form to verify notifications arrive in your inbox.
• If issues persist, contact our support team.