I am looking to implement spam protection on my Netlify form and I have been looking at the Netlify form spam filter page: Spam filters | Netlify Docs
My understanding of form honeypots is that the name of the honeypot field should match a name bots would most likely choose to propagate, such as email. Then the existing email field should be changed to something less interesting to bots, such as field1.
So in the documented example, would I be best off changing bot-field to email, and my existing email field to field1?
You can alert Netlify to a hidden honeypot field by adding a netlify-honeypot attribute to your <form> with the name of your hidden field. Then make sure that field is present in the form, but hidden via CSS or JavaScript
Based on the quote above from the Netlify Documentation website you are right that the value of the netlify-honeypot attribute must match the value of the name attribute of a field present in the form.
However note that the field must be hidden. Only a bot can detect and fill a hidden field. If a field is hidden in the UI, most end users will not see and then fill the form.
If you actually want to get the value of the email field then the you must change the value of the netlify-honeypot attribute from email to another value which must match the value of another field present in the form.
In regards to the best choice of field name though, would it be such that a bot is more likely to insert data into a hidden field named email than one named bot-field, and as such email would be a better choice of name for a hidden honeypot field than the bot-field name used in the docs?
A honeypot field is typically used to trick spam bots into revealing themselves, so in my opinion it’s important that the name is not immediately recognizable as a honeypot to the bots.
It’s essential that the name you choose doesn’t give away its true purpose to spam bots.
Here are a few suggestions of names you could use: