I am looking to implement spam protection on my Netlify form and I have been looking at the Netlify form spam filter page: Spam filters | Netlify Docs
My understanding of form honeypots is that the name of the honeypot field should match a name bots would most likely choose to propagate, such as
email. Then the existing
email field should be changed to something less interesting to bots, such as
So in the documented example, would I be best off changing
email, and my existing
email field to
Hi @triatic , thank for sharing and welcome.
You can alert Netlify to a hidden honeypot field by adding a
netlify-honeypot attribute to your
Based on the quote above from the Netlify Documentation website you are right that the value of the
netlify-honeypot attribute must match the value of the
name attribute of a field present in the form.
However note that the field must be hidden. Only a bot can detect and fill a hidden field. If a field is hidden in the UI, most end users will not see and then fill the form.
If you actually want to get the value of the
email field then the you must change the value of the
netlify-honeypot attribute from
email to another value which must match the value of another field present in the form.
Hi @clarnx and thank you for the clarification.
In regards to the best choice of field name though, would it be such that a bot is more likely to insert data into a hidden field named
email than one named
bot-field, and as such
email would be a better choice of name for a hidden honeypot field than the
bot-field name used in the docs?
A honeypot field is typically used to trick spam bots into revealing themselves, so in my opinion it’s important that the name is not immediately recognizable as a honeypot to the bots.
It’s essential that the name you choose doesn’t give away its true purpose to spam bots.
Here are a few suggestions of names you could use:
Thanks, that makes sense. Perhaps the docs in this area should be updated to reflect this advice?
Hi @triatic ,
Glad to know I was able to help.