Spam Bot Protection: Stop Form Spam Before It Lands

Most form spam is the same handful of evasion tricks repeated at scale — disposable inboxes, throwaway address variants, VPN and Tor traffic, and signup networks that exist only to bypass verification. Prosopo's Spam Filter blocks those at the request level, before your application, your inbox, or your CRM ever sees them.

It pairs an email filter for fake and disposable addresses with a traffic filter for abusive network sources, each tunable per site. The result: anti-spam measures that catch the patterns spammers actually use, with the low false-positive rate real users need.

Spam Bot Protection: Stop Form Spam Before It Lands
How it works

Why our Spam Filter is superior

Our AI-driven approach delivers unmatched accuracy while preserving legitimate user interactions.

Advanced AI detection

Unlike traditional keyword-based systems, our AI analyzes content patterns, sender behavior, and contextual signals to identify sophisticated spam attempts.

Customizable protection levels

Set protection thresholds based on your needs - from permissive for general content to strict for sensitive channels.

Email pattern rules

Catch throwaway Gmail, iCloud, Yahoo and other addresses where one mailbox poses as dozens of distinct signups. Add your own regex patterns for organisation-specific abuse.

Traffic filtering

Block submissions by connection type — VPN, proxy, Tor, datacenter, crawler, and more — each with its own independent toggle. Abusive networks are blocked by default for every account.

Simple integration

Implement with just a few lines of code through our API or use our pre-built plugins for popular platforms like WordPress, Shopify, and more.
Why Prosopo

The benefits of choosing Prosopo Spam Filter

Catches the patterns spammers actually use

Curated default rules catch throwaway Gmail, iCloud, Yahoo and other addresses used to bypass signup verification out of the box.

Self-learning system

Our spam filter continuously improves by learning from new spam patterns and administrator feedback.

Real-time protection

Instant scanning and filtering ensures spam never reaches your users or systems.

Multi-channel coverage

Protect comments, contact forms, user-generated content, and communication systems with a single solution.

Detailed analytics

Gain insights into spam patterns and attack vectors with comprehensive reporting tools.

Why your forms keep getting spam

If your inbox is filling up with fake signups, your contact form is generating obvious junk, or your WordPress site keeps sending spam emails you didn't author, the cause is almost always the same: a bot is submitting your form directly, faster than any keyword filter or honeypot can keep up. The fix isn't a smarter inbox rule. It's stopping the submission before the form processes it.

Anti-spam measures that only run after submission (Akismet, server-side keyword filters, post-hoc email validation) treat the symptom. Prosopo's spam bot protection treats the cause — it sits in front of the form and rejects abusive requests before any further processing happens.

How Prosopo Spam Filter works

The Spam Filter sits in front of your verification step and rejects requests that already look abusive before any further processing happens. It works in two layers — Email Filter for fake or disposable addresses, and Traffic Filter for abusive network sources — and each can be tuned independently per site.

Email Filter: stop signup spam

Most signup spam doesn't come from random email accounts. It comes from a small set of evasion techniques that turn a single mailbox into thousands of apparent addresses, or from networks of disposable inboxes that exist only to bypass verification.

The Email Filter catches both:

  • Throwaway address normalisation. Throwaway variants from Gmail, iCloud, Yahoo and other major providers all resolve to the same mailbox. The filter optionally normalises addresses before applying your rules, so one rule catches every variant.
  • Curated default patterns. A maintained ruleset that targets throwaway address tactics from the major providers used to bypass signup verification.
  • Custom blocklist. Add your own patterns to block addresses unique to abuse you're seeing.
  • Disposable-domain detection. Optionally rejects addresses from known throwaway providers — and follows the domain through redirects, CNAMEs and MX records so freshly-registered throwaway domains can't slip through by pointing at a known backend.

Traffic Filter: block abusive network sources

The Traffic Filter rejects requests by the type of network they came from. Each filter is an independent toggle, so you can build the exact policy your audience needs:

FilterWhat it blocksRecommended for
Abusive networksNetworks with a strong abuse signalEveryone — on by default for all accounts
VPNKnown consumer VPN servicesSites with high signup-fraud exposure
ProxyHTTP, HTTPS and SOCKS proxiesAPI endpoints and high-value forms
TorTor exit nodesMost consumer-facing forms
Datacenter / HostingCloud and hosting IP spaceSites whose users browse from residential networks
CrawlerKnown automated botsMost forms (excluding documentation/marketing pages)
MobileCellular networksNiche — only when fixed-line access is required
SatelliteSatellite internetNiche — only when ground-based access is required

Blocks are reported back to your application with a distinct reason for each filter, so you can show users a tailored message ("Please disconnect your VPN and try again", "This form isn't supported over Tor", and so on) rather than a generic failure.

Built for both ends of the spectrum

  • Free tier accounts get abusive-network blocking enabled by default — the single highest-signal filter, on without any configuration.
  • Professional and Enterprise unlock every other filter and the Email Filter, with per-site tuning, custom regex patterns and Gmail normalisation.

How Prosopo Spam Filter compares

Full capability Partial / caveat Not available
CapabilityProsopo Spam FilterAkismetreCAPTCHA / hCaptcha
Network-level blocking (VPN, Tor, datacenter)
Email signup-evasion blocking
Disposable-domain detection Limited
Custom blocklists
Per-block reason codes for tailored user messages Limited
GDPR-compliant data handling Varies

Common use cases

Platform-specific guides

If you're trying to stop spam on a specific form plugin or platform, jump to the install guide:

Configuration reference

Full details of the Email Filter rules, the eight Traffic Filter toggles and their block reasons are in the docs:

Request a Demo of Prosopo Spam Filter

Our Spam Filter technology is available as both a standalone product and part of our Enterprise suite. Contact our sales team for pricing options.

Tell us about your bot problem

We'll get back to you straight away

By submitting this form, you agree to our Privacy Policy and Terms of Service

By the numbers

Trusted by companies of all sizes.

Active websites
0+
Monthly verifications
0+
Bots stopped per month
0+
Reviews

Our customers love us.

Hundreds of businesses have made the switch from reCAPTCHA and hCaptcha to Prosopo. Here's what they have to say.

Frequently Asked Questions

How does the spam filter work?

Our spam filter combines two layers: an email filter that catches throwaway addresses and signup-evasion tricks, and a traffic filter that blocks requests from networks heavily associated with abuse — VPNs, proxies, Tor exits, datacenters, crawlers and more. Each layer can be tuned independently per site.

Will legitimate messages be blocked?

Defaults are tuned to minimise false positives — the curated email patterns target known evasion tricks rather than legitimate names, and the only traffic filter enabled by default targets networks with a strong abuse signal. Every filter is independently toggleable, so you can dial sensitivity to your audience.

Can the spam filter be integrated with our existing systems?

Yes, our spam filter offers flexible integration options including REST API, JavaScript snippets, server-side modules, and pre-built plugins for popular platforms. Our technical team can assist with custom integrations for proprietary systems.

Does the spam filter work for non-English content?

Yes. The email and traffic filters are language-agnostic — they look at addresses, domains and network properties rather than message text — so they work the same for content in any language.

Can you stop throwaway Gmail, iCloud and Yahoo addresses?

Yes. The Email Filter ships with a curated default ruleset that catches the throwaway address patterns used by Gmail, iCloud, Yahoo and other major providers — where a single mailbox can pose as dozens of distinct signups. You can also opt in to address normalisation, which resolves provider-specific variants to a single canonical address before evaluating your custom regex blocklist, so one rule catches every variant of the same mailbox.

Can I block submissions coming from VPNs, proxies, or Tor?

Yes. The Traffic Filter provides independent toggles for blocking VPN, proxy, Tor, datacenter, crawler, mobile and satellite traffic. Each block returns a distinct reason so your application can show the user a tailored message — for example asking VPN users to reconnect, or telling Tor users the form isn't supported on that network.

Are abusive networks blocked automatically?

Yes. Traffic from networks flagged for abuse is blocked by default for every account, including free tier. Paid-tier accounts can adjust this setting, but it is recommended to keep it enabled.

What traffic types can I filter?

The Traffic Filter supports eight independent filters: VPN, proxy, Tor, abusive ASNs, datacenter/hosting IPs, crawlers, mobile networks, and satellite connections. Each can be toggled on or off per site. Traffic filtering is a paid feature, except for abusive network blocking which is enabled for all accounts.

More from Prosopo

What else can Prosopo protect for you?

No matter the threat, we have a solution to keep your business safe.

Product

Access Control

Prosopo's Access Control dynamically generates rules to protect your website from bots and spam.

Learn more
Access Control
Product

API Protection

Stop automated abuse of your API endpoints with Prosopo's bot-aware verification and access control.

Learn more
API Protection
Product

Risk Scoring

Prosopo's Risk Scoring provides real-time analysis of user behavior to identify potential threats.

Learn more
Risk Scoring
Product

Spam Bot Protection: Stop Form Spam Before It Lands

Spam bot protection that blocks fake signups, throwaway emails and abusive networks before they reach your forms — without breaking the experience for real users.

Learn more
Spam Bot Protection: Stop Form Spam Before It Lands
Product

Invisible CAPTCHA

Prosopo's Invisible CAPTCHA provides seamless bot protection without disrupting the user experience.

Learn more
Invisible CAPTCHA
Product

Procaptcha - GDPR Compliant CAPTCHA

With Prosopo's GDPR friendly captcha, enjoy seamless website security. Protect users, prevent bots, and stay compliant - all while keeping it simple.

Learn more
Procaptcha - GDPR Compliant CAPTCHA