Skip to content

Advanced Spam Protection Features

Basin offers a comprehensive suite of advanced spam protection features that work alongside or independently of CAPTCHA solutions. These powerful filters provide layered protection against automated abuse and spam submissions.

Overview

Basin's advanced spam protection features fall into two categories:

Automatic Backend Filters

These filters are configured in your Basin dashboard and work automatically when enabled: - AI-Powered Content Analysis (SpamCheck.ai), always enabled - Duplicate Detection - Email Validation and Filtering - Geographic and Location-Based Filtering - Language Detection - Domain Restrictions - Lead Agent Scoring

Form-Level Protection

These require implementation in your HTML form: - Honeypot Fields - Custom Field Validation

AI-Powered Spam Detection

SpamCheck.ai Integration

Basin uses SpamCheck.ai for intelligent spam detection. This machine learning system continuously evolves to better identify spam content.

Features: - Real-time content analysis - Pattern recognition - Adaptive learning - Low false positive rates

SpamCheck Version Migration

Basin offers two versions of SpamCheck:

  • Version 1: Basic spam detection (legacy support)
  • Version 2: Enhanced features with additional filters

New forms automatically use Version 2, which includes exclusive features like Invalid Email Filter, Burner Email Filter, and Risky URL Whitelist.

Migration Benefits: - Improved accuracy - Additional filtering options - Better false positive handling - Enhanced reporting

Honeypot Fields

Honeypot fields are hidden form elements that trap bots while remaining invisible to human users.

Basic Honeypot Setup

Add a hidden field to your form that bots will fill out but humans won't see:

<form accept-charset="UTF-8" action="https://usebasin.com/f/YOUR_FORM_ID" method="POST">
    <input type="text" name="name" placeholder="Your Name" required>
    <input type="email" name="email" placeholder="Your Email" required>
    <textarea name="message" placeholder="Your Message" required></textarea>

    <!-- Honeypot field - hidden from users -->
    <input type="hidden" name="_gotcha">

    <button type="submit">Submit</button>
</form>

Custom Honeypot Fields

You can specify a custom honeypot field name in your form settings:

  1. Go to Form → Settings → Spam
  2. Set your custom honeypot field name
  3. Use that field name in your form
<form accept-charset="UTF-8" action="https://usebasin.com/f/YOUR_FORM_ID" method="POST">
    <!-- Your form fields -->
    <input type="hidden" name="your_custom_honeypot_name">
    <button type="submit">Submit</button>
</form>

Advanced Honeypot Techniques

Visible Honeypot (for advanced users):

<div style="position: absolute; left: -5000px;">
    <input type="text" name="website" placeholder="Leave this field empty">
</div>

CSS-Hidden Honeypot:

<style>
.honeypot {
    display: none;
}
</style>

<input type="text" name="_gotcha" class="honeypot">

Duplicate Detection

The duplicate filter automatically identifies and blocks identical submissions.

How It Works

Basin compares incoming submissions against existing submissions in both your inbox and spam folder. If an exact match is found, the duplicate is automatically marked as spam.

Configuration

  1. Navigate to Form → Settings → Spam
  2. Toggle Duplicate Filter on/off
  3. Save settings

Use Cases: - Preventing form resubmission - Blocking automated repeat submissions - Reducing inbox clutter

Email Validation and Filtering

Valid Email Filter

SpamCheck Version 2 Only

The Valid Email Filter requires SpamCheck Version 2.

This filter ensures submitted email addresses are legitimate and deliverable.

Validation Criteria: 1. Format Check: Must match standard email format (user@domain.tld) 2. Deliverability Check: Must point to an active mailbox

Setup Requirements: Your form must include a properly named email field:

<form>
    <input type="email" id="email" name="email" required>
    <!-- Other form fields -->
</form>

Configuration: 1. Go to Form → Settings → Spam 2. Enable Valid Email Filter 3. Save settings

Burner Email Filter

SpamCheck Version 2 Only

The Burner Email Filter requires SpamCheck Version 2.

Automatically detects and blocks temporary/disposable email addresses commonly used by spammers.

Blocked Email Types: - Temporary email services - Disposable email addresses - Known spam email domains - Throwaway email providers

Configuration: 1. Go to Form → Settings → Spam 2. Enable Burner Email Filter 3. Save settings

Blocked Email Domains

Manually specify email domains to block from form submissions.

Setup: 1. Navigate to Form → Settings → Spam 2. Add domains to Blocked Email Domains 3. Press Enter after each domain 4. Save settings

Example: If you block example.com, any submissions from user@example.com will be marked as spam.

Geographic and Location Filtering

Country-Based Filtering

Control which countries can submit to your forms using IP geolocation.

Whitelist Mode: - Only allow submissions from specified countries - All other countries are blocked

Blacklist Mode: - Block submissions from specified countries - All other countries are allowed

Configuration: 1. Go to Form → Settings → Spam 2. Choose Whitelist or Blacklist mode 3. Add countries to your list 4. Save settings

Important

Use either whitelist OR blacklist, not both simultaneously.

Radius-Based Location Filter

Premium Feature

Available on Premium plans and above.

Create a geographic radius around a specific location to filter submissions.

How It Works: 1. Select a point on the map 2. Set a radius distance 3. Only submissions within the radius are allowed 4. Submissions outside the radius are marked as spam

Use Cases: - Local business forms - Regional event registrations - Location-specific services - Geographic compliance requirements

Configuration: 1. Navigate to Form → Settings → Spam 2. Enable Radius-based location filter 3. Set your location and radius 4. Save settings

Language Detection Filter

Automatically detect and filter submissions based on their primary language.

How It Works

Basin analyzes the text content of submissions to determine the primary language used.

Filter Options

Whitelist (Accepted Languages): - Only allow submissions in specified languages - Block all other languages

Blacklist (Blocked Languages): - Block submissions in specified languages - Allow all other languages

Dual Mode: Unlike country filtering, both whitelist and blacklist can be used simultaneously.

Configuration: 1. Go to Form → Settings → Spam 2. Configure Accepted Languages (whitelist) 3. Configure Blocked Languages (blacklist) 4. Save settings

Domain Restrictions

Limit form submissions to specific domains, providing an additional layer of security.

How It Works

Basin checks the Origin header of submissions to verify they originate from allowed domains. This includes all subdomains of specified domains.

Configuration

  1. Navigate to Form → Settings → Spam
  2. Add domains to Allowed Domains
  3. Press Enter after each domain
  4. Save settings

JavaScript Framework Considerations

Set Origin Header Manually

When using AJAX or JavaScript frameworks, the Origin header may be omitted. Set it manually:

fetch('https://usebasin.com/f/YOUR_FORM_ID', {
    method: 'POST',
    body: formData,
    headers: {
        'Origin': 'https://yourdomain.com'
    }
});

Referrer Policy Requirements

Check Referrer Policy

Ensure your site's Referrer Policy sends origin information to Basin. The default strict-origin-when-cross-origin policy is compatible.

Advanced Content Filtering

Risky URL Whitelist

SpamCheck Version 2 Only

Available with SpamCheck Version 2.

Basin's AI identifies submissions containing "risky URLs." You can whitelist legitimate URLs that are incorrectly flagged.

Configuration: 1. Go to Form → Settings → Spam 2. Add URLs to Allowed Risky URLs 3. Save settings

Note: This only affects submissions marked as spam specifically for containing risky URLs.

Lead Agent Spam Threshold

Set a threshold score that automatically marks submissions as spam based on lead quality analysis.

How It Works: - Submissions receive a lead agent score - Submissions below your threshold are marked as spam - Other spam filters still apply - Unscored submissions are not affected

Configuration: 1. Navigate to Form → Settings → Spam 2. Set Lead Agent Spam Threshold 3. Save settings

Combining Protection Methods

Layered Defense Strategy

For optimal protection, combine multiple methods:

<form accept-charset="UTF-8" action="https://usebasin.com/f/YOUR_FORM_ID" method="POST">
    <!-- Regular form fields -->
    <input type="text" name="name" required>
    <input type="email" name="email" required>
    <textarea name="message" required></textarea>

    <!-- Honeypot protection -->
    <input type="hidden" name="_gotcha">

    <!-- CAPTCHA (choose one) -->
    <div class="h-captcha" data-sitekey="YOUR_SITE_KEY"></div>

    <button type="submit">Submit</button>
</form>

Recommended Combinations: - Basic Protection: Honeypot + Duplicate Filter + Valid Email Filter + Domain Restrictions - Enhanced Protection: Above + Geographic Filter + Language Filter - Maximum Protection: Above + CAPTCHA + Custom Filters

Backend Filter Configuration

Enable multiple backend filters for comprehensive protection:

  1. SpamCheck.ai (automatic)
  2. Duplicate Filter
  3. Valid Email Filter
  4. Burner Email Filter
  5. Country Filter
  6. Language Filter
  7. Domain Restrictions
  8. Lead Agent Threshold

Monitoring and Management

Spam Summary Emails

Stay informed about your spam protection effectiveness:

  1. Go to Form → Settings → Notifications
  2. Enable Spam Summary Emails
  3. Choose frequency (daily, weekly, monthly)

Webhook Integration

Configure webhooks to trigger regardless of spam status:

  1. Navigate to Form → Settings → Webhooks
  2. Enable webhook for all submissions
  3. Handle spam status in your webhook handler

Regular Monitoring

Best Practices: - Review spam folder weekly - Monitor false positive rates - Adjust thresholds based on results - Update filters seasonally

Spam Retention

Basin retains spam for 30 days before permanent deletion. Review regularly to catch false positives.

Troubleshooting Common Issues

High False Positive Rate

Solutions: - Lower sensitivity thresholds - Whitelist legitimate domains/URLs - Review and adjust geographic filters - Check language detection settings

Spam Still Getting Through

Solutions: - Enable additional filters - Implement honeypot fields - Add CAPTCHA protection - Tighten geographic restrictions - Review and update blocked domains

Legitimate Submissions Blocked

Solutions: - Check spam folder regularly - Review filter configurations - Adjust threshold settings - Whitelist legitimate sources - Enable webhook notifications

Support and Resources

For additional support with advanced spam protection features, contact Basin support or refer to our comprehensive documentation.