Update on reported spam via forms

As of Monday January 23rd, we have received reports of customers experiencing increased spam and ransomware emails arising from form submissions.

Our team is aware and have implemented solutions to drastically decrease the frequency of spam coming through. As a result of these new solutions, we have seen a sustained decrease of spam affecting customers.

To control spam volume, we’ve updated our rate limiting system to detect specific networks and request behaviors that indicate use of bots. In addition to volume mitigations, we have worked to tighten our content mitigation controls such as spam filtering, and spoofed form detection. During implementation, some form submissions may have been temporarily disrupted — which could have resulted in a temporary block on form submissions for some site visitors.

We understand that receiving spam of any kind can cause concern — however, we assure you that the spam emails in question have not compromised your site. We encourage you to avoid engaging with any suspicious content.

As the team continues to push added measures and prevention tactics, we recommend enabling Google reCAPTCHA on your site forms for an additional level of prevention. You can learn more about how to configure this here: Add a reCAPTCHA field | Webflow University :arrow_upper_right:

In efforts to track and improve our spam filtering system, we encourage you to forward any suspicious activity to form-spam-reports@support.webflow.com and avoid clicking any links contained within these emails.

For any customers who may be worried about extra charges due to an increase in form submissions, we have voided all charges for any form submissions at this time. If you or your client have already been charged, you can contact us through support.webflow.com and we will immediately refund any overages.

— The Webflow Team


Hello, is there any update here? We are still getting flooded with spam.

Hey John! Just followed up on DM (Twitter).

I have seen a resurgence in spam submissions (mostly with Latin text). We have implemented all the recommendations, but we seem to get even more after that.

Spam has started to again come through in the past two weeks, the Spam submissions coming through fire a submit request and the message copy field registers as a new field after they submit. Just the difference in the submissions from spam should be triggering something no?

Examples of just the past day but it looks like it started two weeks ago.

1 Like

This is a very real problem. The few customer sites I host with Webflow are continually seeing spam. Every day. It’s incessant even with Google reCaptcha V2 enabled. Please Webflow, how can we harden these forms?

1 Like

Hi there, our team is aware of ongoing reports of spam and continuing to actively implement new ways to improve spam filters and submissions. However we always recommend implementing additional ways to deter spam using your own filters or methods.


  • Enabling ReCAPTCHA (which it seems you’re doing)
  • Adding honeypots (i.e. adding hidden fields that only bots would be able to fill out)
  • Adding skill questions or user authentication
  • Or for additional protections, enabling anti-spam plug-ins & services

Please make possible to add invisible reCAPTCHA v3 and v2 (invisible).


This would be amazing

This is still a problem. I’ve been struggling for probably a year trying to stop spam messages and nothing seems to help. Here’s an example of a spam submission which is somehow circumventing all of my measures. Please help!

@Estec - You might not like to hear it but using an alternative form processor like Basin is the solution to this problem. Webflow has not figured out how to handle spam and this has been going on for ages.