Hi there, I’ve been having the same issue this past week with spam on WF forms.
After investigating why reCaptcha wasn’t blocking the spam on my form, I checked my reCaptcha account console & in my case I had exceeded the 10,000 free monthly assessments without having billing details supplied to Google for this site key, so I would assume it was because I had surpassed the free monthly 10,000 assessments quota & reCaptcha was simply letting the spam mails go through now.
Last week, I noticed that multiple sites of mine had the recaptcha site/secret key fields reset. The fields were blank and the toggle switch was positioned to “off”. Not sure if this happened due to reaching a quota, but strange that everything was turned off automatically.
I was seeing an increase in Spam and like other people have said I have reCaptcha set up.
Within reCaptcha settings I notice within “Security Preference” I could update this another level to “Most secure” after doing this it has been the first 24 hours since I have had zero spam through.
Not sure if this is just a coincidence or has helped but worth checking and updating see if this helps anyone else 
I shared a quick and easy solution that’s an alternative to using Basin that filters out 100% of the bot generated spam in another thread - link below:
Since I’m a small freelancer with just a few clients, that’s a good idea to use a single Basin account, cheers.
Overall hope there will be a solution from Webflow, also reading others.
Hi there, @Emily_Lonetto
It’s October 17th, and we are still experiencing a flood of spam submissions.
We’ve made some progress by integrating Formspark and Botpoison into our Webflow forms. However, it appears that a bot is continuing to bypass these measures and spam us directly through Webflow.
Could you please provide an update on where we stand with this critical patch?
Thanks,
M.
This needs to be fixed. I can also confirm that the new bot prevention update didn’t do the trick. It stopped for like a few days and now it’s back to flooding our clients forms again.
Formspark + Botpoison would be a good approach for handling the form submissions entirely outside of Webflow. However that won’t stop the SPAM attacks directly to Webflow’s gateway servers.
That will still get picked up by your “form” and shown in your site dashboard, but that’s essentially not relevant as long as you have your emails removed from the notifications.
Just adding that I’ve been using Basin for a year now for my biggest client who had a massive spam problem, and no more spam problems ever since.
Curious how the native solution is doing nowadays. I have a Formspark + Botpoison on one other website and get an occassional spam message, let’s say once every 2 weeks, so that’s manageble.
Since Wednesday and the whole Cloudflare outage, we have three clients and my own site - which is being absolutely hammered with spam every 3-4 hours.
One client has a form which has a Zapier intergration to send the email to a certain address, depending on the Department they select from a dropdown
So we can filter some out by basically blocking out .gmail and other common email addresses… but this will guarantee rule out some genuine requests
Adding in Webflow Bot Protection is genuinely a waste of time, it didn’t work and it murdered the site loading times…
I did look at Basin, but will this work for my solution described above with my dropdown and Zap?
With how many issues I’ve already seen similar with Spam since 2023… I don’t exactly have faith in Webflow working on a solution…
@Monty3540 Basin has an integration to Zapier and Make. No reason you can’t leverage them to do whatever you want. I use this tool for more than just Webflow. I use it with static sites, WordPress sites, and more.
