All Formstack forms have behind-the-scenes technology in place to help prevent spam. However, for additional protection, you may consider enabling reCAPTCHA, a security feature available on all paid accounts. By enabling reCAPTCHA you will be adding another layer of protection to your forms to help thwart would-be spammers.
reCAPTCHA is a free service that will help protect your forms from spam and abuse submissions. It works behind the scenes to help determine if an end-user is actually a human being or a bot.
Read more on reCAPTCHA from Google Dev.
You can enable reCAPTCHA on your form by going to the Build tab, clicking 'Form Extras' along the top right, then toggling on 'Invisible reCAPTCHA'. The reCAPTCHA will be placed at the bottom of your form.
Set the minimum reCAPTCHA score
After you've enabled reCaptcha on your form, you can set the strictness of reCaptcha for that specific form by setting the minimum reCaptcha score. The reCaptcha score is a value between 0.0 and 1.0, indicating the likelihood that a user interaction is legitimate or fraudulent. A score of 1.0 suggests a high probability of the interaction being genuine, while a score of 0.0 indicates a high likelihood of bot activity.
Verify Domains (for embedded forms)
For reCAPTCHA to work properly on embedded forms, you'll need to include the domains on which you're embedding forms. This is because the authentication of reCAPTCHA is dependent on the domain.
When reCAPTCHA is set up out in the wild, the process involves telling Google what domain you have that is allowed to use reCAPTCHA. So in order to perform that same function (telling Google where reCAPTCHA is allowed), you have to set up your allowed domains within Formstack so that we can tell reCAPTCHA the domain is allowed. The setup of your allowed domains is on a per-form basis. Your level of user and form permissions on the Formstack account also come into play here.
How to Upgrade All Your Forms (account admins only)
You can update the domain for all forms in the account ONLY if you're an account Admin. Only account Admin users can change account-level domains. Permissions to edit allowed domains are in line with the permission levels of the account.
An account Admin is, and should be, able to edit account-wide domains and any form-level domains for the entire account. These account-level domains are restricted from non-account Admins. However, any user with form permissions can change form-level domains for reCAPTCHA.
To add an account-level domain, open the link under the reCAPTCHA setting in Form Extras for your form that says "add your domains." A lightbox will appear giving you the option to add account-level domains and/or form-level domains. Place your domains in the account-level box, listing one per line. (List these without the leading "https://www.")
Place your domains in the account-level box, listing one per line. (List these without the leading "https://www.")
These will be the allowed domains reCAPTCHA will authenticate and will allow reCAPTCHA to work correctly when embedded on these domains.
How to Upgrade a Single Form (account admins or form admins)
Account Admins can add account-wide domains as well as form-specific domains. A Form Admin can only add a form-specific domain for reCAPTCHA. If you only wish to upgrade a Single Form, you'd only use the Form-level domain section.