Features · Last updated April 23, 2026

Spam protection

Real visitors never see it; bots fill everything they can find. Adding a single hidden input keeps most automated spam out of your inbox — no captcha, no math puzzle, no “click every traffic light”.

Honeypot field

Add an input named _honey that is hidden from users via CSS. A human will never fill it in; bots usually will.

HTMLspam-protected.html

<form action="https://saveform.io/api/submit/YOUR_FORM_ID" method="POST">
  <!-- Honeypot field — hidden from humans, visible to bots -->
  <input type="text" name="_honey" style="display:none" tabindex="-1" autocomplete="off" />

  <!-- Your real fields -->
  <input type="text"  name="name"  required />
  <input type="email" name="email" required />
  <button type="submit">Submit</button>
</form>

What happens to spam

Submissions with a filled _honey field are marked as spam and:

Do not count toward your monthly submission limit.
Do not trigger email notifications or webhooks by default.
Are still stored in the dashboard under a spam filter so you can audit them.

False positives

If a legitimate submission ends up in the spam bucket, open it in the submissions table and click Send anyway — the email notification and any configured webhooks will fire as a manual delivery.