Updated March 2026
Spam is a fact of life for public forms. Bots submit junk at scale. Here's what actually helps.
Rate limiting. Sutrena throttles submissions per IP. Trial plan: 5 per 24 hours per IP. Paid plans have higher limits. A single bot can't flood your form.
Field validation. Every field has a type, and Sutrena validates against the schema. Email fields must be valid emails. Number fields must be in range. Select fields must match predefined options. Required fields must be present. This rejects a lot of spam that sends random text everywhere.
Field constraints. minLength and maxLength prevent single-character or absurdly long submissions. The pattern property enforces regex on text fields. All validated server-side, so disabling JavaScript doesn't help.
maxSubmissions caps total submissions on a form. Once reached, the form stops accepting data. Useful for contests, limited signups, or any hard cap scenario.
uniqueBy prevents duplicate submissions. Set it to a field name like "email" and Sutrena rejects any submission where that value already exists. Spam reduction and data quality in one feature.
For webhooks, HMAC signing ensures only authentic submissions reach your backend. Fake payloads fail signature verification.
Need more? Implement a honeypot on your custom frontend. Add a hidden text field. Legitimate users won't fill it in, bots will. Reject submissions where the honeypot has a value.
Notice what's missing: captchas. These tools handle most spam without making users prove they're human.
# Create a form with spam protection features
curl -X POST https://sutrena.com/api/forms \
-H "Authorization: Bearer st_live_your_key" \
-H "Content-Type: application/json" \
-d '{
"name": "Protected Form",
"fields": [
{ "name": "email", "label": "Email", "type": "email", "required": true },
{ "name": "message", "label": "Message", "type": "textarea", "required": true, "minLength": 10, "maxLength": 2000 }
],
"uniqueBy": "email",
"maxSubmissions": 1000
}'