Drop-in protection that scores every form submission, quarantines the ambiguous, and forwards the clean ones — without breaking your form.
Multiple independent signals — behavioral, reputational, and content-based — combine into a single confidence score.
Clear submissions forward to your handler. Borderline ones are quarantined for one-click review. The rest get a benign response.
If the proxy is unreachable, the snippet submits your form directly to its original endpoint. Protection degrades; the form keeps working.
Emails, payloads, and IPs are stored only as SHA-256 hashes. No plaintext PII is persisted or logged.
This form is protected by SpamFlip (site demo, store-only). Submit it, then open the dashboard to see how it scored.
Add the snippet, mark your form. The original action stays as your fallback.
<script src="https://spamflip.app/sf.js" data-site-key="demo" defer></script> <form data-spamflip action="https://formspree.io/f/abc123" method="POST"> <input name="email" type="email" /> <textarea name="message"></textarea> <button type="submit">Send</button> </form>
Configure per-site allow-listed forward endpoints and origins via the SPAMFLIP_SITES environment variable. The forward target is always server-side — never taken from the client — so the proxy can’t be used as an open relay.