Smart Intake
Spam Protection
Capture forms from any website with zero code.
Protect your CRM from spam bots and unwanted submissions with Kantos's multi-layered spam protection. Keep your data clean without adding friction for real users.
Zero-Friction Protection
Unlike CAPTCHAs that frustrate users, Kantos spam protection works invisibly in the background. Real users never see a challenge—bots get blocked silently.
Protection Layers
Kantos uses multiple techniques to identify and block spam:
| Layer | Description | Catches |
|---|---|---|
| Honeypot Fields | Hidden fields that bots fill but humans don't see | Simple bots, scrapers |
| Timing Analysis | Detects submissions that happen too fast | Automated scripts |
| Behavior Patterns | Analyzes mouse movement, keystrokes, and interaction | Sophisticated bots |
| Content Analysis | AI-powered detection of spam content patterns | Link spam, gibberish |
| Rate Limiting | Limits submissions per IP/session | Flood attacks |
Enabling Spam Protection
Basic Honeypot Protection
Enable honeypot fields by adding a data attribute to your script:
<script
src="https://cdn.kantos.ai/intake.js"
data-api-key="YOUR_API_KEY"
data-object-definition-id="YOUR_OBJECT_DEFINITION_ID"
data-honeypot="true"
defer
></script>The script automatically injects a hidden field that bots will fill but humans won't see. Any submission with that field filled is silently rejected.
Full Spam Protection Suite
Enable all protection layers through your dashboard:
Navigate to Smart Intake Settings
In your Kantos dashboard, go to Settings → Smart Intake.
Open Spam Protection
Click on the "Spam Protection" tab.
Enable Protection Layers
Toggle on the protection methods you want to use.
Configure Sensitivity
Adjust the spam score threshold for your needs.
How Honeypot Works
The honeypot technique adds a hidden field to your form:
<!-- The script injects something like this (hidden from users) -->
<div style="position: absolute; left: -9999px;">
<label for="website_url_hp">Leave this empty</label>
<input type="text" name="website_url_hp" id="website_url_hp" tabindex="-1" autocomplete="off" />
</div>- Human users never see or interact with this field
- Bots scan the HTML and fill all fields, including the honeypot
- Result submissions with the honeypot filled are rejected
CSS Considerations
If you have custom CSS that uses position: absolute rules broadly, ensure the honeypot field remains hidden. The script uses inline styles for protection, but aggressive CSS resets could interfere.
Timing Analysis
The script tracks how long a user takes to fill out the form:
- Too Fast (<2 seconds) - Likely a bot or automated script
- Normal (2-300 seconds) - Real user filling out form
- Too Slow (>30 minutes) - Session may be stale, request fresh submission
{
"timing_settings": {
"min_fill_time_seconds": 2,
"max_fill_time_seconds": 1800,
"suspicious_threshold_seconds": 5
}
}Content Analysis
AI-powered content scanning checks for common spam patterns:
Detected Patterns
- Excessive Links - Multiple URLs in message fields
- Spam Keywords - Common spam phrases and patterns
- Character Anomalies - Strange character combinations, zalgo text
- Language Mismatches - Content doesn't match expected language
- Gibberish Detection - Random character strings
{
"content_analysis": {
"max_links": 3,
"blocked_patterns": [
"crypto", "viagra", "casino", "lottery winner"
],
"allowed_domains": [
"linkedin.com", "github.com"
],
"language_check": "en"
}
}Rate Limiting
Prevent flood attacks with built-in rate limiting:
| Limit Type | Default | Configurable |
|---|---|---|
| Per IP per minute | 5 submissions | Yes |
| Per IP per hour | 20 submissions | Yes |
| Per form per minute | 50 submissions | Yes |
| Per email address | 3 submissions/hour | Yes |
Legitimate High Volume
If you expect high legitimate volume (events, launches), temporarily increase rate limits or whitelist specific IPs through your dashboard.
Spam Score System
Each submission receives a spam score from 0-100:
{
"spam_analysis": {
"total_score": 75,
"breakdown": {
"honeypot_filled": 0,
"timing_suspicious": 15,
"content_spam_patterns": 40,
"ip_reputation": 10,
"behavior_anomalies": 10
},
"verdict": "likely_spam",
"action": "quarantined"
}
}Score Thresholds
- 0-30: Clean - Submission passes all checks
- 31-60: Suspicious - Flagged for review but processed
- 61-80: Likely Spam - Quarantined by default
- 81-100: Definite Spam - Automatically rejected
Handling Blocked Submissions
Configure what happens when spam is detected:
Silent Rejection (Default)
The form appears to submit successfully, but no record is created. This prevents attackers from knowing their submission was blocked.
Quarantine
Submissions are stored in a separate quarantine area for manual review. Useful when you want to verify before permanent deletion.
Flag and Process
Create the record but add a "potential_spam" tag. Use this when you want to review suspicious submissions without blocking them.
{
"spam_actions": {
"definite_spam": "reject_silent",
"likely_spam": "quarantine",
"suspicious": "flag_and_process",
"clean": "process"
}
}Reviewing Quarantined Submissions
Navigate to Smart Intake
Go to your Kantos dashboard → Smart Intake.
Open Quarantine
Click on the "Quarantine" tab to see blocked submissions.
Review Each Submission
Examine the content and spam score breakdown.
Take Action
Choose to approve (create record), reject (delete), or whitelist the source.
Whitelisting
Prevent false positives by whitelisting trusted sources:
IP Whitelist
{
"ip_whitelist": [
"192.168.1.100",
"10.0.0.0/8",
"203.0.113.0/24"
]
}Email Domain Whitelist
{
"email_domain_whitelist": [
"trustedclient.com",
"partner-company.com"
]
}Referrer Whitelist
{
"referrer_whitelist": [
"https://trusted-partner.com",
"https://marketing-campaign.com"
]
}Monitoring & Alerts
Stay informed about spam attempts:
- Dashboard Metrics - View spam rates, blocked submissions, and trends
- Email Alerts - Get notified of unusual spam activity spikes
- Weekly Reports - Automated summary of spam protection performance
Spam Intelligence
Kantos aggregates spam patterns across all customers (anonymously) to improve detection for everyone. New spam techniques are detected faster through collective intelligence.
Testing Spam Protection
Verify your spam protection is working:
Submit a Normal Form
Fill out your form normally and verify the record is created.
Test Honeypot
Use browser developer tools to fill the hidden field and submit. Should be rejected.
Test Timing
Use a script to submit instantly. Should be flagged or rejected.
Check Quarantine
Verify blocked submissions appear in the quarantine queue.
Troubleshooting
Legitimate Submissions Being Blocked
- Check if the user's IP is on a known spam list
- Review the spam score breakdown to identify the trigger
- Consider lowering sensitivity or whitelisting the source
- Check for overly aggressive content filters
Spam Still Getting Through
- Ensure honeypot is enabled in your script
- Increase spam score threshold sensitivity
- Add specific blocked patterns for recurring spam content
- Enable additional protection layers
Next Steps
- Set up AI classification to automatically route legitimate submissions
- Create automations to process clean submissions
- Use the API to build custom spam handling workflows