Surface
Getting started

Spam Prevention and Lead Filtering

Surface blocks spam and low-quality leads automatically using AI detection, honeypots, and validation rules. This keeps your CRM clean and ensures sales teams only see qualified prospects.

Built-in spam protection

Surface filters out spam in real-time:

Disposable email detection. Blocks temporary email services like Guerrilla Mail, 10 Minute Mail, and hundreds of other throwaway domains.

Personal email filtering. Flags or blocks Gmail, Yahoo, Outlook.com for B2B forms that require business emails.

Pattern recognition. AI detects fake names (keyboard mashing, test entries like "asdf"), suspicious phone numbers, and bot behavior.

IP reputation. Blocks submissions from known spam IPs, VPNs, or data centers if you enable strict mode.

Spam protection is enabled by default. Configure aggressiveness in Settings > Spam & Filtering.

Configure filtering rules

  1. Go to Settings > Spam & Filtering

  2. Choose your protection level: Standard, Strict, or Custom

  3. Enable/disable specific filters (disposable emails, personal emails, VPNs)

  4. Add custom blocked domains or keywords

  5. Set what happens to spam: Block entirely, flag for review, or score lower

Start with Standard protection and only enable Strict if you're getting significant spam. Strict mode can occasionally flag legitimate leads.

Honeypot fields

Surface includes invisible honeypot fields that catch bots:

  • Hidden field added to every form that humans can't see

  • Bots auto-fill all fields, including the honeypot

  • Any submission with the honeypot filled is automatically rejected

Honeypots are enabled by default and require no configuration. They're invisible to visitors and don't affect form UX.

Custom blocklists

Block specific domains, emails, or patterns:

Domain blocklist. Add competitor domains, known spam sources, or irrelevant industries.

Keyword blocklist. Reject submissions containing specific words in name, company, or message fields (e.g., "test", "asdf", profanity).

Geographic filtering. Block entire countries or regions if you don't serve those markets.

Add entries in Settings > Spam & Filtering > Blocklists.

Be cautious with aggressive blocklists. Always review rejected submissions periodically to ensure you're not filtering out legitimate leads.

Review flagged leads

Submissions flagged as potential spam go to a review queue:

  1. Navigate to Leads > Flagged

  2. Review each flagged submission

  3. Approve to send to CRM or Reject to permanently delete

  4. Add false positives to an allowlist to auto-approve similar leads in the future

Check this queue weekly to fine-tune your filters and catch any legitimate leads that were incorrectly flagged.

CAPTCHA and reCAPTCHA

Add CAPTCHA challenges for extra protection:

  • Invisible reCAPTCHA: Runs in background, challenges suspicious behavior only

  • Checkbox reCAPTCHA: "I'm not a robot" checkbox (classic reCAPTCHA v2)

  • Custom challenge: Math question or simple text challenge

Enable in form settings under Advanced > Bot Protection. We recommend invisible reCAPTCHA for the best user experience.

CAPTCHAs reduce spam by 90%+ but can lower conversion rates by 3-5%. Only enable if you're experiencing high spam volumes.

Monitor spam rates

Track spam and filtering performance:

  • Total submissions vs. spam blocked vs. flagged for review

  • Spam rate over time by form

  • Which filters are triggering most often

  • False positive rate (approved flagged leads)

Check the Spam Dashboard monthly and adjust filters if spam exceeds 5% of submissions or false positives exceed 10% of flagged leads.

Teams using Surface spam protection report 95-100% spam reduction with near-zero false positives, saving hours per week on manual filtering.

Was this helpful?