--- title: "Avoiding Form Spam Submissions" slug: "avoiding-form-spam-submissions" updated: 2026-05-04T17:49:12Z published: 2026-05-04T17:49:12Z --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.technolutions.net/llms.txt > Use this file to discover all available pages before exploring further. # Avoiding Form Spam Submissions Slate uses submission-rate limiting for forms to prevent abuse, particularly to prevent confirmation emails from being generated by bot submissions. This method catches most fraudulent submission attempts, but some attempts can still bypass those protections. Spam bots often target Slate forms by submitting entries with URLs that contain `http` or query strings that contain `?` in name fields. These patterns rarely appear in legitimate submissions. Use submission conditions to block these submissions, and use retention policies to remove spam records that get through. ## Blocking spam with submission conditions > [!WARNING] > 📝 Note > > Completely eliminating spam submissions is difficult because bad actors continuously adapt their methods. These filters reduce exposure, but might not catch every case. Add a [submission condition](/v1/docs/access-and-submission-conditions) filter to your form to deny entries from anyone whose name contains `http` or `?`. 1. On a form, select **Edit Form** → **Edit Conditions**. 2. Select **Subquery Filter** and configure the following settings: - **Name**: `Not Like 'http'` or `Not Like '?'` - **Type**: **Dependent subquery** - **Aggregate**: **Formula** - **Formula**: `@first NOT LIKE '%http%'` or `@first NOT LIKE '%?%'` - **Export**: Select the form's name field. Rename the export `first`. 3. Select **Save**. 4. In the **Submission Denied** field, enter a generic error message, such as *"You are not permitted to submit this form at this time."* Avoid specific language that reveals your filter logic to bad actors. 5. Select **Save**. ![Subquery filter formula using NOT LIKE](https://cdn.us.document360.io/cd8ea7a6-07f3-4846-a554-627ac016d3e3/Images/Documentation/NOT LIKE(2).png) ![Submission condition and submission denied error message](https://cdn.us.document360.io/cd8ea7a6-07f3-4846-a554-627ac016d3e3/Images/Documentation/Form submission condition & error message(2).png) ## Deleting spam records If spam records make it through, use a [retention policy](/v1/docs/retention-policy-editor) to remove them in bulk. Filter for known spam patterns, such as records where the name contains `?`, or records where you added a flag or interaction to mark the record as spam. Then configure a retention policy to delete matching records. **📖**[Retention Policy Editor](/v1/docs/retention-policy-editor)