What about spam protection?
Let’s try to figure out how can we protect our forms form fake submissions, spam bots etc.
We have one of preinstalled tools like honeypot, so we’ll configure it now.
Open the honeypot configuration page (Admin Panel -> Configuration -> Honeypot).
Here you’re able to choose the form types honeypot should protect.
How it works?
If the form is protected by honeypot, it creates an additional, hidden input (or couple), with a specific tokens. After the form were submitted, it validates tokens, what makes difficult to pass this validation for robots.