Everything SpamKill does to protect your forms — and what each feature means for your business.
Plans bundle related features into packs. Each card jumps to that pack's full breakdown below.
The foundation. Behavioral analysis, randomized fields, intelligent honeypots, and ML scoring run on every form — your visitors never see a CAPTCHA or a checkbox, bots get blocked instantly.
SpamKill's foundational defense layer. Unlike CAPTCHAs, it works entirely behind the scenes — your visitors never see a challenge, checkbox, or puzzle.
When a form loads, SpamKill dynamically transforms it: field names are randomized each session, intelligent honeypot fields are injected with attractive names bots can't resist, and CSRF tokens are encrypted server-side. Then, real-time behavioral analysis kicks in:
The result: bots are blocked instantly while real humans submit forms without knowing protection exists.
Everyone with a web form. This is the foundation — it runs by default on every form, on every plan. The other features in higher tiers add specialized layers, but Core handles the bulk of bot traffic on its own.
Available in every plan.
Detects submissions from temporary email services like Guerrilla Mail, 10MinuteMail, Mailinator, and hundreds of others. These throwaway addresses are commonly used by spammers, fraudsters, and bots to bypass email verification.
You choose what happens when a disposable email is detected:
Businesses that send marketing emails — newsletters, drip campaigns, onboarding sequences, gated content. Mailinator-style addresses won't open your emails and will eventually drag your sender reputation down. If you only collect email for one-off contact and don't run sequences, set this to "challenge" or "ignore" and review periodically.
Available in every plan.
Controls how aggressively SpamKill filters submissions across your site. Set one level per site that matches your overall risk tolerance:
Anyone tuning the balance between catching spam and keeping false positives near zero. The setting is per site, so pick based on your overall risk profile — keep on Low if any missed real submission hurts (high-LTV B2B sales, checkout, support); push to High if your site is under heavy bot attack (giveaways, free trials, public sign-ups). Most teams stay on Medium.
Available in every plan.
Stops automated traffic at the source. Detects submissions coming from cloud servers (AWS, Azure, DigitalOcean, etc.) and lets you maintain your own blocklists for email domains and IP addresses.
Detects form submissions originating from known data center and cloud hosting providers — AWS, Azure, Google Cloud, DigitalOcean, OVH, and others. Real customers submit forms from residential or mobile IPs, not from servers.
Detection is based on ASN (Autonomous System Number) lookups, which identify the network owner behind every IP address. This catches automated scripts running on cloud infrastructure, even if they rotate IPs. You choose the action:
B2C and most B2B businesses — your real customers fill out forms from homes, offices, or mobile networks, not from cloud servers. The exception is corporate networks that route through cloud VPNs (some Fortune-500 setups, certain VPN-heavy industries) — for those, set the action to "challenge" instead of "block."
Available on the Growth, Professional, Business, Scale, and Elite plans.
Lets you maintain your own list of blocked email domains. If you're consistently getting spam from specific domains (e.g. @spamdomain.com), add them to your blacklist and all future submissions from those domains are automatically rejected.
This is fully user-managed — you add and remove domains from your dashboard. Useful for blocking repeat offenders or known spam domains that are unique to your industry.
Another common use case: if you're a B2B business that doesn't accept leads from personal email addresses, you can blacklist free-mail providers (gmail.com, yahoo.com, hotmail.com, outlook.com) so consumer-style signups never reach your CRM in the first place.
Anyone seeing repeat spam from a specific email domain — typically @mail.ru, @list.ru, throwaway domains your industry already knows, or domains tied to a recent attack. Also useful for B2B teams that block free-mail providers (gmail / yahoo / hotmail / outlook) to keep consumer-style leads out of the pipeline. Skip if your spam doesn't cluster around domains you can name.
Available on the Growth, Professional, Business, Scale, and Elite plans.
Block form submissions from specific IP addresses or CIDR blocks. If you identify a particular IP or range that's sending spam, add it to your blacklist and all future submissions from that source are automatically rejected.
Supports both individual IPs (e.g. 203.0.113.50) and CIDR notation for IP ranges (e.g. 203.0.113.0/24). Fully user-managed from your dashboard — add and remove entries at any time.
Teams who can identify a specific IP or CIDR range as the source of repeat attacks — typically from server logs, your CRM, or a previous breach analysis. Useful when you've narrowed a problem to one network or co-located bot farm. For most small businesses, the behavioral and ASN-based detection in Source Shield catches what you'd manually blacklist anyway.
Available on the Growth, Professional, Business, Scale, and Elite plans.
Tighter control over which leads get through, with a safety net. Allow- or deny-list submissions by country, review every blocked submission so you can manually release any that shouldn't have been blocked, and stream all submissions to your Datadog account for monitoring.
Restrict form submissions by country using IP geolocation. Two targeting modes are available:
For each mode, you choose the enforcement action:
Filtering operates at the country level. When a submission comes in, SpamKill checks the IP's geolocation and applies your rules before the lead reaches your system.
Businesses serving one country or region, or anyone seeing concentrated spam from specific geographies (common patterns: spam from India / Vietnam / Russia / Nigeria hitting US-only forms). Skip this if your customers are genuinely global — the other layers handle most attack traffic on their own.
Available on the Professional, Business, Scale, and Elite plans.
A dedicated interface to review every submission SpamKill blocked. You see the full lead details — name, email, IP, country, submission data, and the exact reason it was blocked.
If you spot a false positive, you can mark it as such — SpamKill's models learn from your feedback — and copy the submitted lead details (name, email, message, etc.) into your CRM by hand. This gives you a safety net: protection runs on autopilot, but you always have the final say on edge cases.
Teams where any false positive could be a lost deal — usually B2B sales with high lifetime value. The review UI lets you see what was blocked and why, mark mistakes so the model improves, and copy any genuine lead's details into your CRM by hand. If your forms collect low-value contact requests where one missed lead doesn't materially matter, you can rely on Core's ~99.99% accuracy alone.
Available on the Professional, Business, Scale, and Elite plans.
Stream all form submissions to your own Datadog account for centralized monitoring and analytics. This is a read-only integration — you can view submission data, build dashboards, and set up alerts in Datadog, but you cannot flag or process submissions from there.
Setup requires a Datadog account (separate subscription). Once connected, every form submission — both allowed and blocked — is logged to your Datadog instance in real time with full metadata.
Teams already using Datadog for application monitoring who want submission data co-located with their other observability — useful for building custom alerts, joining submission logs to other application metrics, or running cross-team queries. If you're not on Datadog, this isn't a reason to add it.
Available on the Professional, Business, Scale, and Elite plans.
For traffic that tries to look human. Detects VPN and proxy traffic (including residential proxies), flags submissions where the name and email do not match, and lets you customize the verification challenge presented to suspicious visitors.
When SpamKill flags a submission as suspicious (but not definitively spam), it can present a verification challenge instead of blocking outright. This is not a CAPTCHA — it's identity verification tied to the specific submission. Three challenge types are available:
You choose which challenge types to offer and SpamKill handles the rest. Legitimate users pass in seconds; bots can't.
Teams whose visitors are technically savvy enough that biometric or social-login challenges feel native — B2B SaaS prospects, developer tools, fintech, mobile-first products. Pick the challenge that matches your audience: re-entry for general consumer audiences, social login for SaaS, biometric for mobile-heavy traffic. If you're fine with SpamKill's defaults, you can ignore this.
Available on the Business, Scale, and Elite plans.
Detects submissions routed through proxies or VPN services. You choose the action: block outright, challenge with a verification step, or ignore (monitor only).
This differs from "Block Data Center IPs" — data center blocking catches servers and cloud IPs broadly, while proxy/VPN detection specifically targets traffic-masking services, including residential proxies that don't originate from data centers.
Businesses with high-value forms (B2B demos, paid trials, application forms) where a sophisticated bot operator might pay for residential proxies to evade other detection. Especially relevant if you've seen spam slip past your other filters. If your spam is mostly lazy bots from data center IPs, Source Shield already covers them and you don't need this layer yet.
Available on the Business, Scale, and Elite plans.
Cross-references the name field against the email address to catch mismatches and gibberish entries. Two types of checks:
You choose the action: block flagged submissions, challenge them with a verification step (giving real users a chance to prove themselves), or ignore (monitor only). This adds another signal layer on top of behavioral analysis — even if a bot passes other checks, mismatched or nonsensical name/email combinations are caught.
B2B teams whose CRM data quality directly impacts pipeline accuracy and sales reporting. Catches signatures like "asdfgh @ realcompany.com" or "Jake Miller @ [email protected]" — patterns where the name and email don't reasonably match. Useful any time the quality of the name/email pair matters, not just whether the address is technically deliverable.
Available on the Business, Scale, and Elite plans.
Get a monthly encrypted CSV containing every blocked submission — full submission data, IP, country, timestamp, block reason. Useful for compliance, audits, and bulk review.
Every month, SpamKill automatically emails you an encrypted CSV containing all blocked lead data — full submission details including name, email, IP, country, timestamps, and block reasons.
The file is encrypted for security since it contains lead data. This gives you a complete audit trail without needing to log into the dashboard, useful for compliance, reporting, or bulk review of blocked submissions.
Teams that need a paper trail — compliance audits, periodic security reviews, post-mortems on a specific spam wave, or demonstrating "we did receive that lead, it just looked spammy" to a customer or regulator. If you're happy looking blocked submissions up inside the SpamKill dashboard whenever you need them, you can skip this.
Available on the Scale and Elite plans.
For high-volume teams who need scale. Operate on blocked leads in bulk, build custom analytics dashboards, integrate via the SpamKill API, protect multiple domains under a single account, and audit detection accuracy by marking false positives and negatives across every submission.
An enhanced version of Submission Logging that adds two-way feedback. In addition to streaming all submissions to Datadog, you can review every lead and mark it as:
This feedback loop directly improves SpamKill's accuracy for your specific traffic patterns over time. Ideal for high-volume operations where even small accuracy improvements have measurable business impact.
High-volume operations where small accuracy improvements compound — typically 100K+ submissions/month. Marking false positives/negatives directly trains the model on your traffic patterns; over time, accuracy on your specific spam profile improves measurably. Smaller operations don't have the volume for the feedback loop to show meaningful gains.
Available only on the Elite plan.
How limits, alerts, and overage charges work — same rules across every plan, with rates that scale by tier.
Protection never stops when you hit your monthly lead limit. SpamKill uses a fair, transparent overage model:
Overage rates vary by plan — from $5/100 leads on Starter to $10/10,000 leads on Elite. See the pricing page for the full rate table.
Anyone whose lead volume is unpredictable — seasonal spikes, viral moments, sudden ad-campaign growth. The grace period and per-block billing mean a single big month doesn't auto-upgrade you to a tier you don't need. If your volume is steady, you'll rarely hit the cap and the smart-recommendation prompt tells you when an upgrade is genuinely cheaper than paying overage.
Applies to all plans.
Pick a plan that fits your volume. Upgrade anytime as you grow.
View Pricing