The spam landscape changed twice in the last 18 months. First, generative models made it trivial to produce form submissions that pass every keyword filter ever written. Second, the same models made it possible to detect those submissions with near-perfect accuracy — at a cost most teams can afford.

This is a working guide to spam moderation for forms in 2026: what changed, what still works, and where AI fits in the stack.

Why keyword filters stopped working

The old shape of spam was easy: SEO link drops, casino promotions, get-rich-quick pitches. Every spam submission contained at least one phrase from a list of ~500 known patterns. A regex caught it. A blocklist on TLDs and IPs caught most of the rest.

The new shape of spam is paragraphs that read like a real lead. The body is a coherent inquiry. The "company" is plausible. The "use case" matches your ICP. The only tell is that the email goes to a catch-all domain you have never heard of, and the message is one of 4,000 sent that day from the same operator.

A keyword filter sees a 250-word inquiry about your product. It passes. Your sales team writes back. Two hours later they realise nobody is on the other end.

What AI moderation actually checks

A model doing spam moderation on form input is not reading the message for "bad words". It is checking three things:

  1. Coherence at the submission level. Does the email domain match the company name? Does the IP geolocation match the claimed country? Does the message length and structure match a real human inquiry, or does it have the "polished but generic" tone of a generated lead?

  2. Coherence across submissions. Are 80% of today's submissions to this form using slightly different phrasings of the same template? That is invisible to a per-submission filter and obvious to a batch-level one.

  3. Behavioural fingerprints. Did the submission arrive in 1.2 seconds (faster than a human can read the form)? Did the cursor move? Did the keyboard cadence match a human or a paste? Was the browser fingerprint shared with 400 other submissions in the last hour?

Each of these is a probability, not a verdict. The model returns a spam score, and your form decides what to do with it: send to inbox, send to spam folder, hold for review, or hard-block.

Where AI moderation still gets it wrong

Two failure modes worth planning for:

False positives on real edge-cases. Non-native English speakers writing carefully sometimes hit the same "polished but generic" signature as generated spam. International leads on a US form, students using AI to help draft a legitimate inquiry, anyone using a translation tool — all can trip the filter. A hard-block here costs you a real lead.

False negatives on targeted abuse. A motivated attacker who is not running a spam campaign — say, a single competitor trying to flood your contact form — will not match any pattern. They look exactly like a real lead. AI moderation does not catch them.

The fix for both: never make the AI score the only gate. Treat it as one signal in a layered defence.

The layered defence that still works in 2026

The shape we recommend, in order:

  1. Honeypot. An invisible field that bots fill and humans don't. Catches the cheap stuff at zero cost and zero UX friction. Still works. Still essential. The pattern has been standardised by Project Honey Pot since the mid-2000s and is referenced in the OWASP Automated Threats handbook as a baseline defence.

  2. Submission-rate limits. Per-IP, per-domain, per-form. "More than 5 submissions from this IP in 60 seconds" catches scripted abuse before it reaches any filter.

  3. Captcha for risky submissions only. Don't put a captcha on every submission — it costs you 5–10% conversion. Show one only when other signals are suspicious: new IP, fast submission, unusual user-agent, geographic mismatch. Adaptive options like Cloudflare Turnstile and Friendly Captcha keep conversion intact without falling back to interactive challenges.

  4. AI moderation pass. Runs on every submission after the cheap filters have done their work. Outputs a score. Your form rules decide the action.

  5. Custom rules. The escape hatch. Block by specific IP, regex on a field, country code, email domain pattern. Catches the targeted abuse the model misses.

  6. Human review for held submissions. Anything in the "high-spam-score but not certain" band lands in a review queue. A human spends two minutes a day on it. That two minutes is where the targeted abuse gets caught.

What to log, and what to look at

The spam log is more valuable than most teams realise. The two reports worth pulling weekly:

  • False positive rate. How many submissions did you mark as spam that a human later marked as not-spam? If this is above 2%, your filter is too tight and you are losing real leads.
  • False negative rate. How many submissions did you mark as inbox that a human later marked as spam? If this is above 5%, your filter is too loose and your team is wasting time.

Tune toward the target rates. Most teams over-correct toward "block more" until they have a bad month, then over-correct the other way. A weekly review keeps you in band.

Related from this desk

The honest pitch

Spam moderation is not a problem you solve once. It is a problem you keep in band. AI moderation makes the in-band cost cheaper than it used to be — most spam catches happen without you looking at it. But the rules layer underneath still matters, the honeypot still matters, and the human review queue still matters.

The teams that get this right have a five-minute weekly habit: look at the spam log, eyeball the false-positive bucket, tighten or loosen one rule. That five minutes saves the entire sales team from chasing ghosts.