If you use Formspree to handle your HTML form submissions, you may have noticed something frustrating lately.
Spam is getting worse. And Formspree is not stopping it.
I ran a simple test last week that confirmed what many Formspree users are already experiencing. Here is exactly what happened.
The Test
I set up two identical contact forms. One pointing to a Formspree free plan endpoint. One pointing to a Formgrid free plan endpoint.
Then I submitted this spam to both:
Name: 💰 Top Up 36,824.92 USDC ⇒⇒ graph.org/BALANCE-3682444-USD-04-21-3?hs=a4973c2d49735de24405dc4e9935f590& 💰
Email: oijm2lwwnxhwqn@wshu.net
Message: dxospb
This is a real spam submission. Not something I made up. It was submitted to a real business contact form on 20 May 2026 at 8:26 AM.
Form submission from Form powered by Formgrid
Form submission from form powered by Formspree
What Happened on Formspree
The submission went straight to the inbox. No filtering. No blocking. The business owner received the full spam email notification with the cryptocurrency scam content, the disposable email address, and the random gibberish fields.
This is a Formspree free plan limitation. Spam filtering is not included on the free plan. Every submission, regardless of content, goes directly to your inbox.
For a solo developer or small business owner, this is annoying. For a team like a counselling service or a professional services firm, receiving this kind of content in a shared inbox is genuinely disruptive.
What Happened on Formgrid
Nothing arrived.
The submission was silently blocked before it ever reached the inbox. No email notification. No lead created in the dashboard. The spam never existed as far as the form owner was concerned.
Formgrid detected multiple red flags in the submission automatically:
Emoji in the name field:
💰 symbols are not legitimate names
Cryptocurrency content:
USDC and balance transfer patterns are known spam signals
Disposable email address: wshu.net is a known throwaway email domain
URL in the name field: graph.org link embedded in what
should be a name field
Gibberish fields:
yp574z, uujdgc, and dxospb are random
character strings not legitimate data
Arrow patterns:
⇒⇒ is a common spam formatting pattern
used in crypto scam submissions
All of these checks run automatically on every Formgrid form on every plan, including free. The form owner never configured anything.
The spam was blocked without any action required.
Why This Matters for Your Business
Most contact forms collect inquiries from real people with real problems your business can solve. When spam floods your inbox, it buries those real inquiries.
A counselling service receiving cryptocurrency scam content in their team inbox is not just annoying. It is inappropriate and disruptive to their workflow.
A small business owner checking their form submissions and seeing spam instead of genuine leads is wasting time and losing confidence in their tools.
Form spam is not a minor inconvenience. It directly affects your ability to respond to real customers quickly.
The Formspree Spam Problem Is Getting Worse
Formspree has been around since 2012. Their free plan has always had limited spam protection. As bots become more sophisticated, the gap between what Formspree filters and what actually gets through continues to widen.
Their paid plans at $15 per month include reCAPTCHA and additional spam filtering. But that means paying $15 per month just to stop obvious spam that should never reach your inbox in the first place.
What Formgrid Does Differently
Formgrid runs platform level spam checks on every single submission across every form on the platform automatically. These checks cannot be disabled and apply to every plan, including free.
The checks include:
Emoji detection in name fields. Legitimate names do not contain cryptocurrency symbols or emoji.
Disposable email domain blocking. A database of known throwaway email services like wshu.net, yopmail.com, and mailinator.com is blocked automatically.
URL detection in name fields. Real names do not contain links. If a name field contains a URL, it is spam.
HTML injection blocking. Any submission containing HTML tags like anchor links or script tags is silently filtered.
Gibberish field detection. Random character strings in fields that should contain readable text are flagged automatically.
Cryptocurrency and casino keyword filtering. Known spam content patterns are matched and blocked before reaching your inbox.
Arrow pattern detection. Spam formatting patterns like ⇒⇒ used in crypto scam submissions are detected and blocked.
All of this runs silently. The spammer receives a successful response, so they never know they were blocked. You never see the submission. Your team never sees the content.
The Honest Comparison
| Feature | Formspree | Formgrid |
|---|---|---|
| Spam filtering | Paid only | All plans |
| Emoji blocking | No | Yes |
| Disposable email blocking | No | Yes |
| HTML injection blocking | No | Yes |
| Gibberish detection | No | Yes |
| Crypto spam blocking | No | Yes |
| Price for spam filtering | $15/month | Free |
How to Switch From Formspree to Formgrid
Switching takes about 5 minutes.
- Create a free account at formgrid.dev
- Create a new form in your dashboard
- Copy your Formgrid endpoint URL
- Replace your Formspree action URL with your Formgrid endpoint URL
- Submit a test form to confirm it is working
Your existing form HTML does not change. Your fields stay the same. Only the action URL changes.
From this:
<form action="https://formspree.io/f/your-form-id" method="POST">
To this:
<form action="https://formgrid.dev/api/f/your-form-id" method="POST">
One line. Five minutes. No more spam in your inbox.
Start Free
Formgrid is free to start with no credit card required. Spam protection is included on every plan, including free.
If you are currently on Formspree and tired of spam reaching your inbox, give Formgrid a try. The switch takes 5 minutes, and your team will never see cryptocurrency scam content in their inbox again.