Protect a newsletter sign up form from bot submissions

What strategy do you recommend to prevent bots from submitting a newsletter sign up form?

The form has only the email address and a subscribe button. It’s a Rails application.

Ideally I would like to present a captcha or challenge if the client is suspicious (i.e. if there are signals that it may be a bot).

Any solutions with Cloudflare?

If you’re country limited, easy way would be to block requests coming from other countries than your own or for the purpuse, allow only yours.

Otherwise, I’d suggest you to configure the Security Level, enable Bot Fight Mode, enable Rate Limiting Rules, add some custom WAF Rules to block know bad and/or fake bots.

Furthermore, if possible, rewrite the app a bit and add the Cloudflare Turnstile challenge (captcha way).

Nevertheless, using a WAF rule, I’d setup a basic JS challenge for everyone who comes to the newsletter form, just in case.

Remember to test your setup to ensure legitimate users can sign up without issues.

Here are some great articles to start:

A different approach would be to combine and use Cloudflare services, some exmaples with code here:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.