Since early 2023, the Webflow platform has been the target of several SPAM-bots, which found a way to bypass sites entirely and go directly to the Webflow form submission handler.
Besides the SPAM, this attack factor comes with some interesting downsides for the community;
Webflow has been working on this problem since, however it's lead to
In a Webflow form, when you change the action setting, Webflow disables its in-built form handler and the form content can be posted to your own handler destination.
When you use this in combination with javascript or SA5's Form Webhook Handler library, you get;
Sygnal exclusively uses Basin for our form handlers, it's incredibly reliable, easy to implement, customizable, and has phenomenal SPAM handling.
If you want to use it, Sygnal has a full Basin integration guide.
Besides the general "custom form handler" benefits above, here's what our Basin setup provides;
Basin's email notifications;
Robert Simmons offers more detail and discussion of the spam problem here, plus
https://www.reddit.com/r/webflow/comments/12dpo0h/avoid_webflows_default_forms_at_all_costs_a/
David Proler recommended a cookie consent approach using Termageddon. I haven't investigated how it works, but my guess is that the cookie consent must be accepted before a form can be submitted. Since bots don't do that, they can't submit forms.
It's not clear to me how that helps with a gateway attack, but David's walkthrough is here;
https://www.facebook.com/groups/webflowdesigners/posts/1913625682483429/
Also in relation to email spam solutions, Nicolás Ordaz recommends Postmark.
...consider using https://postmarkapp.com. This service allows you to create your own domain for all customer forms and assign them an email account. Alternatively, you can set up a domain for each client with their email account. For example, you can purchase .email domains, which are very cheap. Postmark is secure, fast and easy to use, and you can set up DMARC