Introduction
If entries are being marked as spam but don’t appear to be spam, the steps below can help identify the cause and resolve it.
Check the Entry Notes
The entry detail page often includes a note identifying which system or rule flagged the entry as spam. Start there before investigating further. For help viewing spam entries, see Reviewing Spam Submissions.
Enable Logging
Enabling logging can provide more detail about why a submission was flagged. To enable logging and access the log files, see Logging and Debugging.
Below are example logging statements to look for in the core and add‑on logs. Note: not every logging statement will appear for every submission.
Core Log
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::validate_honeypot(): Is honeypot input (name: [input name]) empty? [Yes or No].
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::validate_honeypot(): Submission initiated by GFAPI. version_hash validation and speed check bypassed.
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::validate_honeypot(): Is submission valid? No; version_hash input is empty.
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::validate_honeypot(): Is version_hash input valid? [Yes or No].
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::is_valid_submission_speed(): Submission speed check is disabled.
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::is_valid_submission_speed(): Is speed check valid? No; gform_submission_speeds input is empty or invalid.
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::is_valid_submission_speed(): Is speed check valid? [Yes or No]; [count] of [total] submissions met the threshold ([threshold] ms). Min required: [number]. All speeds: [JSON containing all the recorded timings]
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::validate_honeypot(): Is submission valid? [Yes or No].
[date and time] - DEBUG --> Gravity_Forms\Gravity_Forms\Honeypot\GF_Honeypot_Handler::handle_abort_submission(): Result from Honeypot: [true or false]
[date and time] - DEBUG --> GFFormDisplay::process_form(): Aborting early via gform_abort_submission_with_confirmation filter.
[date and time] - DEBUG --> GFCommon::is_spam_entry(): Result from gform_entry_is_spam filter: [true or false]
[date and time] - DEBUG --> GFCommon::is_spam_entry(): Spam checks completed in [number] seconds. Is submission considered spam? [Yes or No].
Akismet Add-On Log
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_Akismet\GF_Akismet::is_entry_spam(): Entry #[ID] has already been marked as spam by another anti-spam solution.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_Akismet\GF_Akismet::is_entry_spam(): Not evaluating entry #[ID]; integration disabled for form #[ID].
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_Akismet\GF_Akismet::is_entry_spam(): No values to evaluate for entry #[ID].
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_Akismet\GF_Akismet::is_entry_spam(): Spam check failed for entry #[ID]; [error message]
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_Akismet\GF_Akismet::is_entry_spam(): Entry #[ID] IS spam; [API response]
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_Akismet\GF_Akismet::is_entry_spam(): Entry #[ID] is NOT spam; [API response]
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_Akismet\GF_Akismet::is_entry_spam(): Spam check failed for entry #[ID]; [API response]
reCAPTCHA Add-On Log
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::validate_submission(): Validating form (#[ID]; Page #[Number]) submission.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::validate_submission(): Form is already invalid. Validation skipped.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::should_skip_validation(): Yes! Form preview page.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::should_skip_validation(): Yes! API not initialized.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::should_skip_validation(): Yes! Enterprise has not been fully configured.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::should_skip_validation(): Yes! Disabled by form setting.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::should_skip_validation(): Yes! REST request without input.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::should_skip_validation(): Yes! Older Stripe validation.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::validate_submission(): Validation skipped.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::validate_submission(): Not the first or last page. Validation skipped.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::validate_submission(): Honeypot validation failed. Validation skipped.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::validate_submission(): Validating reCAPTCHA v3.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_Field_RECAPTCHA::is_valid_field_data(): Input [input name] empty.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\Token_Verifier::verify_submission(): Using cached reCAPTCHA result: [result]
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\Token_Verifier::verify_submission(): Verifying reCAPTCHA submission.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\Token_Verifier::verify_submission(): Could not verify the submission because no token was found.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\Token_Verifier::verify_submission(): Validating the reCAPTCHA response has failed due to the following: [error message]
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\Token_Verifier::verify_submission(): Validation bypassed due to reCAPTCHA quota limit.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\Token_Verifier::verify_submission(): Could not validate the token request from the reCAPTCHA service. [token] [response]
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\Token_Verifier::verify_submission(): Validated reCAPTCHA: [response]
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::check_for_spam_entry(): Skipping, entry has already been identified as spam by another anti-spam solution.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::is_spam_submission(): Score check skipped.
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::get_spam_score_threshold(): [number]
[date and time] - DEBUG --> \Gravity_Forms\Gravity_Forms_RECAPTCHA\GF_RECAPTCHA::check_for_spam_entry(): Is submission considered spam? [Yes or No]
Known Causes
Honeypot: The honeypot input is not empty
The hidden honeypot field in the form was filled in during submission. This is usually caused by a browser or browser extension autofilling fields it shouldn’t, or by a caching issue causing stale form markup to be served. See Cache and Script Optimizer Issues for guidance.
Honeypot: The version_hash was not included in the submission
The JavaScript-inserted version hash was missing from the submission. This is typically caused by a caching plugin or CDN serving a cached page, a script optimization tool deferring or combining scripts, or a theme or plugin conflict. See Cache and Script Optimizer Issues and Conflict Testing Using the Health Check Plugin for more information.
Honeypot: The gform_submission_speeds input is empty or invalid
The submission speed data was missing or invalid. This is typically caused by the same issues as above. See Cache and Script Optimizer Issues and Conflict Testing Using the Health Check Plugin for more information.
Akismet
Akismet does not provide a reason when it marks an entry as spam. If a legitimate submission has been flagged, marking the entry as not spam from the entry detail page will help train Akismet’s filters, making it less likely that similar submissions will be flagged in the future. Note that Akismet does not disclose how long that training process takes to take effect.
Review the field mappings on the Form Settings > Akismet page to ensure the best field values are being sent for analysis. If the add-on settings page isn’t available, ensure the Akismet Add-On is active, it can be installed via the Forms > Add-Ons page.
You can also contact Akismet directly to investigate. Visit https://akismet.com/contact/ and select “I think Akismet is catching my comments by mistake.”. Providing the API response from the can help them assist you.
reCAPTCHA
When reCAPTCHA marks an entry as spam, check the score recorded in the entry detail sidebar and compare it against the threshold configured in the reCAPTCHA Add-On settings. Entries with a score at or below the threshold are marked as spam. If the threshold is set to 0.9 or higher, most or all submissions are likely to be flagged. A threshold of around 0.5 is recommended for most sites. See reCAPTCHA Scores and Statuses for more information on how scores work.
When connected using an Enterprise key, marking an entry as not spam will notify Google of the false positive, which helps train the scoring system for future submissions.
GP Blocklist
GP Blocklist, by certified developer Gravity Wiz, marks entries as spam when submitted values are found in the WordPress Disallowed Comment Keys. See the add-on documentation for more details and troubleshooting advice. If you need further assistance, contact Gravity Wiz support.
Zero Spam
Zero Spam, by certified developer GravityKit, uses JavaScript to inject a time-limited token into the form submission. This can be impacted by a caching plugin or CDN serving a cached page, a script optimization tool deferring or combining scripts, or a theme or plugin conflict. See Cache and Script Optimizer Issues and Conflict Testing Using the Health Check Plugin for more information.
If the issue remains once caching, optimization, and conflicts have been ruled out, please contact GravityKit for support via their site or the WordPress.org support forum.
Other Filters
If the entry note references a third-party add-on or integration and the reason isn’t clear, or you’re unsure what to do about it, contact the developer of that add-on/integration for guidance.
Unknown Cause
If there isn’t a spam filter note on the Entry Detail page, that indicates the entry was marked as spam by a third-party add-on, integration, or custom code, that hasn’t added support for the spam filter note feature.
Review your active code snippets and plugins for anti-spam or security features, or perform a conflict test.
Once you’ve identified the code snippet or plugin that is marking the entries as spam, contact the developer for support. While contacting them, recommend they add support for the spam filter note feature.
Disclaimer: Third-party services, plugins, or code snippets that are referenced by our Support documentation or in Support Team communications are provided as suggestions only. We do not evaluate, test or officially support third-party solutions. You are wholly responsible for determining if any suggestion given is sufficient to meet the functional, security, legal, ongoing cost and support needs of your project.
Feedback, feature, and integration requests, and other functionality ideas can be submitted at http://forms.roadmap.gravity.com/.