Free spam score tester. Paste any text, get a 0–100 score.
Drop a contact-form message, comment, or inbound email body into the box and we will run a dozen well-known spam heuristics over it in your browser. You get a 0–100 score, a colour-coded verdict, and a per-rule breakdown showing exactly which signals fired. Nothing is sent to a server. Nothing is logged. The source is shipped with the page.
This tool is a quick sanity check. The production-grade answer ships inside splitforms — every form submission that hits our backend is scored by an AI classifier trained on real form-spam data, on top of a honeypot and a tuned heuristic stack. If you need that, the link is at the bottom of the page.
No heuristic rules triggered. The text either looks clean — or it is modern LLM-generated spam that slips past simple rules.
Why heuristic spam detection misses modern spam
A heuristic spam filter is a list of rules: word lists, ratio checks, regex matchers, length thresholds. The filter on this page is a representative one. It works the way SpamAssassin worked in 2004 and the way most form-backend honeypot+rules stacks still work in 2026. For old-school spam — ALL CAPS shouting, “FREE iPhone,” bit.ly links, repeated exclamation marks, Cyrillic homoglyphs — those rules are extremely effective. The score climbs fast, the verdict is unambiguous, and you can drop the submission with confidence.
That is not what most form spam looks like in 2026. Roughly half of contact-form spam we see at splitforms is now LLM-generated: grammatically clean English, no shouting, no shorteners, no obvious phrase triggers. A scraper writes a prompt like “write a polite outreach pitch about web design services” and posts the output through every contact form in an industry list. None of the rules in this tester will fire on that text. The score will be zero. Heuristics built for human-written spam genuinely cannot see machine-written spam, because the rules were calibrated against patterns (misspellings, shouting, broken grammar) that LLMs are specifically engineered not to produce.
That is why splitforms layers an AI classifier on top of the honeypot and heuristic stack. The classifier scores the body against an embedding-space model of known form-spam content — it catches the cases where the prose looks fine but the intent is the same outreach pitch we have seen ten thousand times. Heuristics handle the obvious; the classifier handles the rest. That layering, not any single magic rule, is what gets the actual spam-to-inbox ratio close to zero.
How splitforms catches what this tool misses
Three layers of spam handling, in order of cost. You want all three turned on — they cover non-overlapping classes of spam.
- Tier 1 · Free
Honeypot field
Hidden input that real users never see and never fill. Bots that auto-fill every field fill it, and the backend drops any submission where the value is non-empty. Catches the dumb 40% of spam at zero cost. Included in every splitforms form.
- Tier 2 · This tool
Heuristic rules
Word lists, caps ratio, suspicious URLs, repeated characters, unicode tricks, length extremes. Catches old-school marketing spam and obvious bot output. The scorer above implements the same class of rules — useful, but blind to LLM-generated spam.
- Tier 3 · splitforms Pro
AI classifier
Embedding-based model trained on real form-spam data. Catches polished LLM-generated outreach, link-building pitches, and spam that passes every rule above. Ships inside splitforms — quarantined submissions go to a Spam tab, not your inbox.
Common form-spam patterns in 2026
Four patterns we see every week across splitforms accounts. Each is paraphrased — these are not real submitted texts — but the structure matches what bots and outreach scrapers actually post.
The fake collaboration pitch
“Hello, I came across your website and I’m impressed with your work. Our team helps businesses like yours scale through targeted outreach — would love to schedule a brief call to share what we do.”
How splitforms handles it: Plausible English, zero word-list hits, written by a model. Heuristic scorers return ~0. The splitforms classifier flags it as outbound-pitch spam from the structure alone — generic praise plus a vague service plus a calendar ask, no reference to anything specific on your site.
The SEO backlink scheme
“We help websites rank on Google. We can offer high-quality DA60+ backlinks for $99/month. Reply if interested.”
How splitforms handles it: Catches a couple of old-school heuristics (dollar amount, transactional phrasing) but is otherwise polite. splitforms tags it as link-building spam because the classifier has seen tens of thousands of near-duplicates from scrapers walking contact forms.
The credential-stuffing form fill
Submission with a real-looking name, an email like name+test01@gmail.com, and a one-word message — repeated 40 times in 10 minutes from rotating IPs.
How splitforms handles it: Body content is clean, so heuristics return 0. splitforms flags this at the rate-limit and pattern layer — repeated structural fingerprints (same field shapes, similar names, plus-tagged emails) trip the burst rule before the classifier even runs.
The honeypot-aware bot
Bot that scrapes the form HTML, identifies the hidden honeypot field by its display:none style, and skips it on submit. Body is a standard 'Free SEO audit?' pitch.
How splitforms handles it: Honeypots alone miss this. The body still trips heuristics on FREE + repeated phrasing, and the splitforms AI classifier flags it because the embedding is near-identical to known bot pitches we have already seen.
Spam test FAQ
Is this spam test really free?
Yes. No signup, no rate limit, no watermark. The scorer is plain JavaScript shipped with this page — there is no paid tier of the tester itself. We built it as a demo of the kind of rules a basic spam filter applies, and as a way to introduce splitforms's production AI classifier.
Does this tool send my data anywhere?
No. The scorer runs entirely in your browser. Nothing is uploaded, logged, or sent to any server. You can disconnect from the internet after the page loads and it keeps working. The source ships with the page — view it in DevTools if you want to confirm.
How accurate is this spam score?
It is a useful directional check, not a verdict. The scorer applies about a dozen well-known heuristics — spam phrase lists, ALL CAPS ratio, repeated punctuation, link shorteners, suspicious TLDs, zero-width unicode, repeated character runs, multiple email addresses, and length extremes. It reliably catches old-school marketing spam. It will miss polished LLM-generated spam, which is grammatically clean and avoids every word-list trigger.
Why does splitforms charge for spam protection if heuristics are this simple?
Heuristics catch the easy 60–70% of spam; the remaining 30–40% is what wastes your time. Modern form spam is increasingly written by language models — fluent English, plausible context, no typos. None of the rules on this page would flag a well-prompted LLM submission. splitforms layers an AI classifier trained on real form-spam data on top of the honeypot and heuristic stack — the part you cannot easily reproduce with regex.
Can I use this to test my contact form before deploying?
Yes — that is one of the most useful applications. Paste a sample contact-form message, see whether obvious spam patterns trigger, then confirm your real form behaves the same way. Pair the tool with the splitforms dashboard's Spam tab once you go live so you can review what the production classifier actually quarantines.
What's the difference between a honeypot and AI spam detection?
A honeypot is a hidden form field that real users never see and never fill in. Bots that auto-fill every input fill it, and the server drops any submission where the value is non-empty. It is free, fast, and catches naive scripted bots. AI spam detection scores the actual submitted text against a model trained on real spam vs ham examples — it catches the bots that are smart enough to skip the honeypot and the LLMs writing fluent spam. They are layers, not alternatives.
Does splitforms work with reCAPTCHA?
Yes — you can keep reCAPTCHA in front of your form and forward submissions to splitforms after the challenge is solved. We don't recommend it as a default because reCAPTCHA hurts conversion and Google harvests behavioral data on your visitors. The honeypot + AI classifier combination usually catches the same spam without the user friction. The integration is documented under /docs.
How do I report false positives?
Inside the splitforms dashboard, every submission has a 'mark as not spam' / 'mark as spam' control. Both feed retraining data for the classifier. The Spam tab exists so you can review what the classifier quarantined — recovering a false positive is one click. The free plan includes the classifier and the feedback loop.
Want this protection on your real contact form?
splitforms ships honeypot, heuristic, and AI-classifier spam handling on every plan, including the free 1,000 submissions/month tier. No CAPTCHA, no reCAPTCHA banner, no friction for legit visitors.
Get a free splitforms key →