Skip to content
  • There are no suggestions because the search field is empty.

How do I prevent form spam during web assessments?

Our assessments perform tests on website forms, which may result in messages or emails being sent. To prevent this, you can either exclude the form or its URL from the assessment or block Holm Security IP ranges from submitting forms.

Option 1: Exclude pages or form action URLs

You can exclude one or more URLs from being scanned:

How to exclude one or more URLs

For more advanced exclusions using regular expressions (regexp), see:

Create custom URL exclusion rules

Option 2: Block Holm Security IP ranges

You can prevent form submissions from our assessment by blocking our external IP ranges. See our IP ranges here:

  • IPv4: 185.163.84.0/22
    If a /22 network is too large to grant access to, please use the following:
    185.163.84.0/24 and 185.163.85.0/24
  • IPv6: 2a0b:6800::/29

Why form spam can indicate a security issue

If the assessment triggers excessive emails or messages, it may reveal a vulnerability in your form. Common issues include:

  • No input validation, or validation performed only on the client side (e.g., via JavaScript).

  • Validation that can be bypassed by disabling JavaScript in the browser or using automated scripts.

Cybercriminals can exploit these weaknesses to overwhelm email servers or form-processing software, slowing or even rendering systems unavailable.

Recommended protection

  • Implement CAPTCHA to prevent automated submissions.

  • Perform server-side validation for all form input.

Learn more about CAPTCHA:

https://en.wikipedia.org/wiki/CAPTCHA