How InputGate Stops Spam Before It Lands
Most spam filters run after the fact — cleaning your inbox or flagging records after bad data is already in your system. InputGate takes the opposite approach.
Most spam filters run after the fact — cleaning your inbox, flagging CRM records, or quarantining messages after bad data is already in your system. InputGate takes the opposite approach: interception at the boundary.
The Problem With After-the-Fact Filtering
When a spammer submits a contact form, several things happen in milliseconds:
- Your server processes the submission
- It writes to your database
- It triggers automations — email sequences, Slack alerts, CRM updates
- It hits your analytics
By the time a traditional filter acts, the damage is done. Dirty data is in five places at once.
The Boundary Principle
InputGate sits between your form and everything downstream. Before a single byte reaches your database, it runs through a multi-layer scoring pipeline:
Form submission → InputGate /v1/check → Your system
↓
[behavioral signals]
[ip reputation]
[heuristic scan]
[prompt injection detection]
[geo · language]
[ai engine]
↓
spam_score: 0–100
If the score exceeds your threshold, you block it. Zero bad data reaches your database, your CRM, or your automations.
What the Score Actually Measures
The spam_score returned by InputGate is a 0–100 composite signal. It’s not just a keyword match — it’s a calibrated confidence score from several independent signals:
| Signal | What it catches |
|---|---|
| Behavioral | Bot patterns, timing anomalies |
| IP reputation | Known spam ranges, VPN abuse |
| Heuristic | Spammy patterns, excessive links |
| Prompt injection | ”Ignore previous instructions…” attacks |
| Geo/language | Unexpected origins for your use case |
| AI engine | Semantic understanding of intent |
The AI engine is the most powerful signal. It understands intent — it can tell the difference between “I’m interested in your pricing” and a message that superficially looks legitimate but is actually a phishing attempt.
The context Parameter
What makes InputGate’s AI scoring particularly effective is the context parameter. When you tell the API what your form is for, the AI can calibrate:
{
"fields": { "message": "Your content here" },
"client_ip": "203.0.113.42",
"domain": "myapp.com",
"context": "Contact form on a B2B SaaS landing page"
}
A message asking for “pricing information” looks very different on a B2B SaaS contact form versus a support ticket system for a consumer app. Context collapses that ambiguity.
No CAPTCHA Required
The most user-visible benefit: your legitimate users never see a CAPTCHA. InputGate works silently in the background. From the user’s perspective, they fill out your form and it submits normally. The filtering is completely invisible.
This matters more than it sounds. CAPTCHA completion rates drop significantly on mobile, and every friction point costs conversions.
Getting Started
One API call is all it takes:
curl -X POST https://api.inputgate.cloud/v1/check \
-H "Authorization: Bearer YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"fields": { "message": "Your content here" },
"client_ip": "203.0.113.42",
"domain": "myapp.com",
"context": "Contact form on a B2B SaaS landing page",
"retention": "flagged_only"
}'
The response tells you everything you need:
{
"spam_score": 95,
"is_spam": true,
"reason": "Obvious spam with unsolicited offer and excessive symbols.",
"request_id": "ig_req_895f21156366",
"latency_ms": 1408
}
Check is_spam before saving anything. That’s the entire integration.