SS
SecureSMTPMail · forms · delivery
Get started
SecureSMTP

Form software that respects your users — and your inbox.

Build forms in a drag-and-drop dashboard. Embed them anywhere with one shortcode. SecureSMTP handles five layers of spam protection, AI classification of borderline submissions, and reliable email delivery — so you never lose a real lead and never get a fake one.

Start free — no credit cardGet started — 60-sec tourSee pricing

Free tier: 100 form submissions/mo · basic wp_mail relay · all spam protection layers included.

centrepoint.com/contact
Jenny Wu
jenny@maplecreek.co
(555) 0143
Hi — we're looking at relocating our office and your firm came up as a recommendation.

Honeypot · Rate limit · Turnstile · AI

99.9%
Email delivery rate
via Resend
<200ms
Submission latency
edge-proxied
5
Spam-protection layers
all on by default
$0
Free tier price
forever, no card

5 layers of spam protection — all on by default

Honeypot + nonce
Time-check
Per-IP rate limit
1/min, auto-block
Cloudflare Turnstile
Invisible CAPTCHA
AI spam classifier
Claude Haiku
Auto-disable abuse
Per-site cap
Defense in depth

Five layers, one job: keep spam out of your inbox.

Every submission is filtered through five independent layers before it reaches you. Each one catches a different class of attack — so a bot would need to defeat all five to land in your inbox.

🤖

100 incoming submissions

Mixed traffic from real users + bots + attackers

  1. 01

    Honeypot + nonce

    Layer 01

    ~60%
  2. 02

    Per-IP rate limit

    Layer 02

    ~25%
  3. 03

    Cloudflare Turnstile

    Layer 03

    ~10%
  4. 04

    AI classifier

    Layer 04

    ~4%
  5. 05

    Auto-disable abuse

    Layer 05

    <1%

~1 real lead delivered to your inbox

Reply-To set to the visitor · full submission in your dashboard

What each layer does, in detail

Layer 01Client + edge

Honeypot + signed nonce + time-check

~60%

Catches

Dumb bots that fill every input they see, no-JS scrapers, replay attacks using old form HTML.

How it works

Every form ships with a randomly-named hidden field bots can't resist filling. A signed HMAC-SHA256 nonce + a render-timestamp prevent replays — submissions older than 30 minutes get rejected. The honeypot field name rotates per page-load so simple regex scrapers can't learn it.

Slips through

Sophisticated bots that execute JS and skip hidden inputs.

Layer 02Edge

Per-IP rate limit

~25% of remaining

Catches

Spam waves from a single botnet node hammering the form, brute-force attacks, opportunistic scrapers.

How it works

1 submission per IP per minute. The second submission within that window triggers an automatic 1-hour IP ban. Bans surface in the SecureSMTP dashboard so admins can unblock false positives in one click. Cloudflare IP (CF-Connecting-IP) is preferred over X-Forwarded-For.

Slips through

Slow, patient bots that throttle their own request rate.

Layer 03Edge, client-rendered

Cloudflare Turnstile

~10% of remaining

Catches

Headless browsers (Puppeteer / Playwright), proxy bots, CAPTCHA-farm submissions, fingerprintable automation.

How it works

Invisible-mode Turnstile widget. No visitor interaction needed — Cloudflare's WAF scores the browser fingerprint, behavioural signals, and IP reputation in the background. Token is verified server-side at securessmtp.com before the submission is processed.

Slips through

Sophisticated outreach written by humans on residential IPs.

Layer 04Server, async after submit

AI spam classifier

~4% of remaining

Catches

Cold B2B outreach disguised as inquiries, fake-compliment SEO pitches, "I have a project" templated spam, link-building requests, vague monetisation offers.

How it works

Claude Haiku 4.5 with a 5K-token system prompt full of few-shot examples. Reviews submissions the heuristic filter flagged as ambiguous (score 30-60). Returns classification + confidence + reason. Runs async — the visitor sees their success response before the classifier even starts.

Slips through

A submission so well-crafted it would fool a human too. We mark these as "suspicious" instead of "spam" so you can decide.

Layer 05Server, cumulative

Per-site abuse auto-disable

Stops the bleed when the other 4 failed

Catches

Coordinated attacks that somehow got past all four layers — by the time 50 spam submissions accumulate against one site in 1 hour, the site's API key is automatically deactivated.

How it works

Last line of defence. The SecureSMTP server tracks the spam-classification rate per site. If it crosses 50 spam classifications in 60 minutes (and >50% of recent submissions are spam), the site is auto-deactivated and the owner gets an email. Admins can reactivate one-click from /app/admin/disabled-sites.

Slips through

Nothing — this is the kill-switch.

All five layers ship on every plan — including the free one. We don’t hold security behind a paywall.

One product replaces all of these

Contact Form 7·form builder
Akismet·spam filter
WP Mail SMTP·email delivery
reCAPTCHA·bot protection
Fluent Forms·paid form add-ons

Stop maintaining a stack of half-overlapping plugins. SecureSMTP does it all in one.

Everything that matters about a form, handled.

Three things separate a form that converts leads from a form that drowns you in fake "I have a project for you" emails. SecureSMTP does all three out of the box.

Drag-and-drop builder

Build forms in the SecureSMTP dashboard with field-type icons, live preview, brand colors, corner radius, and submit-button alignment. Save, then embed.

5 layers of spam protection

Honeypot, signed nonce, time-check, per-IP rate limit, Cloudflare Turnstile, AI classifier (Claude Haiku), and per-site abuse auto-disable. Zero configuration.

Reliable email via Resend

No more 'form submitted but no email received'. Sent from SecureSMTP-managed infrastructure with proper SPF + DKIM, plus delivery-status webhooks logged to your dashboard.

Try it live

See exactly what visitors will experience.

This form is built with the same renderer that powers every SecureSMTP-hosted form. Submit it and you’ll see the spinner, the success state, and the speed. The only thing this demo doesn’t do is actually send the email — your data never leaves your browser.

  • Modern field UX (focus rings, inline errors, password-strength meter)
  • Mobile-first responsive layout — same form, same code on any device
  • Polished success animation with reset
  • Brand colour, corner radius, button alignment all customisable per form

Try it — submit me ↓

🔒 This live demo runs entirely in your browser — no submission is sent anywhere. Real forms run the same UX but route through SecureSMTP.

A dashboard built for people who hate dashboards

Drag-and-drop form builder, submission inbox, AI-classified Bot Flags, system-health monitor — every screen in SecureSMTP feels like one product, not seven plugins glued together.

securessmtp.com/app/forms/builder/contact

Fields

textNameReq
emailEmailReq
telPhone
textareaMessage

Brand color

#FF5500

Roundness

Medium (10px)

securessmtp.com/app/forms/submissions
JW
Jenny Wu
jenny@maplecreek.co
legitimate2m ago
BK
Brian K.
brian.k@gmail.com
legitimate14m ago
MC
Marcus C.
marcus@digital-agency-pro.com
spam32m ago
SM
Sarah Miller
sarah.m@gmail.com
legitimate1h ago
MR
Maria R.
maria.r@hotmail.com
suspicious2h ago

From signup to first lead in 5 minutes

One unified flow — no juggling Akismet, no SMTP plugins, no custom rate-limit code.

  1. 01

    Sign up free

    No credit card. Free tier covers 100 form submissions / month with every security layer enabled.

  2. 02

    Build your form

    Drag fields, pick a brand color, set a redirect message. Live preview shows you the visitor view as you edit.

  3. 03

    Embed anywhere

    One shortcode pasted onto any WordPress page: [qcs_form slug="contact"] or a JS embed for non-WP sites.

  4. 04

    Receive clean leads

    Submissions land in your inbox via Resend and in the SecureSMTP dashboard with classification, IP, user-agent, and AI confidence score.

Every capability worth having

The things you’d normally bolt on with 5 different plugins, in one product.

Drag-drop builder

Field types: text, email, phone, URL, number, dropdown, checkbox, date, time, textarea. Reorder by dragging, edit per-field settings inline.

Per-form theming

Brand color picker, corner radius preset (sharp → pill), field tone (light / subtle / dark), submit alignment, optional card wrapper.

Live preview

See exactly what visitors will see, updating in real time as you edit. Mobile-responsive automatically.

Spam protection

Honeypot, signed nonce, time-check, per-IP rate limit, Cloudflare Turnstile, and AI-based classification — five layers stacked.

AI spam classifier

Claude Haiku 4.5 reviews borderline submissions. Catches sophisticated outreach disguised as legitimate inquiries.

Reliable delivery

Sent from SecureSMTP-managed Resend infrastructure with SPF + DKIM. Reply-To set to the visitor so replies go to the lead.

WordPress plugin

Free WP plugin. Native form builder OR embed SecureSMTP-hosted forms via [qcs_form slug=…] shortcode. One config, many sites.

Submission dashboard

See every submission, search by content, filter by classification, review AI flags. Bot Flags page for manually reviewing borderline ones.

Webhook delivery status

Track bounce / delivered / complaint / opened events per submission via Resend webhooks. Surfaced inline on every row.

Embed anywhere

Build once in SecureSMTP, embed everywhere. Three ways, one form definition.

WordPress

With our free plugin

[qcs_form slug="contact"]

Any HTML site

Drop this snippet anywhere

<script defer
  src="https://securessmtp.com/embed.js"
  data-qcs-form="contact">
</script>

iframe

When script tags aren't allowed

<iframe
  src="https://securessmtp.com/embed/contact"
  width="100%" height="640"
  frameborder="0"></iframe>

All three load the same form definition. Edit once in the dashboard — changes propagate within ~5 min everywhere it’s embedded.

How SecureSMTP stacks up

Apples-to-apples comparison with the tools most people consider before settling on one.

FeatureSecureSMTPTypeformTallyGravity FormsContact Form 7
Free tier with no item limit
AI spam classifier built-in
Cloudflare Turnstile included
Reliable email delivery (Resend)
Free WordPress plugin$259/yr
Centralised multi-site management
Submission dashboard with classification
Drag-and-drop builder
Per-form theming (color, radius, etc.)
Pro tier starting at$2/mo$25/mo$29/mo$59/yrFree

Pricing accurate as of 2026-05. Other vendors’ pricing changes frequently — check theirs before deciding.

Built for the people who hate spam more than you

Agencies

Manage forms for every client site from one dashboard. Build once in SecureSMTP, embed across all sites with the same shortcode. No more form-plugin sprawl per site.

SaaS & product teams

Contact forms, demo requests, beta waitlists, support tickets. Centralized email delivery means a single Resend setup powers your whole funnel.

Small businesses

Wedding photographers, restaurants, agencies, dental practices. Get quote-request forms with AI spam protection in 5 minutes. Free tier covers most of you.

Marketers

Lead-gen forms with built-in IP rate limiting + Turnstile + AI classification = no fake submissions polluting your CRM funnel.

What teams are saying

I switched 14 client sites from Contact Form 7 + WP Mail SMTP + Akismet to SecureSMTP in a weekend. One dashboard, one bill, and the AI spam catch rate is wildly better than anything I had before.

Priya Sharma

Founder, Bramble Digital

The free tier handles 100% of our contact form traffic and the AI flags the cold-outreach spam I used to manually delete every morning. Got my inbox back.

Marcus Tan

Solo dev, Tan Engineering

We needed a form solution that worked on both our WordPress marketing site and our Next.js app. SecureSMTP's embed code is the same for both — and the submissions all land in one inbox.

Lena Okonkwo

Head of Growth, Northwind SaaS

Frequently asked

Everything potential users ask before signing up.

  • Is SecureSMTP really free? What's the catch?
    No catch. The free tier handles up to 100 form submissions per month forever — no card required. Every spam-protection layer is on, every feature available. The paid plans only raise the monthly cap + unlock the AI classifier and white-label.
  • How does the spam protection actually work?
    Five layers stacked: (1) honeypot field bots fill in, (2) signed nonce + time-check rejects replays, (3) per-IP rate limit auto-bans abusers, (4) invisible Cloudflare Turnstile, (5) Claude Haiku AI classifies borderline submissions. Each layer blocks a different attack vector — together they catch >99% of spam.
  • Can I migrate from Contact Form 7 (or another plugin)?
    Yes. Install the SecureSMTP WordPress plugin, recreate your form fields in our drag-drop builder (takes ~2 minutes for a 5-field form), swap the shortcode on your page. Old form keeps working until you delete the old plugin — no submission gap.
  • Where is my form data stored? GDPR?
    Submissions are stored on our infrastructure (PostgreSQL on EU/US servers depending on your account region). You can delete any submission with one click. GDPR + CCPA compliant. Custom DPA available on Ultima plan.
  • What happens if I exceed my monthly quota?
    Submissions are still stored in your dashboard (you see the lead) but the notification email is held until the quota resets or you upgrade. We never silently drop submissions — your data is always safe.
  • Can I embed the same form on multiple sites?
    Yes. Build the form once in your SecureSMTP dashboard, then paste `[qcs_form slug="contact"]` (or the JS embed) on as many sites as you want. Edits to the form propagate everywhere within 5 minutes.
  • Does the AI classifier add latency?
    No. Submissions return success in <200ms. The AI classification runs asynchronously after the response is sent — if it later flags a submission as spam, the row is marked in your dashboard but the visitor sees no difference.
  • Who is SecureSMTP NOT for?
    If you need: multi-step forms with conditional logic, file uploads >5MB, advanced calculations, or payment-processing inside the form — we don't do those yet (planned for later). Stick with Typeform / Gravity Forms / Paperform for those today.

Free for the first 100 leads. Forever.

Every plan — including the free one — gets all five spam-protection layers, the form builder, WP plugin, and dashboard. Higher tiers raise the monthly quota and unlock AI spam classification, custom domains, white-label, and team folders.

Free · 100/moStarter · $2/mo · 1kPro · $5/mo · 10kUltima · unlimited
See full pricing

Ship your form in the next 5 minutes.

Free tier forever. No credit card. Spam protection on day one.

Start freeI have an account