Were B2B organization, so 99% of our incoming form submissions *should* be from domains other than free domains such as gmail, yahoo, hotmail, etc.

We're using honeypot and recaptcha as default spam controls and Check entries for spam using Javascript on our main forms.

Recently we have been getting a large amount spam form submissions mostly from gmail.com.

The spam submissions span multiple IP addresses and seem to have Indian names, with various field data entered so perhaps they are not bots.

Our leads are also sent to our SalesForce CRM, and as you can imagine I have squeaky wheels needing grease.

I'm wondering if anyone else in the community is experiencing a similar issue and if so what measures you have taken.

Some things I have considered are:

Let the submission pass, use conditional logic to NOT send notification emails or pass thru to SFDC

Somehow validate the email and if its gmail, etc. present a message such as: Please enter your "work" email.

1. 1. If these spammy submissions are from actual humans, this seems easily bypassable.

Thoughts?