Spambot emails sent when simulating successful submission with Honeypot

[lidijasuprina]

When Honeypot is enabled in Express Forms and the recommended behavior is selected: Simulate successful submission (recommended) or Reload form behavior is selected, spambot submissions are not saved in the database, but email notifications are sent for spambot submissions. After trying other behavior options, spambot submissions are prevented for both database and email notifications

Steps to reproduce

1. Create a form in Express forms
2. Create admin email notifications for the form in Express forms
3. Enable Honeypot in Express forms settings
4. Select Simulate successful submission (recommended) behavior (or Reload form behavior) for Honeypot
5. Wait for spambots to attack

Expected behavior

Simulating successful submission should prevent spambot submissions for email notifications as well as the database. If the submission is not visible in Craft CP -> Express Forms -> Submissions, email notification shouldn't be sent.

Craft & Plugin Info:

• Craft Version: 3.7.55.3
• Express Forms Version: 1.1.3
• Express Forms Edition: Lite

[kjmartens]

Sorry for the delay @lidijasuprina.

I have tested this on my end, and I can't seem to duplicate the issue. The spammy submission neither saves to the database nor generates an email notification.

I'm curious about what your template (and maybe even URL) looks like for the form. Are you able to share those? 🙂

[lidijasuprina]

@kjmartens I apologize for answering so late. Unfortunately, I am not able to share my template nor URL due to company policy. I have solved the issue with a custom solution, although it turns out that the issue was not related to your plugin - sorry for that and thank you for your help.