You probably aren’t doing anything “wrong” at all. This is actually a commonly asked question.
Here’s what you need to know: We hate spam about as much as you do.
When you submit via html’s default method, if our spam filtering flags the submission, it will redirect to a recaptcha page where it will wait for a non-robot to check the ‘I am not a robot’ field and this helps prevent spam. Very useful.
You will need to implement what is called a honeypot field. Here’s a little more background on that. You could also give this a read through to learn how to make the honeypot even more effective, if you like!
Since this basically disabled our built-in recaptcha, we provide a couple of ways to implement a recaptcha directly on your form: an explicit recaptcha which is very simple to implement and a fully customizable version.
Let us know how this worked out! If you have any other questions, comment below!