htaccess – Can I prevent Tor users from sending spam to my form?

Instead of using a blacklist of IP addresses (which amounts to playing a losing game of whack-a-mole), I could recommend one of two strategies to reduce spam bot:

Strategy 1: Honey Field

I use this personally for one of my own web forms, and it works very well. The idea is to create an anti-spam field in your form. If this field is filled in (it will be filled non-discriminating way by a bot), your system automatically marks the sending as spam.

You can hide the honeypot field from legitimate users by assigning it a null (or low) height in the browser with hidden overflow. If a user has disabled the CSS code, you can assign a label to the field of the type "anti-spam – leave this field empty".

Strategy 2: Captcha

An alternative strategy is to use a captcha, so that only humans can submit your form. The most popular captcha solution is ReCaptcha, which can be easily integrated into a web form.