That’s been my no.1 point of brainstorming, and there are multiple ways we could deal with spam (for example signing a form with your own nsec) or a paywall(Zap to fill form)  atm there is no spam protection, but this is soon going to be a top priority for formstr once users(And by correlation spam) starts rolling in.