How We Block Contact Form Spam Email

Here are out website contact form spam / scam stats for 2023:

  • On our contact form, we had 169 total inquiries so far in 2023.
  • 119 of those were automatically marked as spam by Gravity Forms, so those never made it to my inbox. ?
  • Of the 50 that made it through Gravity Form’s honeypot and therefore into my inbox, 19 were junk/spam that did creep into my inbox.
  • This means:
    • 78% of the form submissions that made it to my inbox were legit. ??
    • 18% of all form submissions were legit.
  • We use a combination of Gravity Forms‘ honeypot feature + Anti-Spam by CleanTalk + Cloudflare‘s country-blocking/WAF rules.
    • Gravity Forms does not provide honeypot stats.
    • CleanTalk blocked an estimated 936 additional entries via their firewall (that number is extrapolated from the last 45 days of data, which is as far back as CleanTalk’s data goes).
    • Cloudflare doesn’t let me back more than 24 hours, but they say they ran their managed challenge on around 1,500 visitors. If we extrapolate that to 365 days, that’s over 500,000 visits blocked or throttled over the year! Here’s a sampling of the visitors that Cloudflare blocked or throttled before they hit the website:
Cloudflare blocks lots of visitors to our website
How We Block Contact Form Spam Email 2

Conclusions

  • The combination of combination of Gravity Forms‘ honeypot feature + Anti-Spam by CleanTalk + Cloudflare‘s country-blocking/WAF rules works pretty darn well!
  • While I can’t confirm this, I’m guessing that Cloudflare’s “managed challenge” stopped a lot of contact form spam.
  • The goal is to keep spam from your inbox – not to eliminate spam/scam form submissions.
  • Fwiw, I implimented a WP plugin solution on a customer website that blocks all form submissions from free email providers (gmail, yahoo, hotmail, etc). This eliminated a lot of spam for them.

What do you do to combat email form spam?

Posted in

Toby Cryns

Toby Cryns is a freelance CTO, expert WordPress consultant, and teacher.

He offers free advice to improve your freelance biz.

He also publishes small droppings every now and then to twitter.com/tobycryns and twitter.com/themightymo

Follow Toby's contributions on Github and WP.org.