Email: Form Spam

If your customer is receiving spam emails from a Contact Form 7 form we created, follow these steps:

    1. Verify the spam email came from a form (you should be able to tell by looking at the email)
    2. Verify from which form if possible. You should have some type of “sent from URL” in the form template
    3. IF it came from a form, move on to these steps:
      1. Verify Akismet (akismet:author and akismet:author_email) is set up for your forms’ email fields, i.e. [text* your-name akismet:author] and [email* your-email akismet:author_email]
        NOTE: see bottom of page for important instructions on setting Akismet up to avoid errors. Essentially, it should always be the third variable within the shortcode, after field type and field name.
      2. Add/verify reCAPTCHA is set up (follow the directions on the linked page, using reCAPTCHA v3 as the type)
        NOTE: The Contact Form 7 plugin must be up-to-date for this to work, and if reCAPTCHA v2 was previously set up, you will need to start from scratch and set up v3 with new API keys as well.
        NOTE 2: The new version of reCAPTCHA (v3) does not require the [recaptcha] shortcode to be included in the contact form. Once the API keys are set up correctly, it will work for all of the contact forms on the website.
      3. Verify Flamingo is set up to capture submissions – if the frequency is less than 5 spam submits per week, then that is not a problem we need to fix. If Flamingo is not installed, you can install the plugin yourself in WordPress. If Contact Form DB plugin is already installed, disable it once you’ve installed Flamingo.
      4. If all else looks ok – set up an Issue in Zoho under the customer project
      5. Get more info from the customer following these steps..
        • Get an “Original” copy of the spam email:
          1. Tell them to open the spam email (they use Gmail)
          2. On the Reply Button (more) dropdown, select: View Original
          3. Download Original” or save Original to file
          4. Forward that file to the CEM
      6. CEM add that file to the issue in Zoho
      7. Notify DEV to look further
    4. Possible last-resort measures (that can deter real customers if you are not careful):
      1. Add a Comment Blacklist
      2. Add a quiz to the form: “Which is bigger, 2 or 8?”
      3. Add a Country IP blocking service

*Make sure that the Akismet additions come DIRECTLY after the form type and name. E.g., [email* email akismet:author_email class:form-control placeholder “Email”] and not [email* email class:form-control placeholder “Email” akismet:author_email]

Leave a Reply