Getting constant messages through your contact form?

Contact Form used to spam website owners

Spam Through Contact Forms

As you know, there are many spammers. I'm sure you receive many totally unwanted emails all the time.

Some people make money by selling lists of email addresses of people who never asked to be on said list. I know, I get new emails every day from new lists all the time. That's really annoying.

Now, one thing that we generally do is pass all of those emails through a spam filter. There are many features in a spam filter, particularly, we may want to verify the source. We do that on our end. We tell the source that we're not available at the moment unless we know the source. That way, we avoid thousands of daily emails. One time, I forgot to turn that one back on and literally received thousands of spam email in a few hours.

People may use emails that they find on websites, but I also think that there are spam bots that detect names in websites and try those names with the website address after verifying that an MX exists (or not even verifying anything.) The result is that I receive emails with really weird names as the user name. Just as if I cared about such.

Although many emails still have the ability to go through, most of those spam emails are blocked before I ever see anything. They do not even make it to my mailbox. However, my system, like most, has some things that are whitelisted. In particular, the email used by the contact form. Not only that, but the email is going to be sent by my website, not some strange useless unofficial mail server on some cloud computer. The result is that the email always makes it through. Therefore some spammers have been using forms on websites which allow them to send spam to website owners. Since most website owners are people (as opposed to companies), this has been a way to contact a lot of website owners for really cheap. What I had been wondering is how cheap...

How Much Does It Cost?

Well! Today I received such a message telling me that they were offering a way to send messages through website contact forms. I found it interesting since I run this scam website, to read into it. Here the actual message:

ContactForm sent a message using the contact form at <snip>

Hello!  alexis

We advance

Sending your message through the feedback form which can be found on the sites in the Communication section. Contact form are filled in by our program and the captcha is solved. The profit of this method is that messages sent through feedback forms are whitelisted. This method raise the probability that your message will be read.

Our database contains more than 25 million sites around the world to which we can send your message.

The cost of one million messages 49 USD

FREE TEST mailing of 50,000 messages to any country of your choice.

This message is automatically generated to use our contacts for communication.

Contact us.
Telegram - @FeedbackFormEU
Skype  FeedbackForm2019
Email -
WhatsApp - +44 7598 509161

The +44, if you are wonder, is for England. I find it interesting that such improper use of the Internet would be advertised with a real phone number.

Anyway, as we can see, they offer a free test of 50,000 messages and there is a US $49 for one million messages sent by their robots. This must explain why we receive so many. $49 is rather cheap! I'd go for it, even once a month, if it weren't totally against Internet Etiquette.

Also assuming the person doing these messaging is a hacker all the way, he does not own anything. That is, he probably hacked a phone number, hacker computers to do all the work, hack the domain name, etc. After all, you wouldn't want to have your real name attached to such a scam.

Possible Solutions

I use three methods to also ignore most of the messages sent through my Contact Form.


As mentioned by the spammer, you must include a reCAPTCHA. Yes. It is annoying to the user, but it's unlikely that annoying in comparison to you receiving thousands of spam messages. The problem, with receiving that many messages, is that you are very likely to actually miss one which is important to you.

A CAPTCHA deters most robots, as long as you are using the most recent and most modern CAPTCHA as offered by Google.

Immediate Anti-Spam

If you've been around for a while, you may have noticed that many of the messages are going to be about certain things such as Viagra, "Dating" websites, etc.

On my end, I have a filter which checks messages immediately. If I detect a word which I do not like (such as the Viagra word), I actually send the user to a "Thank you" page and drop the message immediately. So to the user, it looks like I accepted the message (they don't retry) but my filter worked beautifully.

This has been proven to work very well. I got rid of thousands of messages just by adding such a simple filter. An interesting aspect to this one, I can detect a website URL. At times, a certain website is going to be pushed for months and just adding their URL is enough to get that message out of my mailbox.

Regular Email Anti-Spam

As the spammer says up there, you often put that email used to send you messages from your contact form in your whitelist. After all, you do not want to lose any of the messages sent by your customers through your contact form. The fact is that by not whitelisting your contact form email address, you benefit from your regular email anti-spam capability. I've found out that works well too.

On my end, I often verify my spam folder for emails I could have missed (that the spam filter would have bounced to the wrong mailbox...) So I'm not too worried. It goes pretty fast when you do it consistently. And if a user really wants to contact me they can find my phone number, direct email address, I'm also on Facebook, LinkedIn, and a few other systems... so I think they can enter in contact if they need to.