3 proven ways to stop spam emails from your contact form

Posted on:

My client contacted me asking for help to stop the spam emails she’d been receiving from her WordPress website’s contact form. She was using Contact Form 7 plugin to create the form.

Contact Form 7 provides excellent anti-spam features. Here are the 3 simple ones I enabled on her site. Within a day, she stopped receiving those pesky spam emails.

1: Implement Akismet feature on the contact form

Follow the steps below to implement Akismet on the contact form.

  • Install the spam-filtering plugin Akismet.
  • Activate the plugin.
  • Go to Settings > Akismet Anti-Spam. Get your API key by creating an account with Akismet. Then connect your website with the API key.
  • Go to Contact > Contact Forms and select the form where you want to implement Akismet.
  • Edit the form template to add the following Akismet-related options into the appropriate fields in your form.
    1. akismet:author
      Add this option to the field that accepts the name of the sender.
      Example: [ text* your-name akismet:author ]
    2. akismet:author_email
      Add this option to the field that accepts the email address of the sender.
      Example: [ email* your-email akismet:author_email ]
    3. akismet:author_url
      Add this option to the field that accepts the URL of the sender.
      Example: [ text your-url akismet:author_url ]
  • Contact Form 7 will send the senders input to Akismet when a user submits the form. Akismet will review the information and judge if the submission is spam.
  • If Akismet judges a submission as spam, Contact Form 7 will cancel the form submission and show a message that says “it failed to send the message.” You’ll see an orange border around the response message when it has been judged as spam.
  • You can test if the Akismet feature is working by typing in “viagra-test-123” as the name of the sender. This input will be clearly marked as spam.

2: Integrate with reCaptcha v3

reCaptcha is a free service from Google to help protect your content from spammers. Contact Form 7 lets you integrate with the reCaptcha module and block the spam bots from your form submission.

Contact Form 7 uses the latest version of the reCaptcha API which is v3. The beauty about v3 is that it works in the background so your users don’t have to read blurred out text or check the “I’m not a robot” checkbox. Designer folks especially love this as they don’t have to add any ugly UI components to their form pages.

Follow the steps below to integrate reCaptcha v3 to your contact form.

  • Sign in yo your Google account and go to the My reCaptcha page.
  • Scroll down to the “Register a new site” section.
  • Add a Label for the site you are registering.
  • Make sure you select reCaptcha v3 from the checkbox-Type of reCaptcha.
  • Under the Domains, add the URL for each of the domains you are registering. No need to add the ‘https’ before the URL. When you register a domain, all the subdomains under the domain are taken into account.
  • Accept the reCaptcha Terms and Conditions and Register the site.
  • After you register your site, you will get a site key and a secret key for your site.
  • In your WordPress Admin, go to Contact > Integration and click on ‘Setup Integration’ under reCaptcha section.
  • Copy and Paste the Site Key and the Secret Key you received from the previous step into the fields and click “Save Changes”.
  • And that’s all there is. Now your Contact Form 7 is all set to block the spam form submissions using the reCaptcha v3 API.

3: Comment blacklisting

If you are still getting spam emails from your Contact Form 7 after implementing Akismet and integrating with reCaptcha v3, this next step will surely help you out. The Comment BlackList is originally a WordPress feature used to manage spam comments in blogs.

Follow the steps below to implement comment blacklisting for your Contact Form 7.

  • From the WordPress Admin Panel, go to Settings > Discussion.
  • Scroll to the section – Comment BlackList.
  • Add one word or IP address per line. Any form submission that contains those words or sent from that IP address will be treated as spam by Contact Form 7 and not delivered.