If you have an unsecured contact form on your website — one that doesn’t use any kind of spam-prevention technology — you’ll likely get a lot of time-wasting, irrelevant submissions. That’s because, without some sort of protection in place, contact forms are simply wide open for malicious actors and bots to submit spam.
There are several ways you can protect a contact form, whether you’re using WordPress or not. You can add CAPTCHAs, make contact forms only available for logged‑in users, or add a smart, automated anti‑spam protection tool like Akismet.
Sites that care about the user experience and maximizing conversion rates should almost always choose a solution from that last category — one that stops contact form spam without annoying site visitors.
In this article, we’ll go over the most effective ways to stop contact form spam. We’ll also discuss why CAPTCHA is no longer the preferred tool for spam protection and show you what you should be using instead. Let’s get to it!
The best solutions to stop form spam in 2024
In this section, we’ll walk you through the best solutions to stop contact form spam. We’ll explain how each solution works, as well as its pros and cons, to help you decide which option to implement for your website.
1. Akismet
Over 100 million websites use Akismet to protect against form spam. Once you set up Akismet on your site, it will analyze submissions and determine what is real content and what is spam.
Akismet leverages machine learning to do this. The software has removed over 500 billion pieces of spam from the web. Every time it does this, it gets better at identifying spam. It’s gotten so good, in fact, that it boasts an accuracy rating of 99.99%.
The best thing about Akismet is that it doesn’t force users to solve puzzles or interact with elements on your site before enabling them to submit a form. Akismet does its work in the background and prevents contact form spam from reaching your inbox.
If you use WordPress, you can easily integrate Akismet with a plugin. Akismet also offers integration options for other content management systems (CMS), including Joomla and Drupal.
You can also integrate Akismet with other types of sites using its API. This makes it a near‑universal solution for spam protection.
2. CAPTCHAs
Completely automated public Turing tests (or CAPTCHAs) are tools designed to help block bots from being able to submit forms. CAPTCHAs are everywhere on the web, from login pages to comment sections and contact forms.
There are several types of CAPTCHAs you can use to protect a contact form. Google reCAPTCHA, for example, provides CAPTCHAs with visual puzzles that users need to solve or elements they need to click on to prove they’re human. The latest versions of reCAPTCHA don’t require interaction, but you’re free to choose which option to use.
While CAPTCHAs are popular, they do have a few downsides. We’ll explore the cons of using CAPTCHAs later in the post.
3. Honeypot
Using honeypots is a creative way to mitigate contact form spam for a website. This method involves setting up an input field within the form and hiding it from human users in some way (typically using CSS).
Although real visitors won’t be able to see the field, they’ll still be able to submit forms as usual. Spambots, on the other hand, are typically configured to fill out every field in a form, including honeypots.
This method can help you identify which form submissions come from bots. You can use that information to filter these messages and keep your focus on real submissions.
Although the honeypot approach can be effective, you’ll still receive contact form spam, which can clutter your inbox. Plus, you’ll need to understand basic CSS to hide a contact form field. If you use a CMS with a contact form plugin, it might not allow you to easily hide elements.
Some spambots are also capable of bypassing honeypot fields. And, you run the risk of real users stumbling into the hidden fields, which can lead you to think their submissions are also spam.
4. Session cookies
As you may know, some websites use session cookies to track your information and activity on their pages. This means you can also use cookies to identify bots due to the way they behave on your site.
Bot activity can be relatively simple to identify. Spambots often go straight for contact forms, fill them out immediately, and attempt to make multiple submissions. In contrast to how real users behave, they’re also unlikely to interact with other elements on a site.
You can use this information to block form submissions for sessions that engage in suspicious behavior. But this only works if you’re comfortable configuring cookies to detect suspicious behavior.
That process requires you to configure the cookies to flag behavior that you would typically see with spambots. There can be a lot of trial and error involved in this process, and it’s arguably a lot more difficult than using an available tool or service to block contact form spam.
Typically, this solution is more common among enterprise websites and businesses that have the technical know‑how to implement advanced security measures. Even then, the results you get might not be worth the trouble when there are out‑of‑the‑box solutions you can use to achieve similar (or even better) results.
5. Email filtering
Most modern email clients offer some type of message filtering functionality. You can use these filters to flag emails from specific addresses or those that contain keywords you associate with spam.
In general, you shouldn’t use email filtering tools to deal with contact form spam unless you get a very low number of messages. For this method to be effective, you need to decide what terms to filter and continue to add new keywords over time.
Flagging the wrong keywords can lead to situations where your email will falsely flag messages from real users. Identifying these false positives will often require you to spend time in your email’s spam folder, which is precisely what you want to avoid.
Why CAPTCHA is not the best option
CAPTCHAs are one of the most common forms of spam protection on the web. You can see CAPTCHAs everywhere, but that doesn’t mean they’re the most effective spam protection method.
There are several reasons why using them may not be the best option:
- CAPTCHAs negatively impact the user experience. Some types of CAPTCHAs require users to interact with an element to prove they’re human or to solve one or more puzzles. If you’ve ever had to solve multiple CAPTCHA puzzles to access a form, you know how frustrating this can be.
- CAPTCHAs are prone to false positives. Even humans can make mistakes when it comes to CAPTCHAs. The detection algorithms aren’t perfect, which can lead to situations where a website flags a real user as a bot and prevents them from submitting a contact form.
- CAPTCHAs require work to set up and constant updates. Spambots and CAPTCHAs are constantly trying to beat each other. Some types of spambots can bypass CAPTCHAs with a decent success rate. This means you may need to update your CAPTCHA implementation regularly. Plus, you have to set up CAPTCHAs individually for each form you want to protect.
It’s important to note that your experience using CAPTCHAs can vary a lot depending on which service you use. Some CAPTCHAs, like the latest versions of reCAPTCHA, don’t require users to solve puzzles or interact with elements on the web. Even so, it’s safe to say that CAPTCHAs are becoming outdated.
Instead of using a CAPTCHA, consider a more powerful alternative to the contact form spam problem, like Akismet.
Akismet: the best anti‑spam solution
Most anti-spam tools focus on identifying spam content and bots before they can submit a contact form. Akismet does things differently.
The service uses machine learning to constantly improve its spam detection capabilities. That constant improvement has led to the point where Akismet can boast a 99.99% accuracy rate in detecting spam.
You can choose whether to save spam comments for review or let Akismet discard them immediately.
Akismet will automatically detect contact form spam and filter it for you. The service also offers a host of other benefits, which include the following:
- Easy setup. If you use WordPress, you can set up Akismet in minutes. All you have to do is install and activate the plugin, and it will automatically start protecting your site against spam submissions. This ease of use also applies to installing Akismet on other types of sites.
- A more seamless user experience. The service works in the background and doesn’t involve elements that require user interaction. This reduces the friction of submitting a contact form, which can improve your conversion rates.
- Integration with any kind of website. Akismet offers simple integration protocols for several popular platforms, including WordPress. You can also use the Akismet API to make the service work with nearly any other kind of website or application.
Keep in mind that if you want to use the Akismet API, you’ll probably need to work with a developer to set up a custom integration for your site.
How to integrate Akismet on any website
Akismet offers different integration methods depending on what kind of website you run. If you’re using WordPress, you can get Akismet up and running in a matter of minutes.
To start, install and activate the Akismet plugin. Then, Akismet will ask you to select a plan.
Hobbyists can select a Personal plan and pay a fair rate of their choice. Incredibly affordable commercial plans are available for other situations.
Once you sign up for a plan, you’ll get access to an Akismet API key. Enter that key in WordPress by going to Settings → Akismet Anti‑Spam.
Click on Connect with API key and that’s it. Akismet will activate and start protecting your site from spam immediately.
Note that if you’re using Akismet with WordPress, the plugin integrates with some of the most popular contact form tools. That includes options like Jetpack’s form blocks, Contact Form 7, and Gravity Forms.
As we mentioned before, Akismet also offers integrations with other CMSs, including Joomla and Drupal. Those integrations work differently than with WordPress, so you’ll need to check the Akismet documentation to set them up.
You also have the option of using the Akismet API to integrate the service with any kind of website or application. This requires some level of development work, but enables you to leverage Akismet’s spam detection and protection functionality on any website.
Frequently asked questions
If you still have questions about how to stop spam from website contact forms, this section will answer them.
What is contact form spam?
Contact forms are common targets for spammers and bots. If the form doesn’t use some type of security feature, spammers are able to make all kinds of useless and potentially‑harmful submissions through the form. These can include links to other websites, promotions for fraudulent services and products, and automatically‑generated content.
How does contact form spam affect a website?
Contact form spam shouldn’t affect your website on the front end, unless the form is open to some kind of attack that can compromise your site’s security (like SQL injection).
In most cases, the biggest downside of contact form spam is having to deal with it. This spam can quickly fill up your inbox and make it harder for you to separate the real messages from the fake ones.
Why is Akismet considered the best solution for contact form spam?
Most solutions that focus on stopping contact form spam do so at the expense of the user experience. CAPTCHAs, for instance, force users to solve problems or click on elements before they can submit a form. This can reduce the number of people willing to use the form and can even make them inaccessible to those with disabilities.
Akismet is highly effective in stopping contact form spam, with a detection accuracy rate of 99.99% for spam content. Plus, Akismet doesn’t impact the user experience whatsoever, as it works in the background during form submission.
What are honeypot fields, and how do they work?
A honeypot field is an element in a contact form that only bots should be able to engage with. You can create one by using CSS to hide a field in plain sight or through a plugin that will handle this for you. Regular users will skip the hidden field, but spambots won’t.
Once the honeypot is set, you can filter all contact form submissions that fill out the field. You may also be able to blocklist the IP addresses that make the submissions, depending on which contact form tool you’re using.
How effective is CAPTCHA in preventing spam?
CAPTCHAs are among the most popular solutions for protecting your website from contact form spam. Their popularity makes them a significant target for attackers, who are constantly devising ways to bypass them using automated tools.
It’s also not uncommon for CAPTCHAs to flag real users as bots. Overall, CAPTCHAs can be highly effective, but they’re not without several downsides.
Can spambots bypass honeypot fields and CAPTCHAs?
Yes, some spambots can bypass honeypot fields and CAPTCHAs. Attackers are constantly trying to bypass form security measures, and that means creating new bots and constantly updating them so they remain effective.
Akismet bypasses this problem by focusing its spam detection tools on the content of the form submissions. The service also learns from each submission, which makes it the most accurate spam detection and prevention tool on the market.
Can Akismet protect against all types of spam?
Spammers and bots tend to target any public form on websites. Akismet can protect all the forms on your site by monitoring submissions. It does this without you having to set up individual protection for each form, as is the case with CAPTCHAs.
Where can I learn more about Akismet?
You can visit the Akismet features page to learn more about how its spam protection functionality works. If you’re ready to start using Akismet on your website, check out the available plans.
Stop contact form spam using Akismet
If you’re spending time dealing with contact form spam, you may be missing out on submissions from real users. Using tools that enable you to stop form spam will free up your time for other tasks. Moreover, with the right tools, it’s relatively easy to stop contact form spam.
There are several ways to stop contact form spam on WordPress and other platforms.. Akismet is the leading option since it doesn’t impede navigation for real users. It’s also easy to implement (particularly if you’re using WordPress), and it has a 99.99% rate of accuracy for spam detection.
You can use Akismet for free on your personal website or choose from affordable plans for commercial sites, where spam protection becomes even more essential. Start using Akismet today!
Akismet 