If you’ve noticed your website contact form isn’t filtering spam messages as effectively as it used to, you’re not alone. We’ve noticed a sharp spike in bots and spam making their way past Google’s reCAPTCHA across all of our client’s contact forms, and the problem only seems to be getting worse.
We’ve always used Google’s reCAPTCHA to help protect the various forms we’ve built and hosted on our client’s websites. The reCAPTCHA helps to block automated form submissions, ensuring genuine customer enquiries and leads aren’t lost in a sea of spam.
You’ll almost certainly be familiar with it, being asked to select certain elements of a street scene or typing letters as they appear in an image to prove you’re human. Traditionally they’ve done a great job of stopping bots from attacking, but unfortunately the Google reCAPTCHA test is starting to lose its effectiveness.
As AI has advanced for the better, it’s also advanced for the worse. There are now companies specifically established to bypass the reCAPTCHA gate, meaning the system can be easily and frequently abused.
Whilst Google reCAPTCHA is still filtering some spam messages from contact forms, it’s clear more needs to be done for our customers.
We decided to roll up our sleeves and tackle the problem ourselves by developing our own bespoke software, to offer our clients better protection against malicious activity. After all, we want the websites we build to add value to our client’s operations, not waste their time and result in missed opportunities.
When developing our new software we thought long and hard about how we wanted it to work, and the approach we should take.
Taking a purely machine run/AI-based approach could potentially risk generating ‘false positives’, where genuine messages are blocked, especially during the learning phase. Spam content can change over time too, so any system would need to be constantly learning and adapting to continue blocking it out. To do this effectively a feedback loop is required to identify false positives and negatives, which usually requires some human involvement, and lots of time.
We decided to take a phased approach to allow us to achieve results quickly, whilst gathering data for further development.
The first phase involved selecting specific attributes spam message content could be reliably identified by. For example, HTML tags in messages (a common example of blog form spam) and looking at what the messages were trying to achieve (such as directing to a URL).
We handle the form submissions for multiple clients so we could easily identify identical, or similar message submissions across each website, and mark them as spam. The specific properties being checked for come from human-created lists that are regularly updated.
The second phase adds an interactive element to the system. It allows more general rules to be applied when classifying messages and a quarantine state for messages to be manually reviewed when the results from automated processing are inconclusive.
We will be implementing the system across all of our websites to help keep our clients’ inboxes as spam free as possible.
You must be cautious when dealing with spam messages received via your contact form. If you mark them as spam, you’re inadvertently damaging the sending reputation of your own website, as the emails aren’t coming from a third party, they’re coming from your website. This could result in your shipping notifications and other communication ending up in customer’s junk folders, which isn’t ideal!
Make a note of how many messages you’re receiving and save some examples of the content so you can share this information with your website provider. That way you can work together to help solve the problem.
Want to find out more about our anti-spam solution? Get in touch.