If all sorts of annoying postal offers to increase something, constant “sudden” luck in the lottery and endless lawyers with sad news about deceased distant relatives abroad, who certainly left you a large inheritance, prevent you from working, then this news is for you!

Since the beginning of 2018, mass mailings of spam through the contact forms of various CMS have become more frequent in Russia. Thematic forums are full of messages about spam, and foreign projects have also suffered from Russian mailing lists. It got to the point that many foreigners simply block any messages with Cyrillic, because now all popular “engines” are affected by this problem, such as PrestaShop, OpenCart, Bitrix, WordPress and WooCommerce, Drupal, etc.

The service for such mailings has proven to be very popular due to its low cost and high audience coverage. For example, spammers offer to send more than 600 000 messages through various stores for $100.

Of course, we strongly recommend not to use such dubious methods of advertising and promotion. Your site can be blocked in search engines, your hosting account can be deleted, or even the domain can be partitioned.

However, while there is demand for such services, spammers are actively modifying their mailing bots to bypass popular blocking methods. In some cases, vulnerabilities in the CMS core are already being used to send requests directly, bypassing the contact form altogether. Accordingly, in such a situation, any JavaScript checks (like Google Recapcha) do not work, unless additional checks have been built in on the server side.

In some engines (for example, in PrestaShop), by default, a copy of the sent email is sent to the client. Thus, spam is received not only by you, but also by real people (on whose behalf and postal address the form is sent), who most likely do not know about the existence of your store at all, and thereby significantly damage the reputation of your store.

We offer a comprehensive solution to the problem of spam through contact forms, which includes:

  1. change default CMS settings when working with contact forms;
  2. integration with the Google Recapcha service with server-side validation;
  3. disable sending copies of emails to clients (if applicable);
  4. prohibition to insert any links (including short and Cyrillic) in the text of the message;
  5. generating a secret key and saving it in a cookie and checking whether the sent key matches the saved one;
  6. adding an additional text field hidden from clients and checking that it is empty;
  7. a number of additional checks for the request (availability of information about the browser and the page of the last transition, whether the request and the last page of the transition belong to the project domain).

This solution closes most of the problems with spam through the contact form. However, despite all the efforts made, getting around this is difficult, but still possible. For example, in the following ways:

  • using advanced bot technologies on real equipment (PC, tablet, phone), that disguise themselves as a person, move the mouse, emulate screen taps and can solve Google Recapcha;
  • using cheap labor, for example, through specialized services, to send a message by real people.

Moreover, in all cases of bypass, the message should be:

  • with short links (without http, https or www) separated by spaces like “yandex . ru” and with instructions like “just remove the spaces”;
  • or not using links at all, for example, write or call us.

Therefore, although we cannot guarantee a 100% result, we assure you that after the implementation of the proposed fixes, the amount of spam will definitely decrease by an order of magnitude. More often than not, contact form spam stops completely.

It is also worth reiterating that the proposed solution only addresses spam via contact forms. We recommend filtering all spam that goes to mailboxes published on the site by setting up spam filters on the mail server and then, by correctly flagging unwanted messages in the mailbox, gradually training the spam filter.

If you need help in the fight against spam – please contact us, we will offer an individual solution for your project!