Wherever there is a contact form, there are spammers, relentlessly trying to send their worthless messages through your website and into your inbox. WideRange websites have always featured various spam prevention techniques that have successfully blocked the majority of spam messages — but the minority of spam messages that have gotten through has grown to an annoying level during this last year especially. So today I'm pleased to announce the implementation of a new and improved spam scanning filter on all our websites! So far it has proven to be remarkably effective at blocking almost all contact form spam.
With this new spam filter, the actual content of every message is analyzed (along with other sender metrics) and compared to a vast database of spam to determine if the message is legitimate or spam. Legitimate messages are emailed to you. Spam messages are saved to a Spam list which you can review in your admin panel at Mail > Spam. If you see any legitimate messages in there that were mistakenly marked as spam, you can mark those as NOT SPAM and they will be emailed to you.
So far this new spam filtering implementation is proving to be so effective that I don't think reCAPTCHA is even necessary any longer. If you have reCAPTCHA configured and activated on your website, you might consider deactivating it at least for a while.
Despite the effectiveness of the new spam filter, not everything can be 100% perfect and you'll probably still get a few occasional contact page spam messages that get through to your inbox. In this case, there's now a link at the bottom of the emails that says "Report as spam" — when you click that link, the message is reported to the spam database so that it can learn from its mistakes. Remember, though, do not ever mark emails from your website contact page as spam in your email application, even if they are! This has the opposite effect of training your email application that all contact emails from your website are spam — even legitimate ones. Instead, just click the "Report as spam" link in the email, then delete the email.
Note that all of the above applies only to contact form spam — messages that were sent from the Contact page on your website. This does not apply to direct spam — spam that was emailed directly to your email address, not through the website. One way to prevent direct spam is to never post your email address publicly visible on your website or anywhere online, which makes it super easy for spam bots to harvest your address and put it on their spam lists. This is the whole point of the website contact page in the first place — to allow people to contact you without displaying your email address publicly.
This new spam filter should keep your inbox cleaner from now on!
Quick Update with Stats
Two weeks after launching the new spam filter I already have some interesting stats to share:
- In just two weeks, there have been over 15,000 total message attempts through the contact pages of our ~225 clients' sites.
- Only 1% were legitimate messages! 99% were spam attempts!
- About 75% were blocked by the built-in spam trap (which was already there before).
- About 20% were blocked by Google reCaptcha.
- The remaining 5% were filtered by the new spam-analyzing filter. (Presumably this percentage would rise if more clients disabled reCaptcha, which I'm convinced isn't necessary at all any longer).
- Among the filtered messages, about 25% were definitely spam and blocked outright, 50% were marked as spam and saved to the spam list, and 25% were marked as legit. Less than 1% of filtered messages were missed spam that got through.
- So, in two weeks, out of 15,000 total message attempts, only 10 spam messages made it through! I would call this a resounding success (for us, not the spammers!).
