Why is My Form Captcha Not Stopping Spam?

So you don’t receive a lot of spam through your forms however, you do get some once in a while and you’re wondering why you get any at all because you have a Captcha that supposed to stop those. Well, Captchas are designed to stop bots (not humans). Bots are programs or scripts that are written by spammers or hackers to perform a function for the person who wrote it. Hackers use it to attempt to get into your website by trying to login over and over again with different passwords. In the case where a spammer is using a program, they are trying to fill out as many website forms as they can to send as much spam as they can to the owners of the sites.

Most website forms only go to the site owner, but in some cases, a website owner or the website designer will set the form to send a copy of the message to the person who fills the form out. This is not wise. While it is convenient for the person who’s filling the form out to receive a copy/confirmation of their form submission, it is not safe for the server that the website is on nor is it safe for the website the form is on. When a form sends a confirmation email with the contents of this submission, a spammer can use that form to send email to whoever they like by simply putting the email address they are trying to send spam to in the “Your Email” field. Spammers will manually go to websites to try and find forms that send confirmation emails out like I’ve described above. So they will fill out a form with no link or seemingly no purpose at all. But in reality they are just testing. You will most likely not see this happen over and over again because while these individuals are some of the lowest form of scum, they still don’t want to waste their time. So they will move on.

In short, it is not possible to block human spammers like this, without blocking human potential customers also.

Click image to enlarge

Now there is a way to block human spammers when they are using unique URLs (website links) like my screenshot example here…

You can simply forward this spammed form submission email you get to us at [email protected] and put in the message or subject line “Please block this spammer for me” and we will gladly add unique URL to our global block list. This will keep any of the forms on any of our servers from being able to accept this spammers message. They will not be able to submit any forms using that keyword. However, we don’t let them know that they were not able to send it. We make it appear as if it went through so they move on and not continue to try and adjust their message to get it to work. Yes we know that’s genius, it’s not just spammers and hackers that are intuitive.  >:)

Now keep in mind we cannot globally block words like fusion, herbal, smoke, thyroid, or remedy (which were used in this spammer’s form submission) because other customers on all of our servers may need those keywords to be in their form submissions. But the very unique URL or websites that they list do not belong in any of our customers form submissions.


Not already a Modern Web Studios customer? No problem, you can be!

If you are reading this article and you are not already a Modern Web Studios customer, you can certainly benefit from the information explained here however, you cannot yet benefit from our global spam protection which is only available in our network when you are hosting your website with us. We encourage you to move your website to our servers and allow us to begin to not only help your business and your employees be blocked from spammers but to benefit from many of our other safety, security and many other powerful website features.

(888) 987-7771 • Contact Us