We constantly get questions from clients about how to avoid spam emails coming through the online forms on their websites. This is the first of two articles about how to block spam emails. First, let us say the most important thing about blocking spam:
NO anti-spam system is 100% effective
Sorry, spam is here to stay. It surely boggles the mind that there are companies spending obviously hundreds of thousands of dollars on spam techniques and technology. All I can say is that they must keep doing it because it works. Unfortunately! So, No anti-spam system is 100%. The tech world’s best efforts against spam are mostly a game of catch-up figuring out what the spammers are doing, and methods for overcoming it. Every solution is quickly met with the spammers’ next curveball.
Top that off with low-exchange rates with other countries where it is super cheap to pay someone–real human beings–to spam you. There are no easy ways to block this kind of spam that aren’t also dramatic (i.e. blocking the original IP and anyone else attached to it).
So…Here are our Top Three EASY solutions for blocking MOST automated spam on WordPress sites and SOME spam generated by human beings.
1. Use Akismet
Akismet has been in the spam-blocking game for many years. They have free versions available but we also encourage contributing to the service so they can keep up the good work. Simply install the Akismet WordPress plugin, create your Akismet account, and activate the Akismet plugin on your site using the Akismet API key. Not only does this filter out many to most spam comments on your site, it also blocks emails if you’re using Contact Form 7 for your forms.
2. Use an anti-bot system like CAPTCHA
This also doesn’t work against real-people spam, but it does a great job at blocking automated spam. Not much more else to say about this solution without making this a step-by-step tutorial (which this is not because there are already tons of good tutorials out there). Here’s an example of Google’s reCAPTCHA:
You’ve probably had to use this feature on other websites.
3. Manually block domains or IP’s
WordPress has a built-in feature for blocking spam messages or comments. This doesn’t really work until you’ve received a spam message BUT it will block any future messages so it’s still worth doing. To implement this method
- Enter the domain you wish to block
See the screenshot above for where to place it. You find the domain from the spam email you received. If email@example.com sent you an email about starting a bank account, you copy and highlight everything AFTER the ‘@’ symbol (don’t include the ‘@’ symbol). Place the domain (e.g. blockthisdarndomain.com) in the Comments Blacklist and this will work with Contact Form 7 to never send emails to you. As you can see from our example above we use this method ourselves.
It’s unfortunate that you are going to receive spam from time to time. Start with the methods above. Most of your automated spam will stop. When the odd spam message does get through you can block the domain and stop future emails. Mostly. Spammers are bound and determined to get through, and they get very creative about how they do it. What’s worse, your domain or email can end up on spam lists that are shared with others. But, online forms are a VERY important way for your ideal customers and prospects to get through to you so we recommend keeping a form active on your site when at all possible.
Hope these tips helped!
Photo credits: d3images