How to stop Eric Jones and other spam emails and messages

Have you ever added an email or message form onto your website thinking “hey, this is great! People will be able to get in touch with me so much easier now, my inbox is sure to be filled with great leads!”? Only to end up with spam emails containing dodgy links flooding your inbox and some guy called Eric Jones trying to sign you up to a service you’ve never heard of?

Spam; it’s frustrating and inconvenient at best, and can result in a major security breach and criminal activity at worst.

What is SPAM and why do I get it?

The majority of spam emails are based around spoofing and phishing scams, with the intention of fooling you into revealing confidential information and credentials, or giving cybercriminals access to your network. 

Some spam emails will contain a link that, when clicked on, will take you to a page with a form for you to enter personal data, perhaps even credit card information, which the hackers can then steal and use themselves.

Other spam campaigns contain links or attachments that, when clicked on, will download spyware, malware, or a virus onto your devices or network that will then either access and steal, deny access to, or destroy data.

Why are spammers targeting me?

Very occasionally, hackers or other cybercriminals will purposefully target individuals or businesses but the vast majority of spam emails are sent using spam bots. So, it is highly unlikely that you are being targeted directly.

Most spam is sent to millions of email addresses a day in the hopes that at least some of the recipients will respond and fall for the scam. Hackers are playing the game of probability – if they send their emails to enough people, someone is bound to click on the link, open the attachment, or do whatever task the email is asking of them, giving them what they’re after.

How do spam bots get access to my email address?

Spam bots are able to access unprotected forms on websites and use them to send multiple emails. Much like Google’s web crawlers, spambots are machine-driven bots that crawl website after website looking for ways to send their emails to people. When they come across a contact form, their programming kicks in and they auto-fill the required fields on the form and send their message.

With the rise in AI capabilities, many spammers use AI to help the bots learn what works with different types of forms so that they can use the correct methodology for each form they encounter. This is why they can be such a pain, because they can be very clever. Which is why we need to be quite clever in our approach to stopping their ability to use the contact forms on our sites.

How do I stop spambots and spammers using my website contact form?

This is where technology like Google’s reCAPTCHA comes into play. 

Google has always put the needs of its users at the forefront of everything they do. With every algorithm update they release, it’s accompanied by an explanation as to why and how it helps users.

Because Google wants to help users and create an online experience that is as smooth, painless, and frustration free as possible, it also hates spam. Google may even hate spam more than most of us! Which is why their reCAPTCHA product is absolutely free!

What is reCAPTCHA and how does it work?

Google has released several generations of CAPTCHA technology, designed to trick or prevent bots from accessing sites, contact forms, or taking certain actions.

In earlier versions of CAPTCHA, you had to decipher random words that appeared wavy and type them in the box. This would often take several attempts and could be quite frustrating for users. 

Then came those picture boxes, where you had to select every square that contained an image, such as traffic lights or buses. Some websites still use these and they can be more frustrating than the previous generation of words!

Google even tried maths for a generation but since most robots are often faster at calculating sums than humans, this didn’t work very well.

Following that, reCAPTCHA2 came along – the famous “I’m not a robot” box checking exercise. Unfortunately, a lot of spammers are now able to get past that, too.

Now Google has released reCAPTCHA3, which is a piece of code that sits within your website that no one would know is there without looking at the code. No one alive, that is – as it tricks the bots. Ha! Take that robot uprising!

How do I add reCAPTCHA3 to my website?

The great thing about using Google’s proprietary tech is that they make it as simple as possible to use. Literally as easy as 1, 2, 3!

  1. Step 1

Go to Google’s reCAPTCHA website to register your site for reCAPTCHA.

  • Here you’ll just need to label your reCAPTCHA (we suggest simply using the domain name for the website you’ll be adding it to)
  • choose the reCAPTCHA type – obviously version 3 is the most recent and most advanced version
  • add the domain it’ll be used on
  • create a Google Cloud Project if you’re not logged into a Google account that already has one
  • agree to the terms and click submit
  1. Step 2

After submitting the information in step 1, Google will provide you with two keys to integrate with your website. 

All you need to do is copy the SITE KEY and SECRET KEY

  1. Step 3

Integrate each key into your website.

The SITE KEY goes into the HTML code on your site and the SECRET KEY is used for the server side integration. 

View Google’s instruction documents for more information on how the site key and the secret key are used in your website and how to make the most out of reCAPTCHA v3. 

We recommend getting your website developer to perform the key installation on your site if you’re not proficient in website development or coding.

And there you have it, it’s that simple to include reCAPTCHA technology on your website to prevent (as much as possible) spam bots accessing your website contact forms and flooding your inbox with spam or other forms of malicious content.

We’d suggest following Google’s own recommendations when it comes to reCAPTCHA installation by including reCAPTCHA v3 on all forms or actions on your website as well as within the background of your website’s pages to gather analytical data.

If you need any assistance securing your website using reCAPTCHA or any other element of your website management, design, or building, please get in touch – our team will be more than happy to help.