How to Kill Gravity Form Email Spam: Zero Spam
Notes from this Gravity Forms presentation
We don’t use: reCAPTCHA
- Gravity Form supports V2 (visible and invisible).
- reCAPTCHA V3 not on the roadmap until after GF v2.5 is out.
Why:
- More data to Google.
- Lack of feedback on visitor experience.
- Perhaps best as a last resort.
Also not used: A.kis.met
- Gravity Forms has default integration with Aksimet under Forms > Settings.
- It’s added to all forms, but there’s (code) filters to disable individual forms and/or fields.
Why
- Again faff with keys and accounts.
- Only free for personal use.
- More for comment spam.
(If the, often overlooked, WP settings are not working for comment spam I use the lighter Antispam Bee)
Email list spam
Double Opt-In Forms often get mentioned when talking about reducing spam addresses going to your email list. I think since GDPR this is the standard and without a genuine email address to confirm consent spammers are thwarted.
AWeber, Campaign Monitor, CleverReach, Constant Contact, EmailOctopus, Emma, GetResponse, HubSpot, iContact, Mad Mimi, Mailchimp.
My default
- Turn on anti-spam honeypot. (A honeypot field is a hidden field that tricks a spam bot into filling it out when it should really be left blank.)
- Limit entries per day. (This is more for more serious attack which could slow a site or result is a large bill if using a transaction email service.)
Worth considering
A question field which only when answered correctly allows the “submit” button to work.
I can not vouch for this because we tend advice for conversion limit the fraction for users.
Talking of conversion expert tend to agree that the default “submit” text is not great micro-copy. Send maybe a better default when nothing better seem obvious.
Finally: Why not the default?
Excellent question!
It blocks visitors with JavaScript turn off in browsers and I started in the web when not supporting JS free users was frowned upon.
In truth, I think most sites are now so dependent JavaScript to deliver a good user experience that only bots and experts who know what to do would turn it off.