Use this guide to reduce spammy messages sent through your site's Form Blocks. Although there's no way to block all spam from reaching you, there are a few strategies to decrease the amount.
Why is this happening?
Spambots crawl the web looking for ways to share unsolicited content. They look for email addresses, forums, and contact forms. So, if you have a Form Block on your site, there's a chance you'll receive spam.
Form spam when using an email address
When you use an email address as your Form Block storage, all form submissions are delivered to your email inbox from a Squarespace email address, firstname.lastname@example.org. This doesn't mean the contents are legitimate or come directly from us. We'll never contact you through a Form Block on your site.
These spam form submissions often:
- Use a string of random letters and numbers in the subject field
- Ask you to click a link to make a "secure payment" for something
- List a contact name and email address you don't recognize
In these cases, we recommend not clicking any links or contacting the supposed sender. You may also want to read more about how to spot a phishing scam.
Reduce spam using Google reCAPTCHA
The best way to prevent spammy messages through your forms is to add Google reCAPTCHA. Google reCAPTCHA is a tool that distinguishes humans from spambots. It prompts visitors to check a box verifying that they’re not a robot, and sometimes asks visitors to complete another task, like identify a string of letters. Most spambots can’t do this, but your human visitors should have no trouble.
Reduce spam using a confirmation email
Another great way to prevent form spam is to select Squarespace Email Campaigns or Mailchimp as your storage option. Both services send a confirmation email, which requires subscribers to confirm their subscription before they’re added to a mailing list.
If you use Squarespace Email Campaigns, the confirmation email is enabled for Cover Page newsletter signup, Newsletter Blocks, and promotional pop-ups. To learn more, visit Subscriber verification.