Kryptronic Software Support Forum

polarize · 03-21-2025 10:01:20

Is there a CAPTCHA security change coming in 9.4 that could help cut down on the amount of spam bot emails the come through on the Contact Us pages? Alternatively, is there a modifi cation we can make to enhance the security a bit so it cuts down on spam without creating a burden for customers? Thank you:)

webmaster · 03-24-2025 08:51:04

This is the first report I've seen of spam coming through the contact form on sites. Is it bad? The captcha we're using is pretty basic, but a very good design.

polarize · 03-24-2025 09:08:25

We're getting about 90% spam in our Contact Us form. You can tell they're bots because they will use a first and last name in both name fields and many of the spam emails are duplication of the same stuff like.. we can get your website to the top of search engines, backpacks for sale, and other non-sense.

polarize · 03-24-2025 09:21:10

In further note I have noticed that the CAPTCHA words appear much simpler than before and several words repeat often when I send test contact us and dynamic forms. It could be that it's not randomizing as much as it used to when the images were mixed case, included numbers and had overlaps with enough confetti to obscure the image.

I've also noticed different CAPTCHA patterns at other websites we use which include puzzle piece drags, selecting several images that are either related or not related to each other and images that force selection to identify a crosswalk, motorcycle or bus, etc.

webmaster · 03-25-2025 08:52:33

Some of the captchas these days are horrible - they present too big a barrier for user to pass - especially on ecommerce sites. I've made a note to look at this for a release later this year. We're wrapping up 9.4 right now and it's locked in at the moment. In the interim, be sure to place those messages into your Learn Spam folder instead of deleting them. Over time SpamAssassin will get better at filtering them out.

polarize · 03-25-2025 20:05:54

Is Spam Assassin active on your server? The last I checked Webmail wasn’t available in Siteworks. I use Gmail for my email client at the moment. Do you think Gmail would do the same as Spam Assassin?

webmaster · 03-26-2025 08:39:14

SpamAssassin is active on all Kryptronic servers and can be tuned to work a little harder if it's letting SPAM through. It doesn't matter which email client you're using - or whether we have web mail active (which we don't for security reasons), SpamAssassin works at a level before the mail hits your mailbox to identify/delete/mark SPAM. As long as you're connecting via IMAP you can teach SpamAssassin to recognize SPAM and HAM by putting messages in their respective folders when they come in. Ie: Put SPAM not marked as SPAM in the LearnSpam folder, and good mails marked as SPAM in the LearnHam folder.

Graham · 03-28-2025 10:21:55

webmaster wrote:
This is the first report I've seen of spam coming through the contact form on sites. Is it bad?

Err:

https://forum.kryptronic.com/viewtopic.php?id=35509

Fortunately the spammer who was targeting my contact form eventually gave up and went elsewhere...

Kryptronic Software Support Forum

#1 03-21-2025 10:01:20

Contact Us Spam Emails CAPTCHA Security

#2 03-24-2025 08:51:04

Re: Contact Us Spam Emails CAPTCHA Security

#3 03-24-2025 09:08:25

Re: Contact Us Spam Emails CAPTCHA Security

#4 03-24-2025 09:21:10

Re: Contact Us Spam Emails CAPTCHA Security

#5 03-25-2025 08:52:33

Re: Contact Us Spam Emails CAPTCHA Security

#6 03-25-2025 20:05:54

Re: Contact Us Spam Emails CAPTCHA Security

#7 03-26-2025 08:39:14

Re: Contact Us Spam Emails CAPTCHA Security

#8 03-28-2025 10:21:55

Re: Contact Us Spam Emails CAPTCHA Security

webmaster wrote:

Board footer