How to stop spam originating from website

You’re a small law firm with a website, and your marketing is going well so your website is getting a lot of exposure. If your assistant weren’t drowning in spam emails, everything would be perfect. Besides the wasted time, you worry that some real leads are being lost in the sea of spam.

Website Spam: A Hydra

Spam facilitated by your website is a many-headed snake. If you stop spam bots from filling out the form, you’ll still have an army of human spammers filling out your forms from an office complex in the developing world. This snake has many heads we must deal with, so let’s get to work!

Bot Form Filling

A program can fill out many more forms than a person, so bot form filling is a larger-scale problem than human form filling, but there are ways of detecting bots.

How to Defeat the Bots

CAPTCHA is becoming less and less effective, and has the added problem of reducing form fill conversions. An excellent alternative is to use the “Anti Spam Honeypot” option in Gravity Forms, available in the Form Settings section.

Human Form Filling

Actual humans filling spam shouldn’t be combatted at the form level, because making it harder for humans to fill in your form will make it harder for your customers – who are presumably all humans.

How to Defeat the Humans

To defeat human spammers, I recommend setting up custom spam filters to filter for the type of spam your specific business receives. Because of the higher cost of using human spammers, typically you’ll receive only specific types of spam that are targeted to your industry or business type. This makes it easier to set up custom filters. See the final section for program-specific instructions.

WhoIs Domain Lookups

When a domain is registered, an email address is required (along with other personally identifiable information like name, address, and phone number). People can look up this information with a “WhoIs search”, available from websites like this

The 2 main types of spam that come from this are web design spam where a (usually foreign) design firm offers cheap design service, and registration spam, where a scammer will send a deceptive email requesting payment for something like “SEO Registration” hoping unsuspecting domain owners will pay them thinking they’re renewing their domain. Note that the web design spam also comes in the form of phone calls, and the registration scams also come in the form of physical mail.

Web Design Spam Example

Example of a website spam email
Note the use of design industry wording, this makes spam filters easy to set up for this type of email. By creating a custom filter for emails that you've never sent an email to, which also use the words "HTML", "PHP", and "affordable" you'll weed out many of these types of emails. More on this in the final section of this article.

Registration Scam Example

Example of a registration scam email
Note the deceptive wording in the email, the formal and forceful wording, the fraudulent name " Support" and the nonsense email. These are typical features of this type of scam. The variety you may find in the mail typically use more graphics to seem official, which you're less likely to find in the email because images increase the risk rating on most spam filters.

How to Defeat the WhoIs Lookups

There are many services for private registration or proxy registration that obscures this information from the public. Most domain registrars will offer to sell this to you when you are buying your domain at usually about $5/year. This also helps defeat the spam phone calls and the spam/scam physical mail.

Here’s an example from, which automatically applies their WhoIs Privacy when checking out.

WhoIs Privacy Example

WhoIs Privacy Example on

Improving Spam Filtering At The Inbox Level

Your email program’s anti-spam software will usually have an adjustable sensitivity setting. Setting this higher can filter more spam, but can result in false positives.

You can also set up custom spam filters using rules you set up. I recommend using at least a few criteria, including a negative keyword or two (for something that your real correspondents say but that spammers never do).

Program-specific spam filter instructions:

Outlook: Junk Email Filter Sensitivity Settings
Gmail: Custom Filters in Gmail
Mac Mail: Reducing Junk Mail in Mac Mail

Need help?

Email us: [email protected]
Phone us: 844-344-IRIS (4747)

Keep Reading