Spammers target everything and your contact forms are no exception.
Contact Form 7 provides several spam protection modules; we recommend utilizing different types in combination.
Akismet is a powerful anti-spam service provided by Automattic that protects your contact forms. Spam filtering with Akismet forms the centerpiece of our spam prevention strategy.
Disclosure: The author of this post is an Automattic Affiliate, meaning we get a commission if you decide to make a purchase through the links, at no cost to you.
The first step is to activate the Akismet plugin. Since the plugin package of Akismet is bundled with WordPress, there is no need to manually install it. Move to the Plugins menu and simply activate the plugin titled Akismet Anti-Spam.
You need an API key to use Akismet. If you use it on a personal blog, you can get an API key for free. For corporate or commercial sites, paid subscriptions are available.
For people considering the paid subscriptions, we recommend Jetpack Anti-spam or Jetpack Security, which includes backups and malware scanning in addition to spam protection. Jetpack is the total security package for WordPress and is provided by the same company as Akismet.
Deploying Akismet in a contact form
The primary purpose of Akismet is to protect WordPress comment forms. To use Akismet to protect Contact Form 7, you need to give specific options to input fields (form-tags).
There are three Akismet-related options:
You give this option to the field where submitters input their names.
[text* your-name akismet:author]
You give this option to the field where submitters input their email addresses.
[email* your-email akismet:author_email]
You give this option to the field where submitters input the URL of their websites.
[text your-url akismet:author_url]
To deploy Akismet in a contact form, use one or more of these options in the form. To get accurate results, you are advised to use as many options as possible.
Where Akismet is deployed, Contact Form 7 sends data to Akismet when a user submits the form. The data are composed of all user inputs (not only the fields with an
akismet:* option) and variables from the environments. Akismet will verify the data to respond with a “spam” or “ham” answer.
If a “spam” answer is the response, Contact Form 7 will suspend the email and show a message saying, “There was an error trying to send your message,” surrounded by an orange border.
Testing the spam filtering
To test if the spam filtering is working correctly, try inputting “viagra-test-123” into the name (
akismet:author) field or “firstname.lastname@example.org” into the email (
akismet:author_email) field, and submitting the form. With these magic words reserved for testing, Akismet must return a “spam” response. If it is working as expected, you’ll see an orange-bordered error message.
Reporting false detection
Automated spam filtering cannot be 100% accurate. False positives (ham incorrectly classified as spam) and false negatives (spam incorrectly classified as ham) will exist. When you find messages are treated incorrectly by Akismet, you can report the false detection. Akismet learns from the information you report, and the accuracy of the spam filtering algorithm will be improved.
To report false detections to Akismet, you need the Flamingo plugin activated because Contact Form 7 doesn’t come with the ability to store submission data into the database. You can view messages through contact forms in the Flamingo > Inbound Messages menu. Normal messages are in the Inbox list, and spam messages are in the Spam list.
When you find a message in the Inbox list that should have been marked as spam, open the message and change the Status to Spam. Flamingo automatically sends a false negative report to the Akismet API. Likewise, change the status to Not Spam when you find a normal message in the Spam list. Flamingo properly reports false positives to Akismet.