I love the basic kirby contact form, but my clients get a lot of spam coming through. I’ve added Google’s Recaptcha v3, but it only returns a score from 0-1 indicating how likely the user is to be spam (0) or a human (1). Instead of showing puzzles, it leaves it to me to determine how to respond to a low score.
Any ideas on best practices here? If it’s just a contact form, I can’t initiate 2-factor authentication since these visitors have no account on my website. But could I send them an email that would require them to click another link in order for the contact form to submit?
For example, I’d like to add it to this simple form on meetmainsouth.org to prevent spam from sending an email to the site owner…
Would be too much of a hassle for me anyways, to be honest.
I usually include one extra field with a “static captcha”. For Example: “Enter the word mainsouth into the field”. You can check the value with a Kirby validator and only send the form if the user entered the word correct. I usually accept different spellings - “mainsouth”, “Mainsouth”, “MAINSOUTH”.
It’s simple, easy and I have good results with it so far.
When you use Kirby Uniform you can easily add a Simple captcha Guard or a Calc Guard, should work as well.
Thank you @stffr! The design team is asking me for a frictionless check so no human sees a graphical check which is what pushed me to Recaptcha v3. I like your idea of a static captcha though–do you find it reduces the spam?
@stffr Would it make sense to use the Recaptcha v3 to check for bot likelihood, then show your static captcha field if the score is below a certain threshold? That way I could let most ‘people’ through and only add some friction if seems like a bot.
I recently stumbled upon https://friendlycaptcha.com/ and implemented this at a clients website. And so far we had no spam coming through. You wrote “no graphical check” which it is not. However, it should show for a visual feedback - although you can probably hide this just as well.