For Squarespace
Spam patterns

AI contact-form spam in 2026: 5 patterns hitting Squarespace inboxes

AI spam bypasses reCAPTCHA and lands in your Squarespace inbox looking like a warm lead. Here are the 5 patterns we see most — and why filters miss them.

Erkens
Erkens Founder, Pengon
  • spam
  • contact forms
  • ai
  • squarespace
  • lead generation
"Illustration of form submissions on a calm background

Spam used to be obvious. Broken English. A Hotmail address. A link to a Russian pharmacy. Delete, move on.

That's not what shows up in your inbox anymore.

What shows up now addresses you by name. It mentions your city. Sometimes it mentions one real project from your portfolio. It's grammatically perfect, eerily polite, and the only reason you'd suspect anything is a vague, nagging sense that nobody is actually saying anything.

This is AI-generated contact-form spam in 2026. We classify it all day for small businesses on Squarespace — architects, photographers, restaurants, boutique shops — and almost everything we see falls into one of five buckets. Here they are, with the tells that give them away.

1. The polished lead-broker

The most common shape we see — and the one reCAPTCHA cannot help you with at all.

"Hello [Your Name], I came across your beautiful portfolio while researching design partners in the Zurich area. I'm reaching out on behalf of a luxury hospitality group that is expanding into Switzerland in 2026 and looking for the right studio to collaborate with. Your aesthetic aligns with our brand vision. Would you be open to a quick call next week to explore a potential partnership? Best regards, Sarah"

Every sentence sounds plausible in isolation. The whole message says nothing.

Tells:

  • "On behalf of a [vague entity]" — a hospitality group, a luxury brand, a real estate developer. Never the actual name. Real clients reach out themselves. Brokers and outreach tools hide the principal because there is no principal.
  • Year-only timeframes — "in 2026", "for 2026 projects". Real inquiries mention months, quarters, or a specific event date.
  • Geography as fake context — naming the city you're in ("Zurich-based design partner") with no project, property, or location of their own attached.
  • Vague portfolio flattery — "your aesthetic aligns" without naming a single specific project you actually did.

A real warm lead has a brief behind every scope mention and a name behind every referral. This has neither.

2. The SEO / backlink / "quick favour"

Barely tries.

"Hi, I was browsing your website and noticed a few areas where your SEO could be improved to help you rank higher on Google. We help businesses like yours grow their online presence. Would you be open to a 15-minute call?"

Variants: guest-post requests, "I noticed a broken link on your site" (followed by a pitch), "rank #1 on Google", free article in exchange for a backlink.

These are easy to filter on keywords alone — but most contact forms don't filter on anything, so a surprising amount still lands daily.

3. The sophisticated "warm lead"

This is the one we lose sleep over. Someone has clearly trained an outreach tool on what real warm leads sound like:

"Hi — your name keeps coming up in our conversations. A founder friend mentioned you when we were talking about studios in Zurich. We're in stealth right now so I can't share too much, but we're starting to think about a brand identity and your work feels aligned. Not quite ready to brief yet, but wanted to open the conversation early. Happy to share more under NDA. Could we find 20 minutes in the next week or two?"

This works on people. We've watched smart founders almost reply before catching themselves. The giveaways are unfalsifiable, future-tense, and pre-brief:

  • Unnamed referral chains — "a founder friend", "someone at YC", "your name keeps coming up". Real referrals name the referrer.
  • Stealth-mode justifications — "we're in stealth", "pre-launch", "can't share details yet" — used to explain the absence of any verifiable detail.
  • Future-tense brief — "not quite ready to brief yet", "want to open the conversation early". Real leads come with a brief. They don't ask you to start one later.
  • NDA-before-details — "happy to share more under NDA", deployed pre-emptively to deflect any concrete question. Real founders share scope and budget freely until commercial terms.
  • Phantom prior contact — "following up on the note I sent last week", "apologies if this is a duplicate" — with no actual prior thread. Manufactured social pressure.
  • Studio-shortlist framing — "putting together a shortlist of Zurich studios", "narrowing down our agency search". Beauty parade rather than a real request.

Any one of these alone could be benign. Two of them in a single message is almost always spam. Three is definitive.

4. The crypto / investment / "passive income" pitch

Still alive, just better dressed.

"Hi, I represent a fund focused on long-term wealth strategies for creative professionals. We've helped clients in your industry achieve 18–24% annualised returns through diversified digital asset portfolios. Would you be open to a brief discovery call?"

The vocabulary has been laundered — no "crypto", no "Bitcoin", no "guaranteed returns" — but the structure is identical to a 2017 ICO pitch. Generic flattery, unspecified "fund", numbers that mean nothing, push for a call.

5. The "generic services" probe

Lowest effort, easiest to confuse with a real customer if you're tired.

"Hi, are you taking on new projects? Could you share your pricing?"

Or:

"Hi, I'd love to collaborate. Can we schedule a quick call?"

A real customer mentions what they want, when, and at least one detail — a room, a date, a guest count, a product, a location. The probe mentions none of that and hopes you'll bite.

It's a numbers game. The sender fires the same line at 50,000 contact forms. They only need 0.1% to reply.

Why traditional filters wave all of this through

reCAPTCHA and hCaptcha don't classify content. They classify behaviour. Did the form get filled out by a human-shaped mouse? Did it take a plausible number of seconds? That's it. An LLM running in a real browser session, typed at human speed, passes every check. The message itself never gets read.

Honeypot fields and time-traps catch dumb bots, but only those. They're useful — we use one ourselves to filter out the obvious junk before doing any real work — but they don't catch outreach SaaS tools using real browsers, real user agents, and real session timing. Those tools are commodity now: you can buy 1,000 "personalised AI cold emails sent through the contact form of your choice" for under $50.

Akismet-style blocklists were built for blog comments. They look for known spam URLs, known IPs, repeated fingerprints across the network. Modern outreach spam has unique copy per submission, comes from residential proxies, and never includes a link in the first message — that comes in the reply.

You can't filter 2026 spam without reading the message. And you can't read every message at scale without something that understands language.

What works: read the message

This is the bet we made with Pengon. We still keep the cheap stuff up front — a honeypot field, basic checks for empty submissions and disposable email providers — because those filter out the dumb bots in milliseconds for free. Anything that survives that gets read by an LLM tuned specifically on the patterns above.

The model looks at the content: does this message reference something specific about your business, or does it not? The fake "Sarah from the hospitality group" above scores 0.84. A real "we're renovating an apartment in Altstetten, available July, budget around CHF 300K" inquiry scores 0.05.

That's the gap that matters — and it's a gap no behaviour-based filter can see.

What you can do today, with or without a tool

  1. Read the message before you read the name. Names and signatures are the easiest things to fake. The body is where the tells live.
  2. Search the email domain. Real businesses have websites. Lead-gen tools use throwaway domains registered six weeks ago.
  3. If the message references your work, ask which specific project. Real clients reply with a project name in 30 seconds. Spam can't.
  4. If they push for a call without a brief, ask for the brief in writing first. Real clients send the brief. Spam disappears.

These rules won't catch everything — but enough that your inbox starts feeling like your inbox again.

If you want the rest handled automatically, that's what we built Pengon for. Right now we're in our founding-member window: $50 once, lifetime access, no recurring fee, capped at the first cohort. Try it for two weeks — if it doesn't pull its weight in your inbox, we refund you, no questions asked.

If you don't want a tool, we hope the taxonomy is useful anyway. The spam isn't going to get less polished from here.

Pengon is an AI spam filter for Squarespace contact forms, built in Zürich by [Quad Studio](https://quadstudio.ch). We read the spam so you don't have to, and write about what we find.

Knowing the patterns is step one. Step two is stopping Squarespace contact form spam for good.