Here are two messages that hit the same Squarespace contact form, minutes apart. Both are short. Both are from people the owner has never heard of. Both ask for a call.
One is a real lead. One is spam. Before you read on, decide which is which.
Message A — Sarah Müller ([email protected])
"Hi, we're a small law firm in Zürich looking to redesign our website. Saw your work on Squair Law and was impressed. Could we set up a call next week to discuss scope and pricing?"
Message B — Jennifer Walsh ([email protected])
"Hi, I came across your website while researching companies in your space. I'd love to schedule a quick 15-minute call to discuss how our platform has helped similar businesses increase conversions by 40%. When are you available this week?"
Our filter scored Message A at 0.15 — clean, delivered to the inbox normally. It blocked Message B as spam, with the reason: "Generic outreach with a service pitch disguised as an inquiry."
If you got it right, good. Now here's why — because the difference is subtle, and it's the same difference that decides every borderline call.
What makes Message A real
Read it again. It's loaded with specifics that only a real prospect would know or bother to include:
- A named reference: "your work on Squair Law." This is the giveaway. The sender looked at an actual project in the portfolio and named it. A spammer blasting ten thousand forms can't do this — it would require researching each recipient individually, which defeats the economics of spam.
- A concrete identity: "a small law firm in Zürich." Specific industry, specific city. Not "companies in your space."
- A concrete ask: "redesign our website… scope and pricing." A real project with a real deliverable, not a vague "opportunity."
- A custom-domain email: `kanzlei-zurich.ch`. Kanzlei is German for a law firm's office. The email domain corroborates the story in the message — this really is a Zürich law firm.
Every claim in the message is anchored to something verifiable. That's what a real inquiry looks like: specific, corroborated, and about your work rather than their pitch.
What makes Message B spam
Message B is doing a careful impression of a real inquiry. It's polite, grammatically perfect, and structurally similar to Message A — short, friendly, asking for a call. But every specific detail is missing or hollow:
- "researching companies in your space" — the fake-specificity tell. It sounds like research; it names nothing. Which space? Which companies? It works for any recipient, which means it was written for no recipient.
- "how our platform has helped similar businesses" — this is the giveaway that flips it. A real prospect tells you about their problem. A spammer tells you about their product. The direction of the pitch is reversed. Sarah wants to hire you; Jennifer wants to sell to you.
- "increase conversions by 40%" — a number with no referent. 40% of what, for whom, measured how? Specific-sounding, verifiable by nothing.
- A promotional free-mail address: `[email protected]`. The local part literally contains the word marketing. Real businesses email you from their domain (
@kanzlei-zurich.ch), not from a Gmail account with "marketing" in the handle.
Message B is a service pitch wearing the costume of an inquiry. The model called it exactly that.
How the filter actually decided
This is where it gets interesting, because two different layers fired on Message B.
Pengon runs cheap heuristics first, then the AI classifier only on what survives. For Message B, a cheap layer caught something before the AI even ran:
email_pattern_promotional
That's our heuristic noticing the email local part jwalsh.marketing contains a promotional keyword (marketing) on a free-mail domain (gmail.com). A custom-domain role address like [email protected] is fine — that's a legitimate business inbox. But marketing on a Gmail account is a soft signal of automated outreach. It nudged the spam score up, but not enough to block on its own. Plenty of real people have odd Gmail handles.
Then the AI read the actual message and confirmed it:
"Generic outreach with a service pitch disguised as an inquiry."
Two independent signals — a structural one (the email pattern) and a semantic one (the message content) — pointing the same direction. That combination is what pushed it over the threshold.
Message A, by contrast, tripped no cheap heuristics. Custom domain, no promotional keywords, no disposable email, no suspicious patterns. So the AI got the final say, read the named portfolio reference and the concrete project scope, and returned 0.15 — comfortably legit.
The rule underneath all of this
Length doesn't separate real from fake. Politeness doesn't. Grammar doesn't — 2026 spam is grammatically flawless. Asking for a call doesn't; real prospects and spammers both do that.
Specificity does. A real inquiry references something only a real prospect would know: a named project, a concrete scope, a corroborating email domain, a problem that's theirs rather than a product that's yours. Spam gestures at specificity — "your space," "similar businesses," "40%" — without ever landing on a verifiable detail.
That's the line the model is trained to find. Not "is this polite?" but "does this person actually know something about you, or are they describing themselves?"
Sarah knew about Squair Law. Jennifer knew about Jennifer's platform. That's the whole difference, and it's the difference on nearly every borderline call we see.
Pengon is an AI spam filter for Squarespace contact forms. It reads every submission for meaning — not just keywords — and blocks the polished fake inquiries that reCAPTCHA waves through, while letting the real Sarahs reach your inbox. We're in our founding-member window: $50 USD once, lifetime, 15 seats, with a 14-day refund if it doesn't earn its keep. Built in Zürich by Quad Studio.
Want the bigger picture? Read how to stop Squarespace contact form spam, the guide this example belongs to.