We run a live Squarespace test site, pengon.net, with Google reCAPTCHA switched on. We checked the toggle ourselves — it's enabled in the form settings, the way Squarespace recommends.
This week a spam submission came through it anyway.
Name: Dalton Hartmann Email: [email protected] Message: (empty)reCAPTCHA was on. The submission still reached the form. Pengon caught it and blocked it, with the reason:
"The message is empty and the email address appears bot-like."
This isn't a "reCAPTCHA is broken" story. reCAPTCHA did exactly what it's designed to do. The problem is that what it's designed to do has a gap — and the gap is the whole reason we built Pengon.
What reCAPTCHA actually does
There's a common misunderstanding worth clearing up. reCAPTCHA v3 — the version Squarespace uses — doesn't block anything. It doesn't show the "click all the traffic lights" puzzle. It runs invisibly and assigns each visitor a score from 0.0 to 1.0 estimating how bot-like they seem, based on signals like mouse movement, browsing behaviour, IP reputation, and timing.
Then it hands that score to the site and lets the site decide what to do with it. Squarespace uses it as one input. A submission that scores in the grey zone — not obviously human, not obviously a bot — gets let through rather than risk blocking a real customer.
So "reCAPTCHA was enabled and this got through" isn't a malfunction. It's reCAPTCHA scoring a borderline sender and erring toward letting them in. That's the safe default, because the alternative — blocking real people — is worse for a business than the occasional spam.
The structural gap
Here's the part that matters, and it's true of every behaviour-based filter, not just reCAPTCHA:
reCAPTCHA judges the *sender*. It never reads the *message*.
It asks: does this visitor behave like a human? Real mouse movements, plausible timing, a residential IP, a browser that ran the JavaScript? If yes, the visitor scores well and the submission goes through — regardless of what the message actually says.
It does not ask: is this message spam? It can't. It never looks at the body. An empty message, a crypto pitch, a fake inquiry, a 419 scam — all identical to reCAPTCHA, because reCAPTCHA isn't reading any of them. It's watching the cursor, not the content.
Pengon reads the message. That's the entire difference. The submission from "Dalton Hartmann" had an empty body and a random-looking email on an unfamiliar domain — signals you can only see if you actually look at the content of the submission, which is exactly what reCAPTCHA doesn't do.
Being honest: this was an easy one
We're not going to pretend this was a hard catch. It wasn't.
An empty message paired with a bot-like email address is about the most obvious spam there is. Most basic filters would flag it. We're showing it not because catching it was impressive, but because it makes the structural point cleanly: reCAPTCHA was on, and even this — the easy kind — walked straight through. The sender behaved human enough to score a passing grade, so the content never got examined.
If reCAPTCHA lets the easy spam through, think about what it does with the hard kind.
The spam reCAPTCHA really can't touch
The empty-message spam is a nuisance. The dangerous spam in 2026 is the opposite: a long, polished, grammatically perfect message that sounds exactly like a real lead.
A fake "small law firm looking to redesign our website." A "luxury hospitality group expanding into your city." A founder who's "in stealth, can't share details yet, but your name keeps coming up." These are written by the same language models you might use yourself, sent through real browsers, by tools that render the page and move the mouse like a person — which means they score beautifully on reCAPTCHA. The sender looks completely human, because in every behavioural sense, it is.
reCAPTCHA waves them through without hesitation. They're the spam that actually costs you — the ones you almost reply to, the ones that bury a real inquiry, the ones that make you start treating your whole inbox like a slush pile.
Those are the catches worth writing about, and they're what's coming next in this series. This post was the easy one — on purpose. It's the clean illustration of the gap. The next ones show what falls through it.
Pengon is an AI spam filter for Squarespace contact forms. It reads every submission for meaning — not just sender behaviour — and catches the spam reCAPTCHA scores as human. Keep reCAPTCHA on if you like; Pengon sits on top and catches what gets past it. We're in our founding-member window: $50 USD once, lifetime, 15 seats, with a 14-day refund if it doesn't earn its keep. Built in Zürich by Quad Studio.
reCAPTCHA is only one layer, and a leaky one in 2026. The complete guide: how to stop Squarespace contact form spam.