For Squarespace
Engineering

Stop Squarespace contact form spam — without blocking real clients (2026)

Nearly 28% of web form submissions are spam, and AI now beats reCAPTCHA. Here's why your Squarespace contact form still gets hit, and how to actually stop it.

Erkens
Erkens Founder, Pengon
  • spam protection
  • squarespace
  • mistral ai
  • contact form
"Illustration of two form submissions on a calm background

In April 2025, security researchers found a tool called AkiraBot. It used OpenAI to write a slightly different, friendly-sounding spam message for every site it hit, then walked straight past reCAPTCHA, hCaptcha, and Cloudflare Turnstile to spam more than 420,000 domains (The Hacker News, 2025).

If you run a Squarespace site, that's the part that should worry you. Your reCAPTCHA is probably already on. And the spam is still landing.

This guide explains why that happens, what the fake "project briefs" and SEO pitches in your inbox actually are, and how to stop them, without the filter quietly binning a real client along the way.

Key Takeaways

  • About 28% of all web form submissions are spam, and contact forms are among the most-hit (Clearout, 2025).
  • reCAPTCHA proves a sender is human. It can't read whether the message is real, and in 2024 AI solved reCAPTCHA v2 with roughly 100% accuracy.
  • AI now writes the spam, so the only durable fix reads the content of each submission. That's how Pengon works: a Mistral model reads every message before it reaches your inbox.

Why is my Squarespace contact form getting spam?

Because spamming a form is cheap, automated, and increasingly written by AI. Roughly 28% of web form submissions are spam, with contact forms sitting among the most-targeted form types after sign-up forms (Clearout, 2025). You're not unlucky. You're on a list.

Two things changed recently. First, the volume: more than half of all web traffic is now bots, and a large share of that is "bad" bot activity aimed at businesses, with form-submission bots rising sharply year over year (Clearout, 2025). Second, the quality. The old tells are gone. No broken English, no ALL CAPS, no obvious dodgy link. Today's message reads like a polite enquiry from a real studio.

That second shift is the one that hurts. It's also where the real damage hides, and we've written about what contact-form spam actually costs your business in its own piece. The short version: the cost isn't the ten seconds you spend deleting junk. It's the genuine enquiry you skim past because the message above it was fake.

Does Squarespace's reCAPTCHA actually stop spam?

Less and less. In 2024, an ETH Zurich study showed an AI model solving Google's reCAPTCHA v2 with close to 100% accuracy, and bots now beat humans on every standard CAPTCHA format, finishing in under a second where a person needs nine to fifteen (ScrapingAPI, 2024). The test designed to catch robots is now easier for robots than for you.

Here's the structural problem, and it matters more than any single statistic. reCAPTCHA answers one question: *is the thing filling in this form a human?* It says nothing about whether the message is real. When spam was sent by crude bots, "block the bots" was a decent proxy for "block the spam." That proxy has broken. AkiraBot didn't brute-force the CAPTCHA. It used the same AI you do to look like a legitimate visitor, then submitted polished, human-grade spam.

reCAPTCHA isn't useless. Keep it on. It still filters the lazy, high-volume bots that never bother dressing up. But treating it as your spam defence in 2026 is like locking the front door and leaving the back one open. We pulled a real example apart in reCAPTCHA was on, and this spam got through anyway.

One more practical wrinkle: in 2025 Google cut reCAPTCHA's free tier from one million monthly assessments down to ten thousand, pushing many site owners to look for alternatives (ScrapingAPI, 2025).

What does AI-written form spam look like in 2026?

It looks like work. A typical one opens with a compliment about your portfolio, mentions "a project" without ever naming it, drops a corporate-sounding signature, and asks for a quick call. There's no broken grammar to flag and no keyword to block. It is designed, deliberately, to make you hesitate before deleting it.

The genres are predictable once you've seen a few hundred: the lead-broker who has "clients looking for someone like you," the SEO or backlink "quick favour," the warm-but-vague investment pitch. We catalogued the recurring ones in the 5 AI contact-form spam patterns hitting Squarespace inboxes. The pattern underneath all of them is the same: specific-sounding, but specifically about nothing.

This is why a keyword filter can't win. The word "collaboration" appears in a templated outreach blast and in a genuine enquiry from a fellow studio. The word isn't the signal. The *meaning* is. And meaning is exactly what a keyword filter can't see.

What spam options does Squarespace give you, and where do they stop?

Squarespace ships a handful of defences, and they're worth turning on, but each checks the sender rather than the message. Officially, you get reCAPTCHA, the option to hide email addresses so bots can't scrape them, a manual question field you can add to a form, and a way to report missed spam so Squarespace can improve its detection (Squarespace Help Center).

Use all of them. They reduce the easy stuff. But notice what every one of them has in common: none reads the content of the submission. reCAPTCHA checks humanity. Hiding your email raises the cost of being targeted. A manual question is a speed bump an LLM clears instantly. Squarespace itself is honest about this in its own docs, noting there's no way to block all spam, only to reduce it.

So the question becomes: what reads the message?

How do you actually stop it? Read the message.

The durable fix is to filter on content, not just on the sender. A reCAPTCHA can be solved and an email can be hidden, but a fake brief still has to *say something*, and what it says is where it gives itself away: a corporate signature paired with a free webmail address, enthusiasm with no specifics, a tone that doesn't match a real client. A system that reads the message can catch that. A system that only challenges the sender never sees it.

That's the layer Pengon adds. You paste one script into Squarespace's Code Injection (the same place you'd add Google Analytics), and from then on every submission to your contact form is intercepted before it reaches your inbox. It runs through a Mistral language model, hosted on Cloudflare's EU infrastructure, that reads each message the way a careful person would and decides whether it's a real enquiry or dressed-up spam.

A few things make this practical rather than risky:

  • It works *with* reCAPTCHA, not instead of it. Keep your existing protection on. Pengon is the content layer on top.
  • It doesn't change your forms. Submissions still land in your normal Squarespace inbox with your usual integrations intact. Nothing about the visitor's experience changes, and the AI runs server-side after the form confirms, so there's no added wait.
  • It fails open. If Pengon is ever unreachable, your form submits as normal. A spam filter should never be able to take your contact form down.
  • Mistakes are recoverable. Every blocked message sits in your dashboard with a one-click Recover button. Nothing is silently deleted, and a recovery teaches the model. We show the model's reasoning on a real pair of messages in two contact-form messages, one real, and how the filter tells them apart.

Why Mistral and not a bigger name? For a focused classification job like this, a smaller open-weights model gives the right mix of speed, cost, and EU data residency. We don't need a model that writes poetry. We need one that reliably tells a real enquiry from a fake one, quickly, with your visitors' data staying in Europe.

A practical checklist: layer your defences

There's no single switch, so stack the layers. From cheapest to most effective:

  1. Keep reCAPTCHA on. It still stops the low-effort bots. Settings → Advanced → External API Keys.
  2. Hide public email addresses. Don't print `[email protected]` in plain text on the page. Make bots go through the form.
  3. Add a manual question field if you like. It's a minor speed bump, not a wall.
  4. Add content filtering. This is the layer that reads the message and catches the AI-written spam the others wave through. It's a two-minute Code Injection install, no Zapier, no developer.

The first three reduce volume. The fourth is the one that actually addresses 2026-grade spam. If you only do one thing, do the fourth, and keep the rest as backup.

What about newsletter and signup form spam?

Signup forms are actually the most-spammed form type of all, ahead of contact forms (Clearout, 2025). But they're a different problem, and it's worth being straight about it. A newsletter signup is usually just an email address. There's no message to read, so a content-reading AI has little to work with.

For those, the effective layers are different: a honeypot field that invisible-to-humans bots fill in and real people never see, a disposable-email blocklist, and rate limiting that catches one address mass-subscribing. Pengon runs those checks too. Just know that on an email-only form, it's the honeypot and blocklist doing the work, not the language model. Anyone promising "AI reads your newsletter spam" is overselling, because there's nothing for it to read.

FAQ

Why does spam get through when my reCAPTCHA is on?

Because reCAPTCHA checks whether the sender is human, not whether the message is real. In 2024 AI solved reCAPTCHA v2 with near-perfect accuracy (ScrapingAPI, 2024), so modern spam passes the check and still lands a polished, fake enquiry in your inbox.

Does hiding my email address stop contact form spam?

Partly. Hiding your address makes it harder for bots to scrape and target you directly, which is worth doing. But it does nothing once a bot submits the form itself, and form-submission bots are rising fast (Clearout, 2025). It reduces exposure; it doesn't filter submissions.

Will a spam filter break my Squarespace forms or features?

It shouldn't. Pengon intercepts submissions rather than replacing your form, so your native Squarespace inbox and integrations keep working, and it fails open if it's ever unreachable. The visitor sees no difference, because the check runs server-side after the form confirms.

Is AI form spam actually getting worse?

Yes. AI now writes unique, grammatically perfect spam at scale. AkiraBot used OpenAI to spam more than 420,000 domains while bypassing reCAPTCHA and similar tools (The Hacker News, 2025). The spam isn't just more frequent, it's better disguised.

Does Pengon work with Squarespace's built-in reCAPTCHA?

Yes. Leave reCAPTCHA on. Pengon adds the content-reading layer on top, catching the spam reCAPTCHA can't see. They complement each other: one checks the sender, the other reads the message.

The bottom line

Three things to take away. CAPTCHA proves a sender is human; it can't tell you a message is real, and in 2026 that gap is wide. AI now writes the spam, so the defence has to read the content, not just challenge the sender. And the right setup is layered: keep reCAPTCHA, hide your email, then add a filter that reads every submission.

Pengon is that filter, built specifically for Squarespace. One script, two-minute install, works alongside reCAPTCHA, EU data residency, and a Recover button so a real client never gets lost. It's in private beta with a one-time founding-member price of $50 for lifetime access, backed by a 14-day money-back guarantee.

Get your contact form back →