Clamp Down on Form Spam with Google reCAPTCHA

Forms are our friends. Websites use forms to capture leads, collect payments, automate workflows, upload documents, and more (Here’s why Gravity Forms is our favorite form builder.). Forms far surpass a basic email link in benefits and features – and yet both approaches can attract email spam.

Junk email is a common complaint of website managers because spam bots scan the web for forms, fill them out, and send them straight to your inbox. We’ve found that the best way to mitigate unwanted form spam is Google reCAPTCHA. Keep reading to learn more about the following questions:

  1. What is Google reCAPTCHA?
  2. Why should I use reCAPTCHA?
  3. How do I use reCAPTCHA?

What is Google reCAPTCHA?

reCAPTCHA is a free Google service that helps protect your website from spam by distinguishing between human users and automated bots. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart (… yea, it’s a mouthful!). reCAPTCHA uses advanced risk analysis techniques to keep malicious software from engaging in abusive activities on your website.

If you’ve ever visited a website and been asked to “select all squares with traffic lights”, then you’ve completed a CAPTCHA. These tests can be annoying for visitors. In response, Google developed reCAPTCHA Version 3 which is invisible. It runs in the background of a website and analyzes user behavior to determine if they are a human or a bot. In 2020, Google released another invisible version called reCAPTCHA Enterprise that is even more advanced.

Why should I use reCAPTCHA?

In the simplest terms, you need reCAPTCHA to cut down on email spam being sent from your website. You may receive unwanted spam from contact forms, or other types of forms such as user registration or login. Besides receiving unwanted email, these submissions also clutter up your form message logs, create fake accounts on your site, and can pose a security risk.

How do I use reCAPTCHA?

Setting up Google reCAPTCHA on your website takes a few steps.

  1. To use reCAPTCHA, you'll first need a Google account.
  2. Next, generate an API key through the reCAPTCHA website.
  3. Then associate that key with your website domain.
  4. Finally, turn on reCAPTCHA through your form solution (like GravityForms), and add the API key to your website

Tip: Regularly monitor how reCAPTCHA is performing on your site. Many plugins will give you a spam folder (on your website, not in your email), and you should check this to see if legit messages are ending up there. If they are, you can usually adjust reCAPTCHA's sensitivity. If you're still getting spam, you can adjust for that, too. It's more of an art than a science.

Kick spam to the curb with Google reCAPTCHA. If you need it, we’re here to help with the integration process.

Get in touch

Monthly newsletter: Interviews with experts, websites doing it right, and recommended tools.

Sign me up

Hire us: exceptional websites and a better project experience.

Get started today
× strategy-guide-graphic

Free eBook: The Website Strategy Guide

Develop an air-tight plan for a winning website.

Learn more