If you’ve noticed a surge in fake form submissions, you aren’t alone. Automated bots constantly crawl the web looking for unprotected forms. While it’s a common nuisance, there are several effective ways to secure your Rocketspark site.
Enable reCAPTCHA (The Gold Standard)
The most effective way to block automated scripts is by enabling reCAPTCHA. This distinguishes between a human visitor and a bot.
Pro Tip: Modern setups often require a Google Cloud project. Ensure your "Site Key" and "Secret Key" are correctly pasted into your Rocketspark dashboard.
Immediate Mitigation: The "Cool Down"
If you are under a "brute force" attack (receiving dozens of emails per minute), you can temporarily hide the stack containing your your website.
Action: Hide the stack for 60 minutes. Most automated scripts will "give up" and move on when they can no longer find the form code. - Can I hide a stack? How to use the Hide/show stack feature
Frequently Asked Questions
Q: I have reCAPTCHA enabled, so why am I still getting some spam?
A: No system is 100% foolproof. Some spam is sent by "human click-farms" (real people paid to bypass CAPTCHAs), and sophisticated bots can sometimes mimic human mouse movements. Ensure you are using the latest version of reCAPTCHA for the best protection.
Q: Should I mark these emails as "Spam" in my Gmail/Outlook?
A: No. If you mark a Rocketspark notification as spam, your email provider may block all future notifications from your website, including legitimate customer leads. Simply delete the email.
Q: Will adding a CAPTCHA scare away my real customers?
A: If you use reCAPTCHA v3, most users won't even see it—it runs invisibly in the background. Even with visible versions, most customers are now used to this security step and appreciate that you are protecting their data.
Q: Can I just add a "Required" checkbox that says "I am human"?
A: While this helps block the simplest bots, modern scripts are programmed to click all "Required" boxes automatically. It is better than nothing, but much less effective than reCAPTCHA.