why i still getting spam emails after installing reCaptcha v3

19.6k views Asked by At

I have installed google recaptcha v3 in my html form but i'm still getting spam emails, what should i do next to prevent spams ? Any way without using php code only js scripts ?

My code is using this one :

 <script src="https://www.google.com/recaptcha/api.js"></script>

Add a callback function to handle the token.

<script>
   function onSubmit(token) {
     document.getElementById("demo-form").submit();
   }
 </script>

Add attributes to your html button.

<button class="g-recaptcha" 
        data-sitekey="reCAPTCHA_site_key" 
        data-callback='onSubmit' 
        data-action='submit'>Submit</button>
2

There are 2 answers

0
Sean W On BEST ANSWER

You have to verify the captcha request server side. You are likely getting hit with spambots. Having only client side validation will only work against most humans, not bots.

Bots do not care if your client side has reCAPTCHA as they likely reading your HTML form's action URL and directly sending a POST request to it without your validation script - in short they are bypassing reCAPTCHA and other client side validation.

You should also be warry of posting your email address directly on your site as they often get scraped and spammed as well. Here is an old post that talks about obfuscation of on site email address to prevent spam.

1
questionmaster On

Try this

function submit(e) {
  e.preventDefault();
  var response = grecaptcha.getResponse();

  if (response.length == 0) {
    //reCaptcha not verified
  } else {
    //reCaptch verified
    document.getElementById("demo-form").submit();
  }
}
<script src="https://www.google.com/recaptcha/api.js"></script>
<form onsubmit="submit();">
  <input type="text" name="name">
  <button class="g-recaptcha" data-sitekey="reCAPTCHA_site_key" data-callback='submit' data-action='submit'>Submit</button>
</form>

Change the right key in there !