How to stop spam being submitted on my website

I have a pop-out contact form on my website and am receiving spam emails on a daily basis from addresses ending in ‘’.

I have created a firewall rule to try and block this but it isn’t working (setup to block if the hostname contains ‘’). Can anyone advise what I need to do to stop these spam emails?

Email addresses?

That, you won’t be able to block via Cloudflare. Hostname references only refer to the host header which is sent by the browser, which will always be your domain.

But can I not set something up to stop this domain/bot from accessing the website in the first place?

Sure, but then that’s not related to that particular domain. Have you checked out #tutorials already?

Does your contact form show you the IP address of the sender? That’s something that would show up in server logs and may be something your contact form can include.

Cloudflare cannot block email addresses, if you know the ASN (autonomous system number) or the IP adress of that email then you can block it! Alternatively, you can enable Rate limiting (just be advised that this is a paid service, as I said in the link) and that might help!

Your contact form is probably using a HTTP POST. If so, using an Enterprise plan you can use Firewall Rules to block the request if the POST body contains your banned domain (or string)

Try blocking ASN AS29182 - JSC IOT, Russia, range is and the other ASNs shown on: Stop Forum Spam Domain Report for

Email blocking is usually a validation you will perform on the server-side. You can use services like DeBounce - Email Validation and Email Verification Tool and Stop Forum Spam to validate emails and usernames - if these fail validation then you simply ignore the request.

Cloudflare Enterprise is mentioned already but that will cost more than these other services. Unfortunately these services will require some coding/integration on your application.

Are you using some sort of captcha thing to verify that the message is being sent by a human - i.e. is this an automated submission or something that someone is typing in?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.