Erik

Hallo @bueropesche

Könntest du mir sagen, was genau bei dir nicht funktioniert? Ich habe es auf verschiedenen Websites getestet (das kannst du mit der Live-Vorschau auch tun) und hatte keinerlei Probleme, auch nicht mit den neuesten Versionen von CF7. Könnte es vielleicht ein Konflikt mit anderen Plugins sein? Könntest du mir das Fehlerprotokoll schicken? Das würde mir sehr helfen

Dies ist ein englischsprachiges Forum, und Englisch wäre die bevorzugte Sprache, danke!

Hello @jackrus60! Thanks for the great suggestion. To help you block those spam emails with multiple dots and random domains, we have added Regular Expression (Regex) support to the Bad Email Strings filter!

You can now set up rules that look for specific patterns rather than just exact words. To use it, simply add regex: at the very beginning of your rule in the blocklist.

For example, to block any email address that has multiple dots before the @ symbol, you can now add a rule like:

regex:/(?:\..*){2,}@/

Your existing plain-text rules will still work exactly as they did before.

TLDR; New Anti-Gibberish Filter

Additionally, based on your example of spam messages containing just a single random word, I have also added a new “High Entropy” filter to the plugin! This will automatically block messages that look like unnatural gibberish. Specifically, it flags a message if:

• The message contains fewer than 5 words.
• The message contains 6 or more consecutive consonants (unnatural typing).

Note: For this current release, this new filter is activated “behind the scenes” automatically as long as you have the Bad Email Strings option enabled. In the next plugin update, I will be adding a dedicated menu entry for it so you can toggle it on and off directly!

Let me know if this helps you catch that spam!

For Developers: How to create a Custom Filter

If you want to take things a step further and build your own custom spam rules using PHP, the plugin makes it easy via the Abstract_CF7_AntiSpam_Filter class.

To create a custom filter, you just need to extend this abstract class and implement the process() method. The class also provides a handy get_posted_value() helper to safely retrieve and sanitize form data.

Here is a quick boilerplate example of how you could build a rule to check the message length:

use CF7_AntiSpam\Core\Abstract_CF7_AntiSpam_Filter;

class My_Custom_CF7_Filter extends Abstract_CF7_AntiSpam_Filter {

    /**
     * Process the custom filter logic.
     *
     * @param array $spam_data The spam data context.
     * @return array The updated spam data context.
     */
    protected function process( array $spam_data ): array {
        
        // 1. Safely get the submitted message field
        $message = $this->get_posted_value( 'your-message', '' );
        $message = trim( $message );

        // 2. Add your custom logic: check if the message is just a single word
        if ( ! empty( $message ) && str_word_count( $message ) === 1 ) {
            
            // 3. If it's spam, log the reason in the 'reasons' array
            $spam_data['reasons']['single_word_message'][] = 'The message contained only a single word';
        }

        // 4. Always return the $spam_data array
        return $spam_data;
    }
}

The parent class automatically handles checking if the user is already allowlisted or if the form was already flagged as spam by a previous filter, so you only need to focus on your specific rule inside the process() method.

Thank you so much for confirming! I’ll publish the new version this evening.

Unfortunately, I can’t predict these changes in browsers, but I’ll do my best to fix them as soon as possible if this happens.

Thanks again!

Hi @oceandigitals,

If you have a moment, could you please try this version? It’s the release candidate for the new version, and I hope it will resolve your issue
https://github.com/wp-blocks/cf7-antispam/releases/tag/v0.7.5

In any case, I haven’t used SureMail as an SMTP plugin, so if you could test the new version, I’d feel more confident about releasing it, thanks!

Sorry @alh0319 I didn’t reply sooner,

but I’ve fixed this error and I’ve finished a new version of the plugin. I’m currently testing it and will be releasing it shortly, including the fixes you suggested.

Thanks for your feedback!

Hi @alh0319 ,

Thanks for confirming that worked! And the fix was actually super easy. I just needed to include the standard WordPress function to automatically flush the rewrite rules (flush_rewrite_rules()) upon activation, which I had simply forgotten to add.

It will be handled automatically in the next update. Thanks for helping me catch this!

ref. https://github.com/erikyo/md4ai/pull/17

Hi @jackrus60,

Thank you so much for using the plugin and for taking the time to provide such a detailed report. Feedback like this is exactly what helps make the plugin better for everyone!

You might have seen this already, but another user experienced something similar recently, and we discussed a temporary workaround here: https://ww.wp.xz.cn/support/topic/one-word-spam-and-possible-honeypot-bug/

However, your detailed breakdown of their patterns (high-entropy random strings, Gmail addresses with excessive dot-noise, and single-word answers) clearly highlights the need for a more solid, built-in solution. I am currently working on a plugin update that will introduce two new enhancements directly inspired by your report:

1. Regex Support for Bad Email Strings: The email blocklist will soon support Regular Expressions, allowing you to easily block patterns like ugi.vu.mu.gi... (e.g., by targeting Gmail addresses with an abnormal number of dots).
2. High-Entropy / Gibberish Detection: I’m introducing a new filter that checks for unnatural text patterns, such as an excessive number of consecutive consonants or unusually long single strings without spaces, which perfectly matches the GqhYgcNDOSvSpobuTlwWTl pattern you shared.

In the meantime, give a try with the walkaround of the link i shared, but you should be able to rely entirely on the main plugin for this once the next update drops (currently I’m working to some improvements like extending B8 to wp comments submissions).

Thanks again for helping improve CF7 AntiSpam!

Best regards, Erik

Thanks for reporting this too!

Don’t worry, those logs just mean the plugin is doing its job: when it finds a CF7 form with an empty or invalid ‘From’ field, it automatically fixes it using the admin email as a fallback to ensure the email is actually sent. It’s likely due to some specific form configuration, but it’s not a critical error. I’ll keep an eye on this logic as well for the next update to see if I can make the validation even “quieter” or more descriptive.

I’ll get back to you here as soon as the update is ready. Thanks again for everything!

ps: In any case, remember that this would be against WordPress rules and you should open a new thread for this.

• This reply was modified 3 months, 3 weeks ago by Erik.