Hello,
One method is to increase the security level in the API settings on Googles end. ReCaptcha v2 has been out long enough that some bots have figured out how to solve the ReCaptcha. Since v3 is a learning algorithm it’s a bit more difficult to beat once it’s been honed in on your specific site which may be an option for you and one that Contact Form 7 supports out of the box.
Additionally, looking at your website you do have your email address non-encrypted which is easy for spambots to scan a website and pick up on. We would suggest some sort of plugin which disguises your email address, such as Email Address Encoder. This may not be the end-all-be-all solution but it will surely help.
Finally, it has been brought to our attention that Flamingo seems to be picking up many spam submissions instead of disregarding them which may be an issue with how our plugin handles the reCaptcha v2 response or how Contact Form 7 labels spam. As far as we can tell it isn’t sending those spam emails but logging them ( in Flamingo ). None the less it’s something we’re actively looking into.
To receive updates on the progress of our investigation we suggest following this thread: Still getting false positives. Have a wonderful rest of your week!
