pjcwashere

Seems that the Spoofers have simply used the Contact 7 form to see how it delivers genuinely by default – to get the format of the email delivered. They then used the source code from my form page. With those two bits of info, use it to just spam with. Not sure how they got the email address yet. but working on it.
Thought you should know.

Oh, and this may also be the reason why Gmail is blocking Contact 7 formed emails as spam.

More Info:

It seems there is a means to spoof Contact 7 that bypasses Akismet, Contact Form 7 Honeypot and even Really Simple Captcha.

This is happening on 7 out of 12 sites that I use Contact 7. I suspect the spoofers simply haven’t yet found 5 of them yet.

On one site for example, I have 3 forms with these measures in place. I get several Spam Messages at a time, twice a day. They are automated and within seconds of each other.

Here is the interesting bit: I changed ALL my Contact form message Bodies to see which form was being exploited. e.g.
This mail is sent via contact form (XXX) on Make (Smart Phone) Apps 4 U

BUT, all Spam being sent is not using my Forms but a version that I had originally (standard last line). It is sending just the bare minimum fields and not all my fields, including required fields.

This means the emails are using Contact 7 Form but spoofing my forms somehow.

If I remove Contact 7 it stops. If I just recreate the forms so the ID is different, I still get the Spam emails.

Are you aware of how this is being exploited and if there is any way to resolve this yet?