prevent someone submitting to my contact page from another website

[jasonc310771]

I have a feeling someone is sending their spam to me using other means and not via the websites contact page form.

What other checks should I use to ensure it came from my website and not somewhere else ?

[ginerjm]

Maybe have a hidden element in your site's form that your code has to see.

[requinix]

Use XSRF tokens to prevent people from submitting forms unless they are the user themselves, and use a reputable CAPTCHA service to (try to) prevent bots from using your form.

[LeonLatex]

If you suspect that someone is sending spam to you through means other than your website's contact form, there are several things you can do to investigate:

Check the email headers: Email headers contain information about the sender, including the IP address and the originating server. You can use an email header analyzer tool to decode the headers and check if the email was sent from your website's server or from a different one.

Verify the sender's email address: Check the sender's email address to see if it matches the email address used on your website's contact form. If the email address is different, it is likely that the email was sent from a different source.

Use CAPTCHA: Implement a CAPTCHA on your website's contact form to prevent automated spam bots from submitting the form.

Implement email authentication protocols: Implement email authentication protocols such as SPF, DKIM, and DMARC to verify that emails sent from your domain are legitimate.

Monitor your website's traffic: Use website analytics tools to monitor your website's traffic and look for unusual spikes in traffic or suspicious activity.

By taking these steps, you can help ensure that the emails you receive through your website's contact form are legitimate and have been sent from your website's server.