Continual Spamming on Webflow Forms by 'Eric Jones'

Over the last few days, I have been inundated by Spam emails through Webflow forms, all coming from ‘Eric Jones’ on email ‘ericjonesmyemail@gmail.com’. The emails are lengthy and rambling and mention a website advanceleadgeneration[dot]com. Other than these emails being extremely annoying what is of concern is that this individual/spam hub appears to be systematically targeting all Webflow sites, despite no link between them. This would suggest the spammer has a list of Webflow websites or has a method of harvesting Webflow website(s) data and inputting it to Webflow forms through required fields and reCAPTCHA.

As a cursory search, I see Eric Jones is a known Spammer and is getting past Google guidelines by not physically spamming via the Gmail email address but instead spamming forms.

This needs to be flagged to @Webflow and also the community, who may be able to take steps to stop this Spam activity.

Cheers

Hey Glenn, check the forums here, this is a well known recent issue.
Webflow is working on that, and somewhere there is an email you can forward those spam messages to to assist them in research.

I have not seen any announcements on exactly what measures are being taken. It’s a difficult challenge since a false-positive in spam detection means lost $ on a good lead.

If you have clients who are really struggling, you might switch them over to Basin for forms handling, which I’ve done with several of my clients. It has the advantage that spam messages aren’t deleted, they’re stored in a separate spam folder you can check periodically. So far, it’s been 100% accurate in my reviews.

If you use Basin, the webhooks feature combined with Sygnal’s form handler attributes allows you to seamlessly use Webflow’s existing success & failure messages.

Yeah, this guy is relentless for one of my clients! The emails always start with 0: Send message

Spam really has been turned up a notch recently… I’m pretty sure Webflow could be doing more. There are some clear patterns with some of the spam, and they have the advantage of being able to analyse presumably millions of messages over a vast number of sites to identify such stuff.

Anyone else notice that the messages Webflow send include instructions to forward the mail if you think it’s spam? Except, the email address to forward to is actually missing in the email! For info, it’s form-spam-reports@support.webflow.com

me Too I am getting scam and spam email from the same source

Until Webflow gets a handle on spamming, this may be of assistance. Place the following jQuery Code in an embed on the page that includes your form: -

<script>
jQuery(document).ready(function($) {
var txtBox = $('#nameID, #emailID, #enquiryID');
var blackList =  ['Eric Jones', 'ericjonesmyemail@gmail.com', 'advanceleadgeneration.com'];
//var blackList =  ['Ban Word', 'Ban Word', 'Ban Word'];

function checkBlackList(str) {
  $.each(blackList, function(i, n) {
    if(new RegExp(n, "i").test(str)) {
      txtBox.val(txtBox.val().replace(new RegExp(n, "gi"), ""))
    }
  })
}

txtBox.on('keyup', function(e) {
  checkBlackList(this.value);
})

});
</script>

Set the ID of your #email field and the email you want to ban, and if you have another field like a combined #name entry and, indeed, the enquiry field (covering the main email body), then add that ID. As these fields are usually required, the form should not submit as the code will automatically delete/blank out the ban words.

Coincidentally I forwarded a Spam example email to Webflow, which was rejected as Spam. Self-defeating.

Cheers

exact same issue here with only of my clients. so annoying. Would love if Webflow could create a setting that prevented the same email address from submitting the same form more than once a (day/week/month)

thank you for this custom code @glennyboy !! Going to try it out.

It’s not clear to me why Webflow does not implement a service like Akismet which would address much of the form spam issues plaguing WF sites. If you want to leverage it, you could simply swap out the built in form processing for a service like usebasin.com which I strongly recommend and use for my clients on Webflow.

I’m now getting those emails too.

I wonder what tool the spammers are using to identify large numbers of webflow websites.

@Ed3 - Trivial since each published webflow site includes a data attribute on the HTML element and that or other methods are used to produce stats on usage by researchers. Resulting data can be purchased as well. One could also just pull data on domains with hosts pointing to Webflow’s servers for example.

For what it’s worth…I have several sites off webflow and I get spammed by ‘Eric’ on a regular basis. It has nothing to do with Webflow. I have reCAPTCHA on my sites too.

The good news is, at least on my sites, he is not very imaginative…always seems like the same spiel.

Looks like Webflow has added the email to report spam into the email it sends us when we receive a form submission.

I just recorded a tutorial about this topic, and showed one method to prevent this.

Maybe this is helpful to some of you.

Mike

I’d just like to add that Eric Jones email addresses also spamming WordPress websites too. One of my clients is getting spam from him at least once a day.

Stopped by to say that my Drupal site using Webform (not webflow) is also getting spammed by this company. We also have recaptcha. I’m going to try email verification as well. Unsubscribing, as mentioned in the emails does not work. These guys are a menace!

FYI, I found I couldn’t put this in an embed on the page, I had to add it to the Page Settings in the before </body> Custom Code section.

NOTE: You do not want to use that report-spam link. That will actually flag your own Webflow site as the spammer. That’s how I understand it. Please search for that form footer elsewhere in these forums and you will see what a travesty people are reporting it is.

Can Webflow support respond to this? This makes no sense and directly contradicts the instructions at the bottom of the Webflow form notification email.

Supposedly, that was put there because the provider Webflow uses to send form submissions (yes, Webflow does not handle this themselves) required that opt-out to be there even though it doesn’t make sense for it to be there. So in essence, if you (as the site owner) or anyone else clicks the link, you are in essence stating “see this originating email as spam” (yes, the one you received from Webflow with your company/client as the FROM address—so imagine that implication). If I’m wrong, it would be nice for Webflow to say so.

The email notifying me of a form submission comes from Webflow, not from my site:

In the form report email, there’s this. It goes to webflow, not the email provider:

image902×90 6.2 KB

Then there’s also an unsubscribe link.

Even if Webflow were using an outside email provider to send form notifications, it is the email hosting providers (not the email senders) who classify emails as spam. But even if this isn’t the case, the email is coming from webflow, not from my site, so I wouldn’t be impacted.