I’ve been getting a lot of fake leads through my Netlify Forms—bot/spam submissions with auto-generated messages, invalid phone numbers, and emails that bounce. This happens both from organic traffic and from Google Ads campaigns.
I’ve already added ReCaptcha v2 and the free version of HCaptcha, but the issue continues. HCaptcha also behaves inconsistently: sometimes it forces a challenge for real users, and other times it completes automatically without showing anything.
I wanted to see what options Netlify offers to better filter spam and protect the form. Could someone check whether everything is configured correctly on the backend, and let me know if there are any additional security steps I can take? If possible, a quick check for vulnerabilities or suspicious files would also be helpful.
Thank you!