Our domain email address started receiving blank spam emails from our contact form (this is known from the header). They are from seemingly random email addresses and have no content. They are received roughly every 5 minutes with occasional 45 minute breaks. The form works correctly and I’ve tried both Askimet and Honeypot plugins (both together and separately) to no avail. The contact form (Contact-Form-7) has required fields. I believe Honeypot is failing due to the blank content and the hidden field not being populated. Here is an example of what the email contains:
From: WordPress [mailto:firstname.lastname@example.org]
Sent: Thursday, April 13, 2017 3:47 PM
Subject: contact form from domain.com
Name: 58f0002d1ad5f 58f0002d1ada9
The random name & email services are from various providers (email@example.com, firstname.lastname@example.org, email@example.com, etc). The Name field contains a seemingly random string (58efeaa9252e7 58efeaa92532d, 58efeaaf3099c 58efeaaf309da,58f0002d1ad5f 58f0002d1ada9, etc)
How does this particular type of spam start?
Is there another plugin or workaround that could filter the spam besides captcha?
Read more here: Cause & prevention of wordpress contact-form spam?