When My Contact Form Got 300+ Spam Messages in 2 Seconds (And How I Fixed It)

My Portfolio Contact Form Got Hit by 400 Spam Emails in 3 Minutes A few days ago I learned an uncomfortable lesson about leaving public forms unprotected on the internet. My portfolio contact form got absolutely destroyed by bots. Not exaggerating — ~400 spam emails in about 3 minutes. My inbox looked like a denial-of-service attack, but for email. Every message was some variation of: "Johndoe..." "Hello..." You know the type. At first I thought: "Okay… maybe just a few bots." Then the notifications kept coming. So I did what every developer eventually does — I built a fix. Why Does This Happen? Any public form on the internet will eventually be targeted. Bots continuously crawl the web looking for: Contact forms Email endpoints Comment sections Signup pages If your form has no protection between the user and your email server, you're essentially leaving the front door wide open. The fix? Layer multiple lightweight protections. No single check is bulletproof, but together they make you