Spam Remediation — Akismet, ClickCease, SMTP Upgrade

Overview

Date: 2026-04-05
Attendees: Mark Hope, Sebastian Gant
Client: ^[1]

Mark and Sebastian worked through a spam complaint escalated by the client's web agency, Liontree. The session identified two distinct spam sources — form spam and call spam — and addressed both in real time. A third critical issue, email deliverability via PHP mail, was flagged and escalated for client action.

Background

Liontree emailed the client (Robin) reporting a large volume of suspicious form submissions and suggested adding a CAPTCHA. Liontree incorrectly attributed the spam to a Google PMAX campaign; no PMAX campaign is running. The actual sources were:

• Form spam: The existing v3 reCAPTCHA was ineffective against modern bots.
• Call spam: A newly launched Microsoft Ads campaign generated ~150 calls for ~$300 ($2/call), the majority of which were spam. ClickCease had not been configured for Microsoft Ads.

Key Decisions

• Akismet installed immediately on the WordPress site using Asymmetric's paid license, and connected to Gravity Forms via the Akismet add-on. Expected to block ~90% of form spam going forward.
• ClickCease to be configured for Microsoft Ads. Google Ads and Facebook Ads protection was already active (saving ~$115/month in fraudulent clicks); Microsoft Ads was missing.
• SMTP upgrade strongly recommended. The site is using WordPress's default PHP mail, which is treated as spam by most email providers. The client is likely missing legitimate form lead notifications. Recommended path: WP Mail SMTP Pro + SMTP.com.
• Client must review Gravity Forms entries weekly to catch missed leads and train the Akismet filter by marking spam manually.

Issues & Resolutions

Form Spam — Akismet

"A kismet is just going to be brilliant. It'll be blocking 90%." — Mark Hope

Call Spam — ClickCease / Microsoft Ads

"We were shocked at the amount of calls that came in. It was $2 a call. They spent $300-something and got 150 calls." — Sebastian Gant

Email Deliverability — SMTP Upgrade

"If somebody fills out a form... this email is coming out of the WordPress PHP email service, which means probably 10% of the people who fill out a form actually get this email." — Mark Hope

Action Items

• [ ] Mark Hope — Configure ClickCease protection for Microsoft Ads; enable for active campaigns
• [ ] Mark Hope — Add Sebastian to ClickCease notification emails
• [ ] Sebastian Gant — Email client re: Akismet + Gravity Forms installation
• [ ] Sebastian Gant — Recommend SMTP.com upgrade via WP Mail SMTP Pro for email deliverability
• [ ] Sebastian Gant — Ask client to review Gravity Forms entries weekly: mark spam to train filter, confirm all legitimate leads are being seen

Additional Context

Site Management Gap

The client's WordPress site is managed by Liontree, not Asymmetric. All plugins were found to be out of date. Asymmetric does not manage the client's DNS, which limits the ability to implement upstream security controls (e.g., Cloudflare-level blocking). The ClickCease bot-zapping WordPress plugin was not installed; Mark noted some caution about installing it given past instances of it suppressing legitimate traffic.

Gravity Forms Entry Review

During the meeting, Mark and Sebastian reviewed existing form entries and found a mix of clear spam ("I need info", repeated generic messages) and legitimate inquiries. The client does not appear to be regularly reviewing entries, meaning real leads may have been missed. With PHP mail unreliable, the entries view in Gravity Forms is currently the most reliable way to catch all submissions.

CallRail as Call Screening Option

If call spam from Microsoft Ads continues, a CallRail number with a simple IVR can be placed in front of the client's real phone number. This adds minor friction but effectively blocks bot calls. Mark noted this is the easiest implementation path.

Related

• ^[2]
• ^[3]
• ^[4]
• ^[5]
• ^[6]
• ^[7]