How can I stop a spam attack coming from my contact form?

Question

There were more than 1000 spam tickets submitted from different addresses through the web form. How do I make it stop?

Answer

Firstly, verify the tickets are actually coming from your contact form. To do that, you can check the events of the ticket.

To view ticket events

Open a ticket and view the events. For steps on viewing events of a ticket, see the article: Viewing all events of a ticket.
If a ticket is submitted through a channel other than the web form, such as X Corp or email, details about the channel appear. Therefore, you are looking for something like this:

User information in the ticket events

CAPTCHA is enabled by default to mitigate spam attacks on your web form. You can require your end-users to register and verify their email to access the web form. For more information, see the article: Requiring your users register to use Zendesk.

If your Zendesk account has been spammed and you suddenly need to bulk delete these spam tickets, instead of manually deleting them, there are different ways to do it and they are all outlined in this article: How can I bulk delete spam tickets in Zendesk?

Note: If the spam is coming from your Chat widget, see the article: How can I stop a spam attack coming from the Chat widget? If the spam is coming in via web service, see the article: How can I combat spam submitted via web service?