Anyone who has an email address has surely received spam, that is, unsolicited messages. Blocking these from the provider's side is not easy and often non-spam messages also fall victim to the fight against spam.
However, only those who have a website and a form on it know how many visitors are not genuine interested users, but bots, automated robots. These robots generally find the forms and send unsolicited messages through them because these are usually not filtered by the methods mentioned in the first paragraph.
Why is this bad? Besides the fact that these are unsolicited messages and removing them takes time and energy, meaning it can cost us money, if we build any other automation to process these incoming but real messages, even just forwarding emails can cost us money, for instance if we are in a package where we are charged for such services, not to mention AI processing paid on a token basis.
What can we do?
One method is to protect these forms in some way, typically with captcha methods. There are quite sophisticated ones, for example, ones that real human visitors don't even see because they operate in the background but still block robot submissions.
Why is this not the best solution?
In certain cases, this can be a good solution, but we must also consider that when bots visit our site, they first need to scout our site to find where such forms or email addresses are. To do this, they must download and "read" our pages. This generates traffic. Although we can exclude this from statistics, it still requires resources. Various providers handle this problem with varying effectiveness, but often these defenses are still breached. It may happen that such traffic increases the cost of running our website, or it simply becomes undesirable and we need to move it. Or, for instance, it slows down, and we lose real visitors because we are serving bots.
This is why we recommend and also use the CloudFlare solution on our own site, which prevents such traffic, killing two birds with one stone. We don't waste unnecessary energy and only get subscriptions and messages from real interested users. The service is free and quite configurable. Now we share a small trick that, while it seems like enabling the "Under Attack Mode" option is the solution for handling such situations, we actually need something else. If we chose this, we would also ban "good" bots from our site, like Google Search, which we don't want, as we still want to appear in search results through the Google index. So we leave the security level on medium and create a new WAF rule where we apply the challenge rule to all non-good bots. (Of course, it is not enough for CloudFlare to handle the DNS; we must route traffic through the CloudFlare proxy, which can further speed up thanks to the geographically distributed CDN).