If your business website lists a plain email address - something like info@yourbusiness.ca - you already know the result: a steady stream of spam, occasional missed messages, and the low-level anxiety that comes with handing that address to every bot crawling the web.
A contact form solves this cleanly. It hides your address entirely, filters out automated garbage, and gives you a structured record of every inquiry. Here is what to know before you set one up.
Why Plain Email Addresses Cause Problems
Web crawlers - automated bots that scan websites looking for harvestable data - find email addresses within seconds of a page going live. That address then gets sold to bulk senders, scraped into phishing lists, and subjected to dictionary-attack spam. Canadian anti-spam legislation (CASL) does not protect you from international senders who have no intention of complying.
There is also the provider problem. When you switch email hosts or rebrand, any email address published on your site becomes a broken link. A contact form routes submissions to wherever you tell it, and you can update the destination without touching a single page.
What Makes a Good Contact Form
The most common mistake is asking for too much. A form with eight required fields will be abandoned. For most businesses, three fields are enough: name, email address, and message. If you need to route inquiries to different departments, add a dropdown for that purpose. Nothing else is required.
Other elements worth including:
- A clear call to action. The submit button should say something specific - "Send Message" or "Get in Touch" - not the generic word "Submit."
- A confirmation message. After someone submits, they need to know it worked. Display an on-screen confirmation and send an automated acknowledgement email so the person knows a human will follow up.
- Realistic expectations. A line like "We typically respond within one business day" reduces follow-up emails from people who submitted and heard nothing.
Spam Prevention That Does Not Frustrate People
Traditional CAPTCHA tools have become a significant source of friction. Distorted text challenges alienate visitors with visual impairments, and even sighted users regularly fail them. Two better options exist.
hCaptcha presents an invisible challenge in the background, only surfacing a puzzle for users who appear suspicious. It is privacy-focused, which is a consideration under Canadian privacy law, and integrates with most WordPress form plugins.
Akismet works differently - it analyses submission content against a global spam database and silently discards likely junk without making the user do anything. It is built into WordPress and excellent for form spam filtering when combined with a form plugin like WPForms or Contact Form 7.
A honeypot field - a hidden input that real users never see or fill in but that bots always do - is a useful addition that requires no effort from the visitor at all.
Where to Put Your Contact Form
A dedicated Contact page is the minimum. But visitors often look for contact options while on a product page, reading a blog post, or browsing your homepage. A link to your contact page in both the header navigation and the footer covers most of these scenarios.
For service-based businesses, embedding a short version of your form on the homepage - particularly near a call-to-action section - reduces the steps between intent and inquiry.
Making Sure Submissions Actually Reach You
A beautifully designed form that sends email into a void is worse than no form at all. The most common cause of missed form submissions is email deliverability: the message your server generates looks like spam to the receiving mail service.
The fix is to send your form notifications through a dedicated mail-sending service (SMTP) rather than your server's built-in mail function. Plugins like WP Mail SMTP let you route through Gmail, Outlook, or a transactional service like Mailgun. You will also want proper SPF and DKIM records set up for your domain - these authenticate your outgoing mail and are a significant factor in whether messages reach the inbox.
We cover SPF and DKIM configuration in detail in our email authentication guide - it is worth reading alongside this one.
Recommended WordPress Plugins
- WPForms Lite - beginner-friendly drag-and-drop builder, free tier covers most small business needs
- Contact Form 7 - the long-standing standard, lightweight and highly flexible with add-ons
- Gravity Forms - more powerful for complex conditional logic, calculations, and payment integration
All three support hCaptcha and SMTP plugin integration. Start with WPForms Lite if you want something that works quickly. Reach for Gravity Forms if your inquiry process has routing logic or multiple steps.
A contact form is not a nice-to-have. It is the right way to receive inquiries professionally, protect your inbox, and ensure no potential customer falls through the cracks.
