Still evaluating, but one key deficit is that wildcard support doesn’t seem to extend to domains, only to TLDs. Why that matters: We routinely get hammered by exploit probes using example.* domains, which blow past reCAPTCHA without slowing down. (Presumably they use example.* on the assumption it will be allowed to pass through filters.) It’s a massive inconvenience for the people receiving our forms. (Yes, I realize this would also block submissions from vuln scanning suites.)
- You must be logged in to reply to this review.