A plea from your friendly neighborhood op: please don’t put a contact form on your website…not even with a CAPTCHA. Just put your addresses on it, including your email address.
“But I’ll get spammed!”—You’ll get spammed anyway, if you have your own domain, and addresses like contact@ and sales@ work. Worse, you might enable spamming others.
“I’ll put a CAPTCHA on it!”—Don’t offload administrative hassle onto your users!
Oh yeah, and SPF! Another good one. Is your webserver’s mailserver in your SPF record? Does it sign with DKIM? Have you checked your DMARC reports lately?
"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko