We have a sass service where many of our clients have a public facing 'website' where they have a contact form for their visitors. We have google captcha v2 on that form, which is easily bypassed. So spammers are submitting the form bypassing the captcha with typical form spam. We send all of the contact messages to our users via Mailgun as a 'new contact message.' Our users get these spam messages not really realizing they are from their own sites (as they just see the spam in the email) and flag/mark them all as such.