I did chop out all of the email before forwarding it to them to try to prevent that, but hey-ho.

(3rd time lucky? It _feels_ like its been a long two day week!)

I think the filters just eat every html tag that isn’t pre-approved, so it’ll eat things with angled brackets but not html entities. It’s not exactly rocket science but it does the job. You could argue that unknown tags should get escaped and white-listed html tags get left as-is, I suppose.

But as to your original point, I get lots of spam, and I so I see what dictionary words are being used. ‘Sales’ appears to be the only one, along with a load of random personal names. Never any other nouns. I never heard back from the pmo.gov.uk guys, which makes them cretins in my opinion – at least they could have told me to bog off.

The only way to conclusively prove that it’s the Petitions site that is doing it, is to assign them something that isn’t a real word as an email address. If you want to make it recognisable, by all means use petitions.12Asdfr@[redacted].co.uk but definitely put some random data that will survive a dictionary attack in there.

Side Note: Why haven’t I made it to the Hall of Shame yet?