The current "email banlist" does not encompass the contact form, this seems like an oversight by the WHMCS dev team. The "email banlist" feature does compass the registration form, so I'm not sure why it's not being checked against all forms. The banlist should encompass every form where email is a possible submission, the same way banning an IP address encompasses every page of the WHMCS installation.
For example; If you add an email domain to the banlist in WHMCS, like gmail.com, and a user goes to the contact form, and uses "[email protected]
" as their email, the form will still be submitted, and the email will be sent.
Additionally, the "email banlist" should be more than just a domain banlist, we should be allowed to explicitly define email addresses, not just domain names.