Using strapi for contact form on static site

I am buidling a product cataloge website with strapi as backend for a static site generator. Now it comes that we would need an request/contact form. My idea was to make a collection in strapi and let send strapi an e-mail everytime data is posted through the form. But the POST is done by the client without authentication. Because it is done client/browsersite a token will not help to secure the api endpoint. I just want to prevent the endpoint to be spammed.
I found this: Simplify securing a public post endpoint (with recaptcha), but would not like to use recaptcha.

The second, we are thinking of, is wishlist to remember products. I would save it in the browser storage, but would like to make it possible to store the list in strapi and share it identified by a unique hash. Same problem here: no authentication and no serverside call of strapi.

Should I not do this or how could I protect the api endpoint.

Hi, did you figure out how to build a contact form in the static website? I am also facing the same challenge.

Sorry for the late answer: I am using GitHub - danielireson/formplug: Form forwarding service for AWS Lambda at the moment. But on the last strapi conf was the customization workshop (Strapi internals, customizing the Strapi backend) where Richard showed how to limit the request per minute with a koa js npm-package. I hope the recording is available soon. This could be a way to use strapi as a formmailer.