The vulnerability you mentioned is when contact form doesn't have proper spam protection.
In contact forms created in WordPress (e.g. WPForms), they may have reCAPTCHA validation, which submitters must click "I'm not a robot" checkbox and must select squares which contain a particular object (in most cases related to road infrastructure AFAIK). Besides reCAPTCHA, honeypot technique can also be used to minimize spam.
BTW, will
debian.org implement contact form? If won't, why?