Most mail forms work by using a call to a mail function, which requires you to install (and configure) services & processes on the server.
These are difficult to configure, thus they're often are not configured correctly. Incorrect configuration leaves servers vulnerable to abuse.
Lack of maintenance
When someone builds your website, they likely put it on a cheap shared hosting plan and then walk away. Without diligent maintenance, the site will miss important security and version updates, leaving your system open to attack.
Vulnerable systems are sought out, hijacked, and turned into spam factories. When a server is used to deliver spam, it may end up on a blacklist.
Sending email from your domain
If you pay for a managed email service, there are ways to connect & send outgoing email through that service. There are several flaws in the way web servers authenticate and deliver mail on behalf of your domain, though, and email can silently fail to deliver or fail to be received if it is not set up properly.
If you can receive email at your domain, we can securely and reliably deliver on your behalf without any additional configuration.
Ask a system administrator about postfix
Postfix is one of the core services that allows the sending of email. Any sysadmin who has had to debug a broken postfix service won't want to touch it again, and they definitely don't want to talk about it.
Proceed with caution
Whether you go with Hook Forms or not, I hope you learn something from us that helps keep your website safe and secure. We really just want a nicer, less spammy Internet.