Hi all, I have been working on moving Gmail SMTP for a set of client Wordpress sites under their company account. With the mail settings all went well.

Since they are also using Contact Form 7 with reCAPTCHA v3, they started getting impersonation alerts as the reCAPTCHA was configured from a non-business Gmail address. So, logically, on 7th Oct I moved the captcha configuration under their company account as well, but since yesterday we're getting alert about the configuration not working because it's missing "an assessment".  

Additionally, each site key will often be green and then without any changes anywhere move to red or randomly move from red to yellow. 

Can you explain how to understand this? Why are the keys randomly changing status? Why do 2 different domains with analogous configuration get different security rating? (red vs orange, see below, they are team member websites so exactly the same except the copy)

Also, is there a WP plugin that is set up to requests these assessments? Are Zoho forms requesting them? Or are we expected to have a fully custom solution?