In the last month or so, I've seen about 3 "leads" come into the system through a basic MKTO form on our website ("Contact form")... when this happens, an alert is triggered so we're notified immediately and can reach out to them. All of the fields on this form are required. However, what's interesting, is that somehow, the form is being submitted without ANY information being entered.... so when we get an alert, the information in the alert just highlights the "default" data for that field (which is "Not Provided"). I go and look at these leads and indeed, somehow they've entered the system through a form fill-out with required fields... but without giving us any information.
The solution is simple: add the noscript tag, redirectling to an invalid URL, discouraging users (mostly spammers) trying again.
I would suggest adding noscript to Landing Page Options - Edit Page Meta Tags - Custom Head HTML You can use a real URL, say, the homepage, or to really disperse spammers, send to an invalid location to force a HTTP 404, very annoying to robots:
Do you have progressive profiling enabled on this form? I have run into issues where a lead may have been using a public computer and entered in their data. And then a new person comes to the same form, and it is showing the additional progressive profiling fields and whatever required fields you have. This will allow the new lead to submit the form and not ever see the original form fields. I hope that makes sense.
Based on the below alert sent out earlier today, I'm guessing I'm not the only person that this is happening to... unless this is an isolated event that's occuring for a different reason that the spam issues Marketo is seeing?:
"We are experiencing a high volume of spam-submissions through forms. Our engineering team is aware of this issue and is currently working to resolve. Following the resolution of this issue we will publish instructions on how best to scrub these false leads from your database. We are experiencing a high volume of spam-submissions through forms. Our engineering team is aware of this issue and is currently working to resolve. Following the resolution of this issue we will publish instructions on how best to scrub these false leads from your database...."
Jen, you are right regarding today's occurrence. Last week's might be an early symptom. Hopefully the freshly solved P1 posted as alert will solve the problem you are facing otherwise I will be glad to investigate the problem if the instance was deliberately targeted by spmabots.