Recently we've been getting a lot of spam and people/bots filling out the form not using an email address. Our current form allows them to do this (see screenshot). Is there a way to at least require email format? Seems like by default it shouldn't allow someone to put in something that isn't an email address, but I guess that is not the case.
It sounds like your email field is set to a Text Field rather than a Email Field. Are you using Forms 1.0 or 2.0?
It looks like forms 2.0 and it does look like it’s an email field (see screenshot).
Director of Marketing
Liquid Litigation Management
Logical Solution. Legendary Service.
What is the link to your forms? For the lead in your first screenshot, in the lead activity section, does the lead source indicate a form or list upload?
Jennifer, the default client-side email validation is very primitive and will allow through emails that are indeed valid, but not publicly emailable (for example, myname@localhost is a valid email address, but from the public Internet perspective appears invalid).
To get deeper validation without ponying up for actual real-time mail testing, you can look up to see if the person is using a currently extant registered domain + TLD, as in the example here: CodePen - nation.marketo.com/thread/28956
In my database the issue you highlighted usually comes from internal list uploads rather than robots. Marketo has no validation checks on static list uploads so errors like the above can easily happen due to human error when adding large csv's and bad data could be in the middle somewhere. Also email is the primary key so when Marketo can't match the email, they will upload anyway as in the background everything has an ID. Sanfords suggestion excellent too of course.
Yeah, can you give an example of the junk leads that are getting created?
As Sanford said, our forms validation is the same as the one specified in the HTML 5 specification. So, if they are entering something valid we will allow it.
Got it. I have used some JS in the past to validate on not allowing things like emails by Gmail, but I’ve never had to do it on just letting a valid email in general. You can see in this screenshot the person's email came in as Jon Andersen, which isn't even close to an email.
Well, I think here you have 3 explanations:
This sure doesn't look like a form validation issue.