A visitor is cookied, a new lead is created via the webservice api, the lead comes back and completes another form only this time with another email address.
I am assuming a new lead is created. However we'd like to setup a process where if the cookie id is the same, and the first email is flagged as a bad email address, that the existing lead is simply updated instead.
I can speak from experience that if a known lead comes back and completes a new form that a new lead record will be created and their cookie will be updated to point to that new lead, rather than the old one.
I'm curious, for the first time visitor visitor that is cookied, what action did they take to have the API create a new lead record for them if not filling out a form on your website / LP?
If by the cookie ID is the same, you mean the _mkto_trk cookie, they are indeed the same value for the first email address and after a form is submitted with a second email a, but they are associated with different lead records. We use progressive profiling forms, so if someone changes the email address on a second form submit, the form doesn't capture the intiial information (e.g. first name, last name, company name). We have a smart campaign that alerts us when a new lead is created without these elements and then we look for other leads with the same IP address, and will merge them if appropriate.