reCAPTCHA Medium Article Clarification

Highlighted

Re: reCAPTCHA Medium Article Clarification

Highlighted
Level 1

Re: reCAPTCHA Medium Article Clarification

Hey Greg, I am looking at your Evernote document and I have a few questions, 

pastedImage_2.png

In this section, would if work for a wordpress website that the marketo form is embeded on? Also do I replace my google recaptchasitekey with the id= ?

Highlighted
Anonymous
Not applicable

Re: reCAPTCHA Medium Article Clarification

Sanford Whiteman​ just one more question.

Sanford Whiteman wrote:

You need to timestamp the last success and failure, and it's also important that you use a quarantine list rather than immediately deleting leads that fail reCAPTCHA -- you don't want to delete an existing lead whose email was used maliciously!

Are you saying is that if a bot tries to submit a request using a real lead's email, that email is forever blocked from filling out a form on our website and the lead is automatically deleted from Marketo? (unless we quarantine it?)

Also, I thought the point of the reCAPTCHA was to prevent any malicious bot from submitting a form request and thus becoming a lead in the first place.

Highlighted
Level 10 - Community Moderator

Re: reCAPTCHA Medium Article Clarification

Are you saying is that if a bot tries to submit a request using a real lead's email, that email is forever blocked from filling out a form on our website and the lead is automatically deleted from Marketo? (unless we quarantine it?)

I'm saying that you need to make sure that you don't delete a lead summarily just because it failed reCAPTCHA, if it previously passed reCAPTCHA and/or was already in your database.

I thought the point of the reCAPTCHA was to prevent any malicious bot from submitting a form request and thus becoming a lead in the first place.

In other systems, that would be the way I'd describe it, yes.

In Marketo, the reCAPTCHA runs after the form post is processed. So you can delete any malicious post that does not correspond to an existing lead.  But with existing leads you have to be more delicate.

Highlighted
Anonymous
Not applicable

Re: reCAPTCHA Medium Article Clarification

Are you saying is that if a bot tries to submit a request using a real lead's email, that email is forever blocked from filling out a form on our website and the lead is automatically deleted from Marketo? (unless we quarantine it?)

I'm saying that you need to make sure that you don't delete a lead summarily just because it failed reCAPTCHA, if it previously passed reCAPTCHA and/or was already in your database.

Gotcha. Okay so I'll create a smart list that looks something like this: 1) lead created over 1 day ago, And 2) Invalid email = false.

I thought the point of the reCAPTCHA was to prevent any malicious bot from submitting a form request and thus becoming a lead in the first place.

In other systems, that would be the way I'd describe it, yes.

In Marketo, the reCAPTCHA runs after the form post is processed. So you can delete any malicious post that does not correspond to an existing lead. But with existing leads you have to be more delicate.

That is very disappointing as it in some ways defeats the purpose of using a reCAPTCHA. I'll probably need to update a bunch of existing smart campaigns as well as workflows in and LeanData that usually trigger once a new lead comes in because of this.

Highlighted
Level 10 - Community Moderator

Re: reCAPTCHA Medium Article Clarification

That is very disappointing as it in some ways defeats the purpose of using a reCAPTCHA.

Not really, as 99.999% of malicious attackers are not going to impersonate existing leads. If you find a different pattern in your instance there are other ways to combat it.

Highlighted
Level 10 - Community Moderator

Re: reCAPTCHA Medium Article Clarification

Gotcha. Okay so I'll create a smart list that looks something like this: 1) lead created over 1 day ago, And 2) Invalid email = false.

That doesn't seem to conform to the requirements. The idea is that a lead that fails reCAPTCHA and didn't exist before can be deleted. A lead that either (a) existed before and passed reCAPTCHA before or (b) entered the system via a non-reCAPTCHA-protected mechanism should not be deleted.

Highlighted
Anonymous
Not applicable

Re: reCAPTCHA Medium Article Clarification

Sorry I think I missed your point. Makes sense now.

Highlighted
Anonymous
Not applicable

Re: reCAPTCHA Medium Article Clarification

Sanford Whiteman​ just to be clear once a bot submits a form the reCAPTCHA can prevent the person from becoming a lead in Marketo? Or will I need to create a smart rule to have the person deleted... (assuming they are not already a lead in the system)...

Highlighted
Level 10 - Community Moderator

Re: reCAPTCHA Medium Article Clarification

... once a bot submits a form the reCAPTCHA can prevent the person from becoming a lead in Marketo? Or will I need to create a smart rule to have the person deleted... (assuming they are not already a lead in the system)...

You will always need an SC.

This is where reCAPTCHA in Marketo differs from integration with a bespoke system.  In the latter case you'd call the webhook before data is added to the main database (you would save it in a temporary database or in memory).  In Marketo the data is in the database, then the Filled Out Form and/or Person Created ​triggers fire.