With our August 2022 release we are introducing a CAPTCHA integration on Marketo Engage forms using Google reCAPTCHA v3. This feature will be enabled for all customers on the evening of September 20th, 2022 (US time).
A previous version of this post mentioned feature enablement would occur on September 6th. In order to deploy some additional infrastructure enhancements to increase form performance, we are having to delay enablement until September 20th. Thank you for your patience.
So, what exactly is CAPTCHA and how can it help marketers? CAPTCHA is an acronym that stands for Completely Automated Public Turing Test to tell Computers and Humans Apart. It is a type of test used by websites and services to determine whether the interacting user is a human or a bot. There are multiple CAPTCHA types such as image, audio, mathematical, or word challenges and multiple CAPTCHA vendors.
If you have forms on the web, it is likely you have been targeted by bots at least once. This could include spikes in rapid form submissions from a single IP address, submissions made in languages or from regions your business does not market to, or values submitted that do not make sense contextually to what your form was asking for.
Marketo Engage has chosen to use a score-based CAPTCHA implementation using Google reCAPTCHA v3 to tackle this problem. This type of implementation does not challenge your leads with images, words, or mathematical equations in order to minimize friction interacting with your form. Instead, the likelihood of the submission being from a bot is calculated by the CAPTCHA vendor and this information is included in the submission’s metadata. This allows you to flag, quarantine, delete, or ignore submissions using Smart List and Smart Campaigns based on their scores.
Using CAPTCHA for lead segmenting
Filled Out Form activities will have new attributes:
CAPTCHA Provider
This field captures the CAPTCHA provider configured for the subscription. Marketo Engage currently only integrates with Google reCAPTCHA so the value will always be “reCAPTCHA”.
CAPTCHA Raw Score
This field captures the raw score returned by the CAPTCHA provider. It will always be a value between 0.0 and 1.0. For reCAPTCHA v3, scores closer to 1.0 are likely human and scores closer to 0.0 are likely bots.
CAPTCHA Normalized Score
This is a normalized version of the score returned by the CAPTCHA provider as interpreted by Marketo Engage. This also includes normalized error messages returned by the provider or that occurred during processing. The values can be:
- TRUSTED: Score of the submission >= 0.5. The submission is likely from a human.
- SUSPICIOUS: Score of the submission < 0.5. The submission is likely from a bot.
- MISSING: The CAPTCHA provider did not return a score for the submission.
- QUOTA: The monthly quota of evaluations set by the CAPTCHA provider has been reached. Contact the CAPTCHA provider to purchase more evaluations.
- FAILED: An error occurred during processing.
These attributes are visible in the Activity Details when digging into the Filled Out Form activity. They can also be used in the Filled Out Form filter and the Fills Out Form trigger.
Ideas how to use score-based CAPTCHA for marketing:
- Excluding low scoring submissions from campaigns that trigger on Form Fills such as scoring campaigns, campaigns that send emails (such as Contact Us or Sign Up), and campaigns that sync new records into the CRM
- Create Smart Lists that pull records with recent suspicious form submissions. Use these Smart Lists to exclude records from Smart Campaigns or simply for periodic review
- Build trigger campaigns to automatically Marketing Suspend or Blocklist records with low scoring form submissions (but do not forget to have a process to review and revert if needed!)
Questions & Answers
Is CAPTCHA applied to all Forms when enabled?
CAPTCHA must be enabled on a per form basis. This enables you to control the volume being submitted to your CAPTCHA provider as to not overwhelm purchased volumes. Once enabled on a form, the setting will be carried over whenever you cloned the enabled form.
Will other CAPTCHA providers or implementations be added in the future?
We will consider additional providers in our future roadmap based on user feedback, but none are planned at this time.
Why did Marketo Engage decided on a score-based solution such as reCAPTCHA v3? Why cannot I set up an image challenge?
Our teams performed market and user research when deciding on which type of CAPTCHA implementation to create for Marketo Engage. Our research told us that marketing administrators were hesitant to implement any solution that added additional friction to filling out the form such as image challenges or puzzles. Additionally, our partners at Google recommend the practice of “shadow banning” suspicious submissions by excluding them from audiences within the Marketo Engage subscription rather than blocking them on the front end. By scoring form submissions and building workflows to determine how the person should be processed you can ensure that you are not creating a high barrier for conversion or blocking false positives.
We are considering ways to enhance the CAPTCHA solution to give you more control over incoming submissions as they are being submitted to react to suspicious scores.
How many form submissions can the reCAPTCHA implementation handle per month?
This limit is set by Google. Free reCAPTCHA v3 keys can handle up to 1,000,000 submissions per month at no charge and our form traffic data shows this is sufficient for most customers. If your business requires more than 1,000,000 calls a month you can convert your key to reCAPTCHA Enterprise which offers additional volumes of submissions.
Why doesn’t CAPTCHA assign a score to a Person record? Why is it only stored on the Filled Out Form activity?
CAPTCHA measures the likelihood of a specific browser session interacting with your forms of being a bot. This score could change across different sessions or different devices. Since it is not a static value and is attributed to a single Form submission, it does not make sense to make the CAPTCHA score a static value stored as a lead field.
Do you intend on enhancing the CAPTCHA functionality? What is next on the roadmap?
This is only the beginning of our CAPTCHA implementation. We are evaluating additional enhancements on the roadmap such as:
- The ability to define the “action” parameter that is logged in reCAPTCHA with the submission.
- The ability to block or discard submissions that fail to meet certain score thresholds
- Expanded controls on enabling or disabling CAPTCHA on forms
- Additional language support
- Customization of the reCAPTCHA legal disclaimer
We will of course be listening to your feedback for future roadmap ideas too!
.png)