We are currently under attack by some pretty aggressive bots that come to our Marketo forms via Google Ads. I have implemented reCaptcha V3 integration, have Smart Campaigns running to recognize and delete suspicious leads, and am also using ClickCease fraud prevention for our Google ads account.
The bad leads keep on coming and I am going nuts! Have any of you implemented a more robust 3rd party Captcha solution to try to thwart these bad ole bots? Could you please share details of the solution and how it is implemented? I am trying to find something that integrates with Marketo forms but nothing is jumping out at me.
Thanks so much!
Following this thread as I am currently implementing reCAPTCHA v3 and would like to hear about any other solutions.
We've also had some bots from Google Ads. Many of the responses all have "@mailinator.com" domain. Mailinator is an email/SMS workflow testing service so not sure if we got caught up in some workflow or if its spoofing their domain.
You don’t really need to worry about other solutions before vetting reCAPTCHA, which is still the standard.
mailinator.com, while a legitimate service, is considered a disposable email domain. It’s used by spammers because email addresses will appear to exist, but don’t correspond to humans.
2 months back we also got attacked by bots on google ads, 99% junk form fills were from @mailinator.com.
we solved it on two fronts, 1st with paid media team for optimizing ad targeting, and asked refund from Google for junks/false form fills which they did promptly. on the other hand we implemented reCAPTCHA on testing basis, found it helpful.
We've had the mailinator email addresses, and I added the to our global form validation list. These bots are persistant and creative!!!
I am aware that reCaptch is passive, but we STILL are not catching suspicious fills in the smart lists/campaigns I have working.
These bots pass the reCaptcha test for human! And they have no end to their creative email domains. Every iteration of "business" and "gmail" and "mailinator" you can think of. Like roaches - I add their domains to the global validation list, and they come back with something new!!!!
This is why we need a puzzle-based captcha program in place. Something with a 3d/4d puzzle. And yes, I have honeypots on our forms too - doesn't work at all!!!!!!!
SO again, what captcha solutions are you using on your websites? Not everyone is using Google reCaptcha, are they??????
Unless you’re talking about thousands of fillouts per minute, You don’t really have proof that they’re not human. To be frank, human labor is cheap. It’s pretty trivial to get a farm of low-paid (to put it mildly) workers to pass reCAPTCHA, and to do so hundreds of times in a single minute. Obviously you have to be a terrible person to do this. But it’s technically and economically feasible.
Most forms are protected with reCAPTCHA or hCAPTCHA as well as with overall rate limits per public IP. As you mention, honeypots are useless.
remember - reCaptcha doesn't stop the leads coming in. It just assigns them a confidence level of human vs bot. It's up to you do something with them (e.g. delete if confidence is below <x>, refer to human for review if confidence between <x> and <y>, retain if above <y>).