Thanks for this, I'm going to try implementing it within a Data Management clean up campaign. Does the form Pre-fill need to be set to "Enabled" in order to catch the bots in the honeypot here?
Hi Bianca, I would actually disable prefill for any/all hidden honeypot fields you incorporate in your form. This will prevent any 'false positives' from coming in when an actual person submits your form.
That's what I thought as well, that if enabled it might prompt a fill and pass the filter. So I have it disabled on that field only. I created it as a string field called a Lead Bot Spam Net that is added as hidden to all forms now, with some workflows that will delete such leads on creation if referral sources match those identified as spam referral traffic in Google analytics, or if submitted in conjunction with a previously identified invalid email address, or personal email rather than a work email. All others that make it through I'll look at manually once a month.
Hi Liz,
Marketo has a built in protection mechanisms that help tremendously with reducing the number of spam form fills, but with that said, its a bit of a cat and mouse game as our security team keeps upgrading the protections on our side and spammers keep improving their attacks, so it becomes impossible to stop all spam submissions.
There are a variety of techniques customers have implemented to deal with this issue beyond the protections provided on Marketo forms.
I would encourage one of two things if you continue to see this level of spam:
1 )Add JavaScript validation to the header of your landing pages. This checks to see if JavaScript is enabled on the browser - and, if not, redirects the lead to a page that advises them to do so. Spam bots do not have Javascript enabled, so this can cut down on spam submissions. This will minimize but not eliminate these submissions. You can also use javascript to do custom validation on any of the fields in your form, but keep in mind that you would need a developer's help for these solutions solution.
2) Additionally, you can also create a campaign based on patterns you notice for spam submissions and delete leads which you believe fit these patterns. For example, leads created via a form with "Email Address is empty", are most likely spam and could be deleted. That will help to keep your database clear.
3) Finally, you may also want to consider adding reCaptcha from Google, although this will often lower the number of legitimate submissions as well, so I would use this as a last resort only. You can read more about it here: http://www.google.com/recaptcha
Please let me know if there is anything else I can help you out with.
John