Re: How can I prevent spam leads from entering Marketo?

That's exactly what reCAPTCHA detects. It's a non-forgeable, JS-generated fingerprint. If you post to the endpoint you don't have a valid fingerprint. That's the whole idea.

Hi Guys, I am Sreekanth from Product team at Marketo.

Sanford Whiteman - Great insights there. Would love to know your thoughts around how Marketo can help here (can possibly also be using some AI/ML capabilities). 

Pratyusha Ram Julia Campbell  - Would love to know more details on your current plans/implementation to tackle this scenario. 

Happy to connect with everyone. If you would like to connect, please send a note at sreekanth.reddy@adobe.com

No additional AI/ML is necessary -- reCAPTCHA already is built on machine learning!

What you need is way for Marketo users to plug in their reCAPTCHA keypair (generated in their own Google reCAPTCHA Console) and have the system validate the user response (client fingerprint) before posting the form data to Marketo, using the underlying HTTP stack directly rather than a user-defined webhook.

This is considerably complex to do correctly, because you must give each user control over what return value -- esp. in reCAPTCHA v3, which returns a confidence level rather than a hard binary bot/not -- is enough to delete the form data entirely.  You need to offer a training mode, where you only tag inbound leads with their reCAPTCHA result, not delete them. And you need to also let the user audit reCAPTCHA results over time. Remember, it's not just one "reCAPTCHA" score because the same email address can be associated with multiple sessions and results.

If you pivoted and simply built a "pre-database webhook" functionality instead, without draconian rate limits, and allowed us to discard the data based on the response (so it never entered the db) that would be sufficient.

Hi Sreekanth Reddy,

I'll follow up by email to connect on any further details, but am seconding Sanford wholeheartedly. While Marketo does provide cleanup options and ways to prevent spam leads from moving forward in the system, the root challenge of bad data not entering our systems doesn't currently have a solve. 

In case helpful, as a Marketo administrator (not developer):

• I need to be able to use Marketo forms on my landing pages
• I need an automated, scalable way to reliably be able to identify Spam leads that fill out Marketo forms
• I need that any leads/form data identified as Spam from Marketo forms do not enter Marketo, and that any leads/form data identified as valid enters Marketo
• I would like to be able to tailor settings for what is gated from entering Marketo
• I would like to be able to view what leads/form data is prevented from entering Marketo (this may also help our Product teams refine their Risk identification settings)
• I would like to receive regular status updates by email on volume of spam over time to see if volume is gradually increasing, as well as the ability to break that volume down by source (e.g. what is the name of the attacked page/form)

Sanford's suggestions around giving a high degree of user control on the functionality would be the icing on the cake so we can refine what's prevented from entering Marketo. While we'd prefer not to lose any good leads obviously, if a small loss rate needs to happen to keep our systems safe I'm comfortable having that discussion. The ability to review Leads identified as spam so that we can push them manually if they look ok would be ideal.

Sreekanth Reddy‌ That would be great! Thanks for the offer. I'll reach out to you shortly!