Re: Is there any way to block spam form sign ups?

Anonymous · ‎02-11-2015

We are getting some spammy sign ups on our forms. For instance, the first name may be "ab" and the last name "cd." Is there any way to prevent that kind of thing?

Jennifer

Kim_Allen · ‎02-11-2015

Hey Jennifer,

If you have someone on your team that knows some code and can write it for your form submit, you can keep certain people out of the database. However, for names that look made up I usually make smart campaigns to mark them as not prospects (ex: anyone without a vowel in their first name, etc). Unfortunately something spammy is always going to get through.

Kim

View solution in original post

Kim_Allen · ‎02-11-2015

Hey Jennifer,

If you have someone on your team that knows some code and can write it for your form submit, you can keep certain people out of the database. However, for names that look made up I usually make smart campaigns to mark them as not prospects (ex: anyone without a vowel in their first name, etc). Unfortunately something spammy is always going to get through.

Kim

Anonymous · ‎02-11-2015

Indeed - but I appreciate the tip. Thank you!

Anonymous · ‎02-11-2015

Hi Jennifer,

There is another technique you could try that doesn't involve coding, and has worked pretty well for me in the past. It's a simple 'honeypot' method where all you really need is a hidden field on your form, a smart list, and a trigger campaign or two depending on your internal workflows.

To set this up, simply create a hidden string field on your form (you can call the field 'spam catcher', 'honeypot' or anything descriptive like that..) and leave the default value as "null". The idea is that this field wouldn't be filled out by a human - but would be populated by spam bots - because while invisible to human users on your landing pages, bots will see all the form fields in the form code.

With this in mind, you would set up a smart list that looks for 'honeypot field' = not empty; this list will essentially collect all the form submissions likely coming in from spam bots. Based on this list, you could use a smart campaign to unassign the leads from sales reps, or (depending on the volume of spam coming in) just go through them manually and determine if any are worth investigating.

Good luck!

Anonymous · ‎07-02-2015

Thank you - that is a very helpful idea!

Paul_Su2 · ‎09-02-2015

I have this setup as described but it doesn't catch any bots at all since its been live - are there specific settings I need to make sure are setup on the form?

SanfordWhiteman · ‎09-02-2015

The concept is very easily foiled, since <INPUT type="hidden"> can be readily detected by a spambot and skipped over. You'd have better luck (but it's still just luck) having a standard <INPUT type="text">, but hiding it via CSS instead. Other approaches using JavaScript to dynamically assemble the form post can make it harder still for a bot to detect the legit parameters for posting. Still, you're relying on laziness and luck, since short of a robust captcha/recaptcha, a machine could learn how to post a legit-looking form.

Chris_Perez2 · ‎10-22-2015

Hi Sanford,

I just followed you as well. I'm interested in learning about how you implemented recaptcha.

Regards,

Chris

SanfordWhiteman · ‎10-22-2015

Here's the client-side part: MktoForms2 :: reCAPTCHA

On the server side, of course, you need to check the verification using a webhook. Configure it like this:

Chris_Perez2 · ‎10-22-2015

It looks like I'll have to get my developers to add the JS to the page(s) where the forms live, right? Or did you include all of the java/CSS within a rich text field?