One of my clients seems to be plagued by a lot of bot form fills over the past several months. We are looking for recommended solutions. Any Captcha type solutions (or other solutions) that work well with Marketo forms?
Solved! Go to Solution.
Hey @SanfordWhiteman - What if it turns out the invalid form fills are coming from malicious humans? Note that we have global form validation rules in place - one to block consumer email domains and the other to block competitive domains. We could obviously add "malicious" fake domains to to one of the validation rules but I don't think we're seeing much in the way of repeats. I can't think of how this could be solved but perhaps that's due to the limits of my imagination! 🙂
If the email addresses are legit (can receive emails) and don't have other identifying marks (like being from known disposable email domains) then you're kinda out of options. Malicious people submitting at a slow rate from a variety of IP addresses might as well be good leads.
Hey @SanfordWhiteman, we have captcha set up and are filtering/using smart campaigns to manage which leads make it to CRM/Alerts based on captcha score, but what about completely blocking from submitting the form? Reason: We do not want Google reading it as a successful form submission. Is there a way to block a form from fully submitting based on the captcha score? What about IP? I can't find much as far as a filter or form rules for this.
It’s impossible, by definition, to stop a form from submitting if it doesn’t pass reCAPTCHA.
reCAPTCHA is processed and scored on the server side. If it were processed on the client side then anyone could fake a passing score.
If you want to ensure that only form submits above a certain reCAPTCHA score are logged to GA, you need to log the GA hit via a webhook (i.e. measurement protocol). This is better practice than doing it on the client side anyway since people sometimes hook the onSubmit by accident or don’t properly take account of existing onSuccess events.
Thanks Sanford, what's crazy is I am looking at the raw scores and seeing 0.8, 0.9 in form activity, which is why our trigger constraint, which is already set higher to .8+ for alerts is not holding these back.
At first, that was my thought, but after inspecting the scores, I am leaning towards bad actors filling out forms maliciously.