5 Replies Latest reply on Oct 12, 2017 10:32 AM by Daniel Martin

    Step by step guide to recaptcha

    Sarah Bartell

      I've read through all the discussions and threads on implementing google's recaptcha in a marketo form (we are getting tons of spam and the honeypot thing isn't working).


      I have the site key needed from Google, I have the code written by Sanford Whiteman, and now I have no idea how to start to implement this - I'm pretty sure I can figure out the form part with the css and js but i'm mostly confused by the back-end portion with the webhook.


      Does anyone have a step by step guide? We need to get this done on our site asap.


      Thanks much!

        • Re: Step by step guide to recaptcha
          Akshay Pant

          HI Sarah Bartell,


          Please refer to this link :




          I think this stuff would really helpful for making spam free recaptcha.



          Akshay Pant

          1 of 1 people found this helpful
            • Re: Step by step guide to recaptcha
              Sanford Whiteman

              Except anybody who wants to spam such a form can trivially work around that code. I mean, the rules are right there in the view-source. It's not the same as a ReCAPTCHA... at all.

                • Re: Step by step guide to recaptcha
                  Sarah Bartell

                  As I mentioned above, we tried the honeypot field and it didn't work. We still got hit over 30k times by a spambot. We've opened a ticket with Marketo support to see if anyone can walk us through the ReCaptcha, but if anyone has done this in Marketo before and has a quick step by step guide, or could list out the process for us in the meantime, that would be super helpful!

                    • Re: Step by step guide to recaptcha
                      Sanford Whiteman

                      It's not something I've ever documented end-to-end (too many other blog posts and projects in motion) but the ingredients on the back end (you seem to understand the front end) are:


                      • Set up 3 fields, LastReCAPTCHAUserResponse (string), LastReCAPTCHAServerStatus (boolean), LastReCAPTCHAServerSuccess (datetime), LastReCAPTCHAServerFailure (datetime)
                      • LastReCAPTCHAUserResponse is what holds the unique ReCAPTCHA response ID on the form end, the others are used only on the back end
                      • A webhook calls the Google ReCAPTCHA endpoint and passes {{lead.LastReCAPTCHAUserResponse}}
                      • The webhook response mapping maps the Google response to LastReCAPTCHAServerStatus
                      • In a trigger SC, catch a change to LastReCAPTCHAServerStatus and set either LastReCAPTCHAServerSuccess or LastReCAPTCHAServerFailure to {{system.datetime}} based on whether the status is good/bad
                      • Take other flow actions to sort leads into suspect/deletable lists accordingly. You don't want to delete suspect leads immediately when first rolling out. First quarantine the leads, check 'em out, and then you can start deleting them nightly or immediately.


                      No one at Support is going to understand this at all, sorry to say. This is pretty much my baby when it comes to Marketo.

                • Re: Step by step guide to recaptcha
                  Daniel Martin

                  I don't know if this could help you, but in our company every Marketo form is followed up by an automatic, operational email (Thank you email) to validate the email address. In case the spambot is not using a valid email address, you can create a, lets say, daily scheduled smart-campaign, which it will take every contact created through that form, that never received the "thank you" email (Was Sent Email + Not Was Delivered Email) and make Marketo to add them automatically to a list, or directly delete them.


                  This is also useful when you want to share an asset (like a brochure pdf, a link to a report or intelligence, etc), so you make sure that no one will fill the form with "test@test.com" and receive the asset.


                  Again, I don't know if this solution will be suitable for your business model, but I hope it will help you