AnsweredAssumed Answered

How can I prevent spam leads from entering Marketo?

Question asked by Julia Campbell on Jul 26, 2019
Latest reply on Aug 1, 2019 by Sanford Whiteman

Hi folks,


We're starting to experience some spam on our blog forms and are looking for a solve. I've seen articles about ReCaptcha and honeypots, but am not sure that either alone will solve our root issue. I'm hoping there's a combined approach that could solve our issue. We are proactively trying to address our global forms before any potential escalations in spam attack volume.


My understanding (please correct me if I'm wrong) is that the ReCaptcha implemenation found here does not prevent leads from entering Marketo. Instead, the data from the ReCaptcha is webhooked into Marketo and appended to the Lead record. You can then use the data to delete spam leads through a flow.


My understanding is also that honeypot fields are easy for a dedicated spammer to identify (even if they don't have an obvious name) and bypass. That said, this article implies that a honeypot can be used to prevent form submits from even happening - a desired result.




Prevent Spam lead data from entering Marketo. This could look like spam leads not being able to submit Marketo forms OR preventing the data from form submits from reaching Marketo.


This is to make sure that:


  • Marketo's API is not impacted by sudden high inbound volume
  • Campaigns, etc do not trigger and impact the API - with the current system setup, they would have to be updated 1 x 1 to filter out leads flagged as spam by ReCaptcha data
  • Prevent system delays in triggers, etc. due to backlog
  • Prevent the need for ongoing system cleansing for spam leads, especially if there is high volume


Is this a viable solution?


  • Implement a hidden simple boolean true/false ReCaptcha field on the Marketo form
  • Include JavaScript similar to the honeypot article linked above, but for the ReCaptcha
  • If an automated spam script fills out the form, including the hidden ReCaptcha field, this will trigger the JavaScript to prevent the form from being able to submit OR filter out the data from ever reaching Marketo
  • Standard non-Spam leads will not need to fill out the ReCaptcha (e.g. if ReCaptcha is TRUE, the lead is Spam) and will pass through to Marketo


If this is not possible, is there some way to use a proxy in tandem with Marketo forms to prevent syncing bad data to the system? Other solutions?


Thanks so much for any help and ideas!





P.S.Sanford Whiteman tagging you since I know you've been an invaluable resource on past ReCaptcha questions.