How to prevent spam submissions to Pardot forms
Scroll to top
Talk To Us - +91 8080 619 589

How to Thwart & Manage Spam Submissions to Pardot Form

Sakshi Bansal
Sakshi Bansal Nov 02, 2020

How to Thwart & Manage Spam Submissions to Pardot Form

How to Thwart & Manage Spam Submissions to Pardot Form

Spam form submissions are form submissions that contain unwanted, irrelevant, or harmful information. These could be filled in by human users who try to attempt to flood forms with undesired results or the result of a bot crawling known websites and automatically submitting your forms. 

Online forms are easy targets for bots and can fill your database with spam prospects. Imagine a marketing resource spending time just to filter out spam submissions from contact forms. It’s a sheer waste of time, efforts, and resource cost. 

Spam form is one of the common challenges faced by Pardot Admins and is certainly detrimental to your automation system.  A spam form once submitted and categorized as a prospect can become a part of your automation and assignment rules. It might enter into your CRM as well.

Here are some proven ways to thwart Spam form submission in Pardot:

Pardot Form Protection from BOT -  Inbuilt Honeypot Technique

All forms hosted by Pardot have built-in bot protection by using a negative CAPTCHA called a honeypot. Add a Honeypot Field to External Forms. It’s an invisible field that your prospects can’t see. However, Bots do see this field, and fill it out. Pardot rejects all the form submissions when the honeypot field has a value.

Unfortunately, as spam prevention improves, so does spam. The most sophisticated bots may be able to figure out a honeypot and bypass it.

Below are some additional strategies that can be used to reduce spam form handler submissions.


On a Pardot form – there is a setting that would enable the reCAPTCHA box to the form for advanced bot protection. For third party forms that are submitting to Pardot form handlers, CAPTCHA or reCAPTCHA security can be added to the third party form. Most form services offer CAPTCHA or reCAPTCHA on their forms or methods to add the code for that. The best way to find this information is by doing a web search or contacting the third party form's support team.

Using a server-side submission

Spam submissions often come from bots that scrape the form handler's endpoint URL from the web page where the third party form is located. To combat that type of submission, the third party form can be set up to submit to an external server and then have the server submit to Pardot. This would prevent bots from finding the form handler's endpoint URL on the web page. This setup is out of scope for Pardot Support and will require working with a web developer or the third party form's support team. 

Using a server-side submission

Making a New Pardot form Handler

If the form handler is compromised and gets lots of spam submissions, the form handler can be deleted in Pardot. This will invalidate the form handler URL and a new form handler can be created in its place.

Adding Restrictions to the Email Field on Forms

Pardot forms and form handlers have 3 options for email addresses:

  • Option 1 - “Email,” which just requires valid email address syntax 

  • Option 2 - “Email with valid mail server” requires valid email address syntax, a live domain name, and a receiving email server listed in DNS records

  • Option 3 - “Email not from ISPs and free email providers” which requires everything for “Email with valid mail server” plus the address cannot be from a known free ISP (e.g., Comcast, Charter) and cannot be from a free email provider (e.g., Hotmail, Gmail, Yahoo! Mail)

It makes sense to choose option 2 while configuring the email field as option 1 is too relaxed as it will accept anything that remotely resembles an email and option 3 is too restrictive. 

Standardize State and Country Values

Any form fields that you can make into picklists of predefined values is going to improve the quality of incoming data, so use dropdowns wherever possible. Even if the State and Country fields are Text fields, you can still make these field dropdowns on forms. To configure this, just select the type “Dropdown”, then go to the Values tab and select the type of data you’d like to display.

Besides all the protection, there will be still submissions that would bypass all protection and make their way through. 

The Wrap

You may want to know How to Manage the SPAM Leads that have already entered the system and prevent them from entering into CRM. The broad approach here is to Identify Spam Commonalities and create a spam list. Now set the automation rule to match the incoming form entries with the spam list and define the desired actions like “Do no sync with the CRM” or “decay their score to 0”. 

Implement these simple strategies to minimize the number of spam submissions and contribute to designing a secure and robust Pardot marketing automation set up.