Spam form submissions are form submissions that contain unwanted, irrelevant, or harmful information. These could be filled in by human users who try to attempt to flood forms with undesired results or the result of a bot crawling known websites and automatically submitting your forms.
Online forms are easy targets for bots and can fill your database with spam prospects. Imagine a marketing resource spending time just to filter out spam submissions from contact forms. It’s a sheer waste of time, efforts, and resource cost.
Spam form is one of the common challenges faced by Pardot Admins and is certainly detrimental to your automation system. A spam form once submitted and categorized as a prospect can become a part of your automation and assignment rules. It might enter into your CRM as well.
Here are some proven ways to thwart Spam form submission in Pardot:
All forms hosted by Pardot have built-in bot protection by using a negative CAPTCHA called a honeypot. Add a Honeypot Field to External Forms. It’s an invisible field that your prospects can’t see. However, Bots do see this field, and fill it out. Pardot rejects all the form submissions when the honeypot field has a value.
Unfortunately, as spam prevention improves, so does spam. The most sophisticated bots may be able to figure out a honeypot and bypass it.
On a Pardot form – there is a setting that would enable the reCAPTCHA box to the form for advanced bot protection. For third party forms that are submitting to Pardot form handlers, CAPTCHA or reCAPTCHA security can be added to the third party form. Most form services offer CAPTCHA or reCAPTCHA on their forms or methods to add the code for that. The best way to find this information is by doing a web search or contacting the third party form's support team.
Pardot forms and form handlers have 3 options for email addresses:
Option 1 - “Email,” which just requires valid email address syntax
Option 2 - “Email with valid mail server” requires valid email address syntax, a live domain name, and a receiving email server listed in DNS records
Option 3 - “Email not from ISPs and free email providers” which requires everything for “Email with valid mail server” plus the address cannot be from a known free ISP (e.g., Comcast, Charter) and cannot be from a free email provider (e.g., Hotmail, Gmail, Yahoo! Mail)
It makes sense to choose option 2 while configuring the email field as option 1 is too relaxed as it will accept anything that remotely resembles an email and option 3 is too restrictive.
Any form fields that you can make into picklists of predefined values is going to improve the quality of incoming data, so use dropdowns wherever possible. Even if the State and Country fields are Text fields, you can still make these field dropdowns on forms. To configure this, just select the type “Dropdown”, then go to the Values tab and select the type of data you’d like to display.
Besides all the protection, there will be still submissions that would bypass all protection and make their way through.
Implement these simple strategies to minimize the number of spam submissions and contribute to designing a secure and robust Pardot marketing automation set up.