Picture this: you’ve implemented a Pardot form handler on your website’s form and the submissions are coming through beautifully. Then, you check back a few days later and realize that it’s been attacked by spam.
If your first thought is to take action immediately, you’re on the right track. Pardot form handler spam prevention is incredibly crucial, but there’s a challenge – protecting your forms without making it too difficult for real users to get in touch with your business.
Whether it is manually or by bots, these junk form submissions can potentially:
- Hinder you from getting to the high-quality prospects that will bring in revenue for your business.
- Compromise the integrity of your email marketing program.
- Damage your email sender reputation (with a high outbound invalid email count).
Here are six steps you can take to avoid spam submissions on Pardot form handlers…
1. Enable reCAPTCHA on Your Form
It might sound silly when you get asked if you’re a robot when you’re filling up a form, but Google reCAPTCHA is a tool that is widely considered to be the industry standard for protecting websites from spam and abuse. It is one of the easiest ways to verify human users without compromising on the user experience.
The downside? It relies on JavaScript to work. Even though every web browser comes with JavaScript enabled by default, this reliance means that users or bots that don’t have JavaScript enabled could easily bypass reCAPTCHA.
2. Using the Honeypot Technique
As its name may suggest, a honeypot field is basically a decoy field. This field is hidden within the HTML code, making it visible only behind-the-scenes, meaning that the only way it would ever be populated would be if a bot was used to crawl and submit the form.
On Pardot, you will need to:
- Create a completion action on the form handler that adds all the prospects that have this honeypot field populated to a spam list.
- Delete those prospects manually.
Even Salesforce Help recommends adding it to external forms when creating Form Handlers!
3. Make Your Form Multi-Step
In the process of securing your form (and subsequently form handler) from being attacked by bots, it is also important to keep in mind the experience of the real, and potentially revenue-generating, customers on your website.
One such way is to use multi-step forms, which promise to make your form user-friendly while keeping spam bots at bay.
It works by splitting up your form questions into multiple steps. These are less attackable by bots, especially by manual spammers who would most likely skip your form rather than go through the multiple steps.
4. Handle Form Submissions Before Passing it Through to Pardot
As you may already know, Pardot form handlers act like a bucket that collects successful prospect form submissions, and sends this data to a designated location, such as Account Engagement (Pardot).
You can tap into this functionality to prevent fraudulent form submissions from making it into Pardot by submitting the data to your own server in combination with Pardot. This works by preventing bots from scraping the form handler’s endpoint URL from the page where the form is located.
There are a few ways you can handle this:
- Sending data to a Pardot form handler before your business server.
- Submitting to your server using form action attribute and Pardot through an iframe on form success location.
- Submitting data to your server first and then to a Pardot form handler or Pardot API.
While Salesforce Help has a comprehensive list of steps for submitting data on your own server in combination with Pardot, it does fall outside of the Pardot Support Team’s scope. This means you might have to skip this method if you do not have a developer resource on hand as it requires customization.
Also, this method is only valid if your existing form management system can process form submissions on your server as well as filter out spam submissions.
5. Identify Spam Prospects Through Submitted Data
If you’ve already received a barrage of spam submissions on your Pardot Form Handler, you can analyze the form submission data for a common pattern. They might all have a similar message, naming convention, country, or IP address.
Alternatively, you can also add a field to the end of your forms that is simple enough for anyone to answer. Even if it is a simple math or word-based question, such as “What is 1 + 1?” or “What is the last letter of London?”, it would be sufficient to prevent most spam bots (unless they are sophisticated enough and specifically programmed to answer that question).
Use this to your advantage on Pardot (Account Engagement) by:
- Creating an automation rule that checks for this criteria.
- Once the criteria is met, add matching prospects to a list and mark them as “Do Not Sync to CRM”.
- Delete the prospects manually from this list.
6. Start From Scratch
If you’ve tried the five methods above and your form handler is still compromised, your best bet would be to delete the form handler and create a new one in its place.
This will invalidate the old URL and allow you to start afresh on the backend, without affecting the user experience.
Summary
You might have second thoughts about implementing form handlers after reading this, especially considering that one of the advantages of using Pardot Forms include built-in spam prevention.
But, form handlers will likely continue to be the weapon of choice especially for users who either have existing forms on their website or require form functionality that is not supported by the native form feature.
That said, in your quest of using form handlers, having to deal with spam submissions on your online forms can make you feel powerless. Thankfully, as spam continues to evolve, so can we (thankfully!).
So, the next time you create or update your Pardot form handler, take the time to proactively implement one or more of these spam prevention techniques – it will save you time and effort in the long run!
