SPAM from forms is an annoyance that every marketer has experienced, or will eventually. Besides the effort it takes to clean up the bogus data from your database, and the bad leads routed to Sales, the SPAM also inflates your form statistics, giving you an inaccurate picture of your conversions. I’ll share a solution in Eloqua that will help you cut off most of these malicious attempts, and it does not require implementing CAPTCHA.
Fair Warning: The prevention methods contained in this article will stop most SPAM attempts, but no effort is 100% guaranteed, as the bots are always changing and becoming more sophisticated.
The 2-Pronged Approach
You can find a ton of articles on the web discussing different methods to prevent SPAM form submissions. Unfortunately, they only pertain to SPAM submissions that occur on your physical form. SPAM bots that read your form field elements and execute from a remote server (known as external repost) will bypass whatever form validation you may have set up. Thankfully, with Eloqua you can set up server-side validation rules to address this type of bot.
- Front End. Set up a validation script that stores a value in a hidden field (“honeypot”) when any visitor physically clicks/presses on a text field, select menu, or button. Custom JavaScript is needed for this piece.
- Back End. Set up Eloqua server-side validation to check for a specific value from the honeypot field.
Note: You can only validate visible fields in Eloqua, so you have to make the field hidden with CSS or JavaScript.
Why it Works Well
This method works best because most spam bots ignore hidden fields; they are not sure what type of values to provide in them and assume there is no validation attached to them. It also works well because if the SPAM bot is bypassing your form with a repost, the honeypot value will most certainly be incorrect. Even if it provides a value, it’s most likely going to be incorrect.
Things to Consider Before You Implement
- Does my form use dynamic fields?
For example, if your form sometimes captures State, or sometimes does not, it cannot be marked as a required field in your Eloqua Form object, or the submission will not occur because Eloqua back end validation is now enforced.
- To which forms should I apply the prevention method?
Ultimately it’s a good idea to apply this method to all your forms, but many organizations have hundreds of forms, so starting with your “Top 5 Collection” forms is a smart approach, to see how they perform.
Summary
Setting up your forms to prevent SPAM does take some effort, and requires additional work to educate your Marketing team on correct configuration. But this upfront work can definitely save you a lot of work and headaches later on, when others in your organization are asking you to fix the problem and clean up the bad data.
Vince Farina, Senior Web Developer/Implementation Specialist with DemandGen, has several years of experience setting up successful Webinar campaigns. He has worked with a multitude of different Webinar platforms, including GoToWebinar, WebEx, ON24, and ReadyTalk. He continues to help DemandGen clients plan and implement integrations with Eloqua and Webinar technologies, while providing advice on how to manage the nuances and challenges that each platform can present.
Mike Tiskus says
Hi,
do you have an example of the custom java script that is required? This is great information but does not give 100% of the process required.
Thanks