Contact form spam protection in Pardot | 10+ ways to prevent

Jul 27, 2022

Share this Article

You hope it just goes away but spam usually goes rampant until you make it go away. We’re here to help with our 10 methods of contact form spam protection for Pardot forms / *Salesforce Marketing Cloud Account Engagement forms. Follow any or all of our recommendations below to keep spam at bay, ideally deflecting it before it even reaches you!

We typically consult with you as part of our Pardot implementation consulting work as to what would be the most appropriate set of solutions for your business, and then configure that for you, to help you prevent spam from the get go. Contact us to learn more.

10 Methods of contact form spam protection

Contact form spam protection method #1:

Add a honeypot field (negative captcha)

All forms hosted by Pardot have built-in bot protection by using a negative CAPTCHA called a honeypot. It’s an invisible field that your prospects can’t see. Bots do see this field, and they fill it out. Pardot rejects form submissions when the honeypot field has a value. It’s that simple. And the honeypot technique of spam filtering is done for you by Pardot, so nothing to do here for you. Enjoy the benefit. You can make an extra honey pot yourself, if you don’t trust relying on Pardot.

Contact form spam protection method #2:

Add conditional captcha

Second way to block out spam is needed because sophisticated bots can bypass a honeypot. So Pardot also use a conditional CAPTCHA in its forms. What this means is that Pardot pings a database of IP addresses that are known for spam when a visitor views a Pardot form or landing page. Visitors coming from an IP known for spam see a CAPTCHA.

If the IP address is fine, the form is displayed without a CAPTCHA. The conditional CAPTCHA stops bots, but humans don’t see it, and your conversion rates don’t suffer. Brilliant. Again, nothing to do here for you. Pardot does it all.

Contact form spam protection method #3:


Recaptcha is a fancy version of that Captcha functionality, but with more bot protection. Pardot enables reCAPTCHA on a form by default when we detect an unusual number of form submissions within a certain time frame.

However, failing that, your Pardot consultant or administrator can also active it. It works on a form by form basis. ReCAPTCHA is added for all prospects from then on. This means that users are required to tick-mark this extra field -and as we are keeping fields to a minimum, the benefits of adding reCaptcha must be weighted against this cost. Fortunately, there are other ways to prevent form spam without Captcha.

Contact form spam protection method #4:

Allow only qualified emails

In Pardot you can change the email settings to only allow all Email with valid mail server, or those with Email not from ISPs and free email providers. The setting ‘Email with valid mail server’ assesses if your prospect’s email has:

  • a valid email address syntax
  • a live domain name
  • a receiving email server listed in DNS records.

This method is useful to some degree as it filtering out some bogus email addresses used in spam. This also means that certain customer misspellings of his email address can throw an error and an alert to recommend the respondent to fix it. So, better data quality results.

It’s a 5-10 minute job to change your forms – provided you don’t have too many – and it can make a positive difference.

The other setting, Email not from ISPs and free email providers, verifies that the email address:

  • has a valid email address syntax
  • is from live domain name
  • belongs to a receiving email server listed in DNS records
  • is not from a known ISP (for example, Comcast or Charter)
  • is not from a free email provider (for example, Gmail or Hotmail).

Besides the benefits mentioned above, this latter specification is particularly useful if you only want to have valid business emails. Equally, it is totally unsuitable if you are operating in a B2C market!

Contact form spam protection method #5:

Use double-opt-in forms

Use a double opt-in form! We know, the main downside is that in certain businesses half of the people never double opt-in. But those who do, are the ones you want. So, at a time that you have more leads than you need in a particular period, give this a whirl.

Spambots and even human spammers typically bother with the form that you send via that initial email.

Contact form spam protection method #6:

Stop specific spam email addresses from being able to submit your form

It’s possible to add javascript code to a form that disallows certain email addresses to fill the form, e.g. competitors, or known spam emails. And it’s particularly useful you want to enforce people using only a work email address, you might want to disallow anyone signing up with a hotmail account, for example. So, part of this can be achieve with #4, but this takes it further. And you can use it to keep competitors out too. Multiple use cases.

If your spammers use email addresses with same domain name, you can add their domain names to your list of invalid entries.

This method of contact form spam prevention works wonders in WordPress. But, unless you have a savvy Javascript Developer onboard, who has some free time on hand, and unless you have a WordPress rather than a Pardot form, skip to the next option. There are much simpler ways in Pardot…. read on.

Contact form spam protection method #7:

Via an automation rule

In Pardot, create an automation rule based on email address content (e.g. aaa@,, 1@, 2@, , and then add the action to put the new spam leads onto a static list ‘spam to delete’, plus the action ‘Do not sync with the CRM’. Your Sales team will love you for doing so.

After you set up your automation, you will probably want to add to the criteria over time. And you’ll need to periodically mass-delete your spam. Not too much work and a quite simple, elegant no-code solution.

Automations rules are not retroactive, so you’ll want to complement this solution with #8.

Contact form spam protection method #8:

Put ‘spammers’ on dynamic spam list

…and then periodically mass-delete your spam. With this method, you can prevent spammers won’t get your emails and harm your sender reputation. Nor will they get access to your marketing assets.

This works for list emails and Engagement Studio work, but not for auto responders.

Ways to block spam #9:

Notify the authorities to put your spammers onto black lists

Blacklists! That’s where they belong. How do you do this? You can go to the WHOIS database and find out who owns / registered the domain name where the spam email addresses came from.

Once you know the details, you can report the senders at

Contact form spam protection method #10:

If spam comes via your PPC ads, use software to avoid click fraud and notify Google Ads

Again, this feeds the blacklists. But it also ensures that you won’t have to pay for fraudulent clicks on your PPC ads. Not all spam actually tracks in your google reporting, so you may not have to pay for the spam ads clicks. But having them added to Google’s blacklists certainly helps everyone.

Here is where you lodge a complaint:

Control your spam

These 10 ways will help you towards keeping your spam at bay. Try them yourself, or if contact us for assistance. These first 10 solutions are all free.

However, as one of our clients experienced a serious spam attack, they only partially solved the problem. To more fully control their form spam, we developed a few other solutions. These are keeping their Sales team sane (..spam leads can be somewhat maddening..) and their Pardot reporting clean.

Interested in effective form spam control for your business?

Market better

Interested to make better use of your Pardot or Salesforce Marketing Cloud instance, feel free to arrange a 30 min consultation with one of our expert consultants to talk about your needs and challenges:


*For readability sake, we stick to using the very clear and short name Pardot, even though Salesforce has recently renamed Pardot to Salesforce Marketing Cloud Account Engagement. As experts in both platforms, we know that Salesforce Marketing Cloud (SFMC) and Pardot function COMPLETELY different. They are different platforms altogether. Marketing Cloud’s strong suit is mostly for B2C, while Pardot makes the digital marketeers in B2B thrive, as well as B2C ‘considered purchases’ such as property or healthcare. As SFMC is so sophisticated and as too often training budgets for Marketing cloud are overlooked/insufficient, this platform is at times considers a bit challenging to get into for the average marketeer. In contrast, Pardot, or… Salesforce Marketing Cloud Account Engagement is much easier to use. And has fantastic features and many use cases!

Interested to learn more?

We would be very happy to help you.

We use cookies to make our site better for you. By using our site, you agree to our terms and conditions, including the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.