You always hope it goes away, but spam usually goes rampant before you make it go away. Here are 10 methods of contact form spam protection for Pardot forms / *Salesforce Marketing Cloud Account Engagement forms. Follow any or all of our recommendations below to keep spam at bay, ideally deflecting it before it even reaches you!

We typically consult with you as part of our Pardot implementation consulting work as to what would be the most appropriate set of solutions for your business, and then configure that for you, to help you prevent spam from the get go. Contact us to learn more.
Contact form spam protection method #1: add a honeypot field (negative Captcha)
All forms hosted by Pardot have built-in bot protection by using a negative CAPTCHA called a honeypot. It’s an invisible field that your prospects can’t see. Bots do see this field, and they fill it out. Pardot rejects form submissions when the honeypot field has a value. It’s that simple. And the honeypot technique of spam filtering is done for you by Pardot, so nothing to do here for you. Enjoy the benefit.
Contact form spam protection method #2: Add conditional Captcha
Second way to block out spam is needed because sophisticated bots can bypass a honeypot. So Pardot also use a conditional CAPTCHA in its forms. What this means is that Pardot pings a database of IP addresses that are known for spam when a visitor views a Pardot form or landing page. Visitors coming from an IP known for spam see a CAPTCHA.
If the IP address is fine, the form is displayed without a CAPTCHA. The conditional CAPTCHA stops bots, but humans don’t see it, and your conversion rates don’t suffer. Brilliant. Again, nothing to do here for you. Pardot does it all.
Contact form spam protection method #3: Recaptcha
Recaptcha is a fancy version of that Captcha functionality, but with more bot protection. Pardot enables reCAPTCHA on a form by default when we detect an unusual number of form submissions within a certain time frame.

However, failing that, your Pardot consultant or administrator can also active it. It works on a form by form basis. ReCAPTCHA is added for all prospects from then on. This means that users are required to tick-mark this extra field -and as we are keeping fields to a minimum, the benefits of adding reCaptcha must be weighted against this cost. Fortunately, there are other ways to prevent form spam without Captcha.
Contact form spam protection method #4: Allow only qualified Emails
In Pardot you can change the email settings to only allow all Email with valid mail server, or those with Email not from ISPs and free email providers. The setting ‘Email with valid mail server’ assesses if your prospect’s email has:
- a valid email address syntax
- a live domain name
- a receiving email server listed in DNS records.
This method is useful to some degree as it filtering out some bogus email addresses used in spam. This also means that certain customer misspellings of his email address can throw an error and an alert to recommend the respondent to fix it. So, better data quality results.
It’s a 5-10 minute job to change your forms – provided you don’t have too many – and it can make a positive difference.
The other setting, Email not from ISPs and free email providers, verifies that the email address:
- has a valid email address syntax
- is from live domain name
- belongs to a receiving email server listed in DNS records
- is not from a known ISP (for example, Comcast or Charter)
- is not from a free email provider (for example, Gmail or Hotmail).
Besides the benefits mentioned above, this latter specification is particularly useful if you only want to have valid business emails. Equally, it is totally unsuitable if you are operating in a B2C market!
Contact form spam protection method #5: Use double-opt-in forms
Use a double opt-in form! We know, the main downside is that in certain businesses half of the people never double opt-in. But those who do, are the ones you want. So, at a time that you have more leads than you need in a particular period, give this a whirl.
Spambots and even human spammers typically bother with the form that you send via that initial email.
#6: stopping specific spam email addresses from being able to submit your form
It’s possible to add javascript code to a form that disallows certain email addresses to fill the form, e.g. competitors, or known spam emails. And it’s particularly useful you want to enforce people using only a work email address, you might want to disallow anyone signing up with a hotmail account, for example. So, part of this can be achieve with #4, but this takes it further. And you can use it to keep competitors out too. Multiple use cases.
If your spammers use email addresses with same domain name, you can add their domain names to your list of invalid entries.
This method of contact form spam prevention works wonders in WordPress. But, unless you have a savvy Javascript Developer onboard, who has some free time on hand, and unless you have a WordPress rather than a Pardot form, skip to the next option. There are much simpler ways in Pardot…. read on.
Contact form spam protection method #7: Via an automation rule.
In Pardot, create an automation rule based on email address content (e.g. aaa@, @test.com, 1@, 2@, @spammer.com) , and then add the action to put the new spam leads onto a static list ‘spam to delete’, plus the action ‘Do not sync with the CRM’. Your Sales team will love you for doing so.
After you set up your automation, you will probably want to add to the criteria over time. And you’ll need to periodically mass-delete your spam. Not too much work and a quite simple, elegant no-code solution.
Automations rules are not retroactive, so you’ll want to complement this solution with #8.
#8: Put ‘spammers’ on dynamic spam list
…and then periodically mass-delete your spam. With this method, you can prevent spammers won’t get your emails and harm your sender reputation. Nor will they get access to your marketing assets.
This works for list emails and Engagement Studio work, but not for auto responders.
Ways to block spam #9: Notify the authorities to put your spammers onto black lists
Blacklists! That’s where they belong. How do you do this? You can go to the WHOIS database and find out who owns / registered the domain name where the spam email addresses came from.
Once you know the details, you can report the senders at https://www.webnic.cc/contact-us/
#10: If spam comes via your PPC ads, use software to avoid click fraud and notify Google Ads
Again, this feeds the blacklists. But it also ensures that you won’t have to pay for fraudulent clicks on your PPC ads. Not all spam actually tracks in your google reporting, so you may not have to pay for the spam ads clicks. But having them added to Google’s blacklists certainly helps everyone.
Here is where you lodge a complaint: https://support.google.com/google-ads/answer/176378?hl=en
There’s more
We trust these 10 ways helps you to keep your spam at bay. Try them yourself, or if contact us for assistance. These first 10 are all free solutions.
However, as we just had a client who experienced a massive spam attack, none of these fully covered the problem. We then developed a few other solutions to keep form spam under control, your Sales team sane and your Pardot reports clean. Interested in effective form spam control?
Beyond spam…
Interested to make better use of your Pardot or Salesforce Marketing Cloud instance, feel free to arrange a 30 min consultation with one of our expert consultants to talk about your needs and challenges:
Footnote
*For readability sake, we stick to using the very clear and short name Pardot, even though Salesforce has recently renamed Pardot to Salesforce Marketing Cloud Account Engagement. As experts in both platforms, we know that Salesforce Marketing Cloud (SFMC) and Pardot function COMPLETELY different. They are different platforms altogether. Marketing Cloud’s strong suit is mostly for B2C, while Pardot makes the digital marketeers in B2B thrive, as well as B2C ‘considered purchases’ such as property or healthcare. As SFMC is so sophisticated and as too often training budgets for Marketing cloud are overlooked/insufficient, this platform is at times considers a bit challenging to get into for the average marketeer. In contrast, Pardot, or… Salesforce Marketing Cloud Account Engagement is much easier to use. And has fantastic features and many use cases!
Last Updated on April 18, 2023
Leave a Reply