How to prevent spam from Pardot form-fillouts


The past month or so my company has been struggling with spam leads coming in from our website’s Pardot forms. We’re in the process of resolving the issue, and so far here’s what we’ve done:

Our website runs on Webflow, and we’ve been using Pardot form handlers (instead of Pardot forms) because form handlers give us greater control over the look and feel of the forms on our website.

We tried adding hidden text fields to our forms. If the text field is filled out, it means a bot filled it out, and we discard the form completion. This is known as the honeypot technique. That worked for awhile, but spam leads re-emerged.

Next we created fresh new form handlers. We believe that the bots either got smart enough to not fill out the honeypot field (unlikely) or the bots discovered the Pardot endpoint and are submitting directly to it. New form handlers were just a band-aid that stopped the bleeding for a short amount of time.

A next option for us is to write Javascript for our website to make the forms smarter. This can potentially prevent the bots from bypassing the honeypot field. On the top layer frontend, the Javascript would listen for whether there’s any data in the hidden honeypot field, and if there is, the form would not be allowed to be submitted. The honeypot field by itself lets Pardot know whether the form submission is from a bot, and the honeypot field + Javascript theoretically prevents the form submission from even getting to Pardot.

However, rather than writing that Javascript, the approach we’ve taken is to use Pardot forms (not form handlers). While Pardot forms have less flexibility when it comes to styling, it still is possible to style on the website with some CSS overrides.

Pardot forms are more powerful when it comes to spam prevent because they support reCAPTCHA. It’s a trade-off worth taking in my opinion: less control of aesthetics but better preventation.

Lasted updated on

by