The past month or so my company has been struggling with spam leads coming in from our website’s Pardot forms. We’re in the process of resolving the issue, and so far here’s what we’ve done:
Our website runs on Webflow, and we’ve been using Pardot form handlers (instead of Pardot forms) because form handlers give us greater control over the look and feel of the forms on our website.
We tried adding hidden text fields to our forms. If the text field is filled out, it means a bot filled it out, and we discard the form completion. This is known as the honeypot technique. That worked for awhile, but spam leads re-emerged.
Next we created fresh new form handlers. We believe that the bots either got smart enough to not fill out the honeypot field (unlikely) or the bots discovered the Pardot endpoint and are submitting directly to it. New form handlers were just a band-aid that stopped the bleeding for a short amount of time.
Pardot forms are more powerful when it comes to spam prevent because they support reCAPTCHA. It’s a trade-off worth taking in my opinion: less control of aesthetics but better preventation.