I was able to thwart about 99% of the form spam by creating some lead field validation rules on the Salesforce.com side. There are some common trates that you can use to block these, only spammers would put a URL in a name or phone number field, right? Another one I use is to check that the first name = last name. I have several more.
The only down side is all the alert e-mails from Salesforce.com that are sent to your Salesforce.com administrators. But again, a simple inbox rule on your e-mail client or server can filter those for you, or move them to review later at your leisure.
I hope that helps.
We have now for almost 6 months been using Fast Secure Contact Form from here http://www.fastsecurecontactform.com and have no spam problems what so ever. If you are not using wordpress you can setup Fast Secure Contact Form – Free PHP Script avialible here http://www.fastsecurecontactform.com/download-php-script
To implement the form and have it send the info to Salesforce you will need skill to wrok with wordpress or PHP if you use the script.
But now that the spammers know your oid in your case it would not stop them from sending you spam. In Fast Secure Contact Form the oid is hidden and spammers will never know it unless you would have someone hack your site. I hope this helps!
Conni Nelson - 8 years ago
Interestingly enough, we just started receiving spam on our web-to-lead forms so I reached out to Salesforce and their response? They referred me to this idea platform for a solution! I agree with some of you that suggest they have no intention of building a fix, they will just continue to ignore us and hope we move to an API solution! I guess I'm "forced" to check that out as a solution!
I agree with adding a form source IP address or subnet of authorised hosts. I have implimented a number of lead validation rules on the SF side to minimize the number of bogus leads. While this work-around is getting most of the bogus leads, it is hardly a proactive approach.
I throw out a lot of leads where the first and last names are identical, start with "HTTP://", and many other spam like phrases in the various lead fields. This makes our inbound sales guys happier, but then the admins a ton of Salesforce.com Lead Alert e-mails.
Petri Kajander - 8 years ago
I found a neat solution for Wordpress users.
Use this contact forum plugin ( http://www.fastsecurecontactform.com/) first which have many ways to prevent spam and then let it resend the data after verification to SF's web to lead: http://www.fastsecurecontactform.com/send-form-data-elsewhere by mapping the fields.
It might work as a free standing php-script, too (http://www.fastsecurecontactform.com/download-php-script)
Sam Pascua - 8 years ago
I would suggest using the power of social media to force Salesforce (SpamForce) to act.
Post it on their facebook fan page, post it on yours, post it in twitter, write a blog post.
IF we make noise they will act, the reason they are not acting is to force us to upgrade our packages to one with an API, even if you dont need the rest of the features that go with the package.
So spam equals increased revenue to SpamForce, therefore if money is valued over customer exprience then hit them where it hurts, bad PR.
If you are about to sign up to SpamForce and you read posts warning you that you will have SPAM issues unless you pay far more, than perhaps you will look at one of their competitors.
Power to the peopkle - use social media