Avoiding Salesforce Web-to-Lead Spam
Earlier this week I attended the Denver Salesforce User Group meeting. One of the attendees was a new user and asked the group if others were using the web-to-lead functionality. Some were capitalizing on this functionality but, to my astonishment, not everyone.
Many of the folks that began discussing this topic expressed frustration over how to implement and concerns about spam. One of the respondents indicated that they went live with the functionality on one of their web forms but had to pull it down because they were receiving way too many spam leads. Another respondent indicated their web guy/team couldn't work with the code that was generated from Salesforce and they were left unable to roll out the functionality due to an inability to explain how the code worked and what within it was important.
Web-to-Lead is something that I think all Salesforce CRM businesses should use and I would like to take this post to explain how to prevent the possible spam submissions from a web form.
Although I won't go deeper into some of the pros of using Salesforce web-to-lead I would like to take a second to list them out. Maybe I will post some additional write-ups on these topics at a later date. Anyway, these are the reasons that web-to-lead is great:
Now I can go on and on about why this is important and how easy it is to setup but I'll get to the point of this posting. You've bought into the web-to-lead functionality and have everything setup but now the leads being dropped into Salesforce are not always legitimate. You need a simple snippet of code to authenticate the form submission and maybe your web guy is not sure what to do or maybe you sometimes wear the "web guy" hat.
Whatever your situation you basically should always have the web form submission include the email address of the person making the submission. This field is the one you should use to do some simple validation that the email is legit and if it fails the inspection then the form fails. Or, more specifically, you let the form submitter know that the email is junk and the form cannot be submitted until it is fixed. This validation will help to trim the number of spam leads getting submitted and may prevent them entirely.
Since all Salesforce web-to-lead submissions work the same way for standard Lead fields, there is no modification necessary to the portion of your code where the user actually enters the email address. However, invoking the code may require a bit more explanation.
First, you need to alter your form submission to use the code above prior to making the form actual submit anything to Salesforce. This can be done by simply altering <Form> tag in the code of the form submission. Also, as I explained earlier there is no need to alter the portion of the form that captures the email entry. The code below shows the altered Form tag as well as the line for the email address capture:
<form action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="POST" onsubmit="return validateForm()"> <input id="email" maxlength="80" name="email" size="20" type="text">
As good practice you should probably include some other form validations where needed. Maybe checking the length of the name fields or the format of a phone number if you're requiring that on your form. However, I'll leave that validation for another time.
If you'd like to see a working example of this code you can simply go the Contact Us page on this website. That page uses the script from this post in addition to some additional validations to make sure that we do not receive spam web leads in our Salesforce org.