Please Login with your Salesforce ID to post, promote or comment.
Salesforce IdeaExchange
FAQs | Terms of Use8282 Ideas; Promoted 177412 Times; 17086 Comments.
- Suggest a New Product Concept
- Promote Ideas That You Want to See Developed
- Discuss With Product Managers and Other Users
- See What We Are Planning To Deliver
Marketing Automation Comments
| Marketing Automation Ideas
|
Applications Comments
| Applications Ideas
|
Force.com Platform Comments
| Force.com Platform Ideas
|
Email Comments
| Email Ideas
Web 2 Lead & webform spam
Webforms, and also the web to lead feature in SalesForce can be used to sent spam. Once they have got your OID, this can be used to sent you leads fully automated.
Salesforce should create a feature where it is possible to define the origin of the webform. If it is not in the list of approved websites (HTTP referrer), it should reject the form.
This doesn't seem a difficult feature and it helps to optimize your leads. Not it's possible you receive a lot of leads with the type "A HREF" that just consume time. Hope this starts a new interesting discussion.
|
NetGenIT 11/12/06 |
We are having this SPAM problem also. Would like to see some kind of solution... |
|
shapoor 11/16/06 |
One customer suggested we allow an option to filter the record submission based on IP address of webservers hosting the Forms as well - although still not secure the flexibility to add these types of restrictions would make it more challenging to SPAM the target. |
|
ForceForSale 12/03/06 |
Or alternatively create a PHP validation script as a standard feature that includes the form web2lead. Salesforce should have some advise on hiding you oid and hidden fields |
|
RickKlau 02/12/07 |
This particular issue is an incredible frustration for us. I just deleted better than 10,000 spam leads generated using this script exploit. What's worse, Level 2 support at Salesforce claimed it was my issue and that there was nothing that they could do about it. Salesforce should leverage the open source Akismet system (originally developed for use by weblog apps) - it's designed specifically to block successful form submission by automated bots like those that are currently rendering web-to-lead a huge annoyance for us. |
|
benjasik 02/13/07 |
We're aware of this issue, and have created a solution that leverages validation rules for short-term relief until we can address it in the core product. Ask support for solution 00006228. We're working on making it public, but here's the basic idea: It involves using javascript to set a hidden field to the document location, and then using validation rules to check for this. It’s basically obfuscating a shared secret, with the assumption that most bots won’t set the document.location property and fill in the hidden field. This trick also involves allowing regular users to create leads in the UI, which involves passing another hidden field that’s always set in the web2lead form. |
|
hemm 05/24/07 |
I created a PHP script that you can use to post your web to lead forms to. Prior to passing the data to Salesforce.com web to lead, it uses the Akismet spam detection service to check whether it's spam or not. It will then set a Salesforce field to true/false depending upon the result. You then have the power of Salesforce to process leads based upon values in that true/false field. Check it out at http://sfdc.arrowpointe.com/2007/05/24/fight-web-to-lead-spam-w-akismet/. |
|
Kumar,_Sena 06/17/07 |
Yes. We're also receiving spam data from one of the web-to-lead forms. Looks like a spammer caught the html code and sending automated messages. Please add a feature in such a way that is will filter the spam data leads. Kumar |
|
glowitz 07/09/07 |
This is a very important area (Spam Prevention). We recently switched to SFDC specifically because our site had gotten circulated as an easy target for unsolicited content. We don't want to create another management chore of parsing through the data. Hopefully the temporary workaround noted by "benjasik" on Feb 13 will allow for forms to be submitted from different pages on the website, since we use the web-to-lead and web-to-case forms on various pages depending on the context of the content. Presumably this would also work for Web-to-Case? Coincidentally, I just sent a support ticket earlier today on this very subject but didn't know to ask about 00006228 solution ID. I will append my ticket to request that info. Thank you. |
|
JMcLeodFEWA 07/19/07 |
I am currently implementing my associations Web-to-lead form. Obviously i've been looking at potential problems, it seems spam is a very real problem with web to lead. Is it possible that you could incorporate a word-verification or visual verifical field like GMail or any email host uses to fight the account spam? I've been researching this, i am just unsure on how to implement it. Would it solve anything? Is the real problem OID and that would bypass any field requirement like the visual verification? |
|
StrataSteve 08/01/07 |
Solution 00006228 does not help once your OID has been discovered by these spammers. Per support, SF will not change your oid, so you are stuck receiving the spam. We are using a simple validation rule since our spammers are using same first/last name, but I do not want to have to analyze every piece of obscene garbage that makes it in to write a new rule for it. Please set up whitelisting of domains. I know it isn't perfect, but it will surely make the web to lead process work for us again. |
|
diegarte 10/10/07 |
Spamming is a major problem when implementing a web-to-lead solution. Unfortunately the default Salesforce web-to-lead utility does not provide any anti spam functionalities yet, which might prevent some Salesforce user to successfully implement an effective Web-to-Lead strategy. For anyone willing to fill the gap between their website and Salesforce without worrying about spam, I suggest using FormVester (available form the AppExchange). FormVester generate leads form any of your existing online forms, without the hassle of reprogramming them…and it is spam-free. The reason is that, it works by adding a snippet tracking code into your website pages (that will execute a hosted script), so that, no OID number is ever exposed in the source code of the page. Spam bots are then not able to take advantage of this number ensuring a clean spam-free lead generation. An interesting other thing about FormVester, as opposed to the default Salesforce Web-to-Lead utility, is that it always checks if a lead already exists in Salesforce before creating/updating it (using a 6 rules based filter) so that it will never duplicate the lead. Give it a try! FormVester for AppExchange |
|
andysernovitz 11/25/07 |
Spam protection is a basic responsibility of any hosted software vendor. It is obscene that Salesforce has ignored this urgent problem for more than a year. At the very least, they could implement a simple captcha option. |
|
rglazer@tacoda.com 11/27/07 |
We are also experiencing the SPAM issue and would like to see an official solution from Salesforce.com. Thanks |
|
bondtracvp Jan 10 |
The CAPTCHA option seems like a good solution. Salesforce has already implemented it on their forms. So they have the ability to provide it to us. |
|
kpmooney Jan 23 |
We have seen spamming or even "key pound" entries as a problem when implementing a web-to-lead solution. Unfortunately the Salesforce web-to-lead system leave you exposed to the spam of multiple methods. If you are interested, Predictive Response has released FormCheck to not only eliminate spam worries, but also hides the OID, provides enhanced filtering, lead validation, and catagorization on input to Salesforce using your exhisting Salesforce Web-to-lead forms. FormCheck is available on AppExchange as a get it now solution. http://www.salesforce.com/appexchange/detail_overview.jsp?NavCode__c=a0130000... |
|
hemm Jan 30 |
An update on my free PHP script located at http://sfdc.arrowpointe.com/2007/05/24/fight-web-to-lead-spam-w-akismet/. The script uses an anti-spam service called Akismet, which rocks. I implemented it in July 2007 on my websites. It is now January 30, 2008 and today was the FIRST TIME that the script allowed a piece of spam through. Up until today, I had never had a false positive (something marked as spam that shouldn't have been) and never had a spam lead come through and not be identified as spam. That's a pretty good track record. Everything you need to implement it yourself is located at http://sfdc.arrowpointe.com/2007/05/24/fight-web-to-lead-spam-w-akismet/. I'd suggest you check it out. It works really well. |
|
saariko May 15 |
I want to add my note on the CAPTCHA option. It's very important to include a Humanized test during the filling/posting of the process. Can a SF representative comment on this? |
|
CameronS May 30 |
This is by far the most annoying feature of SalesForce that makes me want to switch to something else. I have long since secured my OID in my login form (using C#) - but that doesn't matter - spammers know my OID and bypass the login form and programmatically create cases. I only want cases to come from my customer login form page on my web site. The validation rule work around Salesforce recommends is too limited, and the various other work arounds Salesforce suggest are not solutions. Spam will still get in because people can submit it with only the barest essential fields. You also cann't change your OID, Salesforce told me there was no way to do this. All in all - this is disappointing how Salesforce does not take security seriously. I submitted multiple cases about this and was not given a secure solution that would eliminate the chances of receiving web to case spam. |
|
cb4 Jun 24 |
The only reasonable solution seems to be running all the input through askimet, which is gonna cost $50 per month for a commercial license: http://akismet.com/commercial/ Also, you need to be running running PHP5. Most of my leads contain duplicate first and last names like the following 3 examples: "ins05 ins05" , "blackjack blackjack" , "online casino online casino" etc. Are others seeing the same type of spam? Could this be the work of a handfull of spammers using scripts and cycling through random OIDs? |
|
stopthespam Jul 25 |
I do not want to deal with spam, so will be using another lead tool until Salesforce fixes this! So, please, fix this problem! |
track comments for this idea
Please log in to post a comment
last 100 promotions:
- richs
- EddieDial800
- chemphill
- stopthespam
- lango
- NeillLearns
- ejohnson
- carl_weiss
- RodbCA
- cdw
- cydney
- mbenning
- holly_vonnes
- nicksquash
- johnnykuta
- cb4
- Jeff_Kahsen
- CameronS
- nyatax37
- glammedia
- hayli
- Kringo
- saariko
- dipa194@aim.com
- creuman
- sfranklin01162008
- celine
- eoin
- eholland
- mtam
- henryCH
- billbutton
- jaybna
- carramrod
- Anand_-_NPower
- Cookie
- jeradf
- maryachuong
- davewallis
- robert123
- Jesterale
- CRMSuggestions
- modernfirm
- rcb
- pacman
- brenwyn99
- mlee
- rglazer@tacoda.com
- Christoph_K.
- andysernovitz
- ryan_mm
- 06/5/2007_17:46
- j.d._bruce
- cjtannu
- ranio
- Robbert
- theSuper
- lsatony
- ta_invisible
- Per_Hansson
- colstad
- mcockerill
- NETxCK
- phoest
- KenDev
- jaimee
- StrataSteve
- Redsummit
- TexasKim
- JMcLeodFEWA
- Deewani
- glowitz
- rpr2
- Marc_Baizman
- cp@exiopia.com
- Maruchi
- Kumar,_Sena
- Chris_Murphy
- joey-marchy
- jamandadoolittle
- blacher
- fusepoint
- Conches
- AMartin
- LucBaart
- rpr
- JWall
- sparky
- werewolf
- 04/25/2007_16:49
- Cappuccino
- partnership@bsquaredinc.com
- mpalmer
- Blarosa
- BrightcoveSupport
- CDeGrace
- TheBoot
- ericsu
- johnlewis
- seand
POST IDEA
TOP USERS