Advanced Marketo Tips: Reduce Spam Leads with a Marketo Honeypot

BY: Jordan Stoffmaker

PUBLISHED: 1/19/2017

Keeping your Marketo Lead Database clean is extremely important, and is sometimes easier said than done. One of the actions you can take to prevent spambots or cyber attackers from filling out your Marketo forms and entering your database, is to create and use a Marketo Honeypot field.


The honeypot is an alternative to using a captcha or similar spam trap on your form, which may discourage some leads from progressing through to your database.

Marketo Honeypot Field


Traditionally used in in cybersecurity a honeypot is a method to lure cyber attackers and/or spambots to a specific computer system or web page as they try to gain access to information systems. To combat these spambots, we create a Marketo-only field that is hidden by custom form CSS; The spambot will “see” the form field and fill it out,  whereas a regular lead will not.


Upon submission, if the Honeypot form field is populated, the form will be unsubmittable; keeping your database free of intruders.


Cyber attackers have targeted marketers with the intention of filling database with spam leads; leading to a decrease in email deliverability and an increased likelihood of having their email/domain blacklisted.


Implementation Instructions


Step #1


Create a new custom field in Marketo called “Honeypot”. This field can be created directly in Marketo, as it does not have to be mapped into CRM.


Step #2


Add the Honeypot field onto any of your Marketo forms as a text field.


Step #3


On the form editor, edit the custom CSS and add the following code:

#honeypot, label[for=honeypot] {display:none !important;}

Step #4

Add the following JavaScript on any landing page templates (with a form and honeypot field) before the closing </body> tag. Please note: if the JavaScript is added onto the landing page and the form does not have the honeypot field, the form will unsubmittable.

 <!–Validation to prevent spam bots to submit form–><script>MktoForms2.whenReady(function (form) {   //listen for the validate event    form.onValidate(function() {        // Get the values        var vals = form.vals();        //Check if the honeypot field is empty        if (vals.honeypot == “”) {            // Not a spam bot! Submit the form            form.submittable(true);        }        else {        // This is a spam bot! Don’t submit the form        form.submittable(false);        }    }); }); </script>


Step #5


Test a sample of landing pages, ensuring that the form is able to be submitted and that the honeypot field is hidden. Once you are confident with the tests, implement the honeypot functionality on the rest of your forms.


Disclaimer: if a lead disables JavaScript on their browser, this approach may not work as expected. Adding a honeypot onto your Marketo fields is a quick and easy way to ensure that your database remains free of spambots.


Follow MERGE's blog for more advanced Marketo tips and tricks!