Spam Form Submissions Rampant - Fix this!

Sue_M · ‎Jun 23, 2023

I've seen an uptick in spam submissions even though we have Captcha enabled and are not allowing "free" emails - spammers have found a way to now submit (successively) @gmali.com (which I've also now added to do not allow). Hubspot says they check email addresses prior to allowing the form to complete... I've seen that there's a new feature called "Spam Submissions" but have not seen this on my forms.

This is an immediate problem that needs addressing NOW! Not telling us that we have the correct filters in place. It is happening daily -- numerous times a day -- do better Hubspot, please! Of course each of these submissions require our eyeballs on it to see if it's fake.

At least acknowledge you've seen the uptick and are trying to find a solution!

JVandenberg1 · ‎Jan 22, 2025

Noticing this too (still a problem in 2025), we have reCAPTCHA and free email domains blocked (not to mention a long list of additional email domains from bogus companies, wiki pages, etc...). Definitely frustrating, submissions pouring into our Contact Us form which we try to reserve for interested leads to reach out to us. Spam submissions mucking up our conversion(s) data, KPIs, and workflows. We only target leads in a select few regions, so would love to be able to limit form submissions to website visitors from those regions as all of our spam submissions are coming from overseas, @hubspot please do anything at all to fix this.

ABurke8 · ‎Sep 18, 2024

We’re facing a similar issue—over 100 spam form submissions per day, which is clogging up Salesforce and overwhelming our sales team. We have reCAPTCHA enabled and have blocked certain domains, but we're still getting multiple spam submissions daily. I’ve reached out to HubSpot several times without any response.

Does anyone know if we can integrate a third-party form solution with HubSpot to help mitigate these bot submissions?

CUrsu1 · ‎Sep 5, 2023

I have seen this happen recently in a clietn accout as well, it is definetly bot activity and it it never marked as spam submission by Hubspot as the criteria is super lax (email in first name or a global bounced email). Captcha is enabled on the forms but not seem to prevent anything. We are asking for the website url and I am comparing this with the email domain, in a lot of the spammer cases they are using different domains. They are using some lists of valid domains that are not in use. Also some of the emails used are not just made up, emails show as delivered but they are never opened or clicked so they might have some lists of abandoned emails.

A lot of these submissions are coming from Adwords campaigns so I suspect it;s a sophistcated ad fraud scheme, whould be great to be able to squash this.

BérangèreL · ‎Sep 6, 2023

Hi @CUrsu1, @DBroderick, @HunterEuchaski, @DebSchleede,

I hope that you are well!

Thank you for your valuable feedback!

I would highly recommend you to please post this product suggestion on our ideas forum here.

Our product team, who monitors the forum regularly, can read your specific use case and understand why this would be a useful functionality or change.

It also helps other customers facing the same issue to advocate for its implementation on your behalf by upvoting on the thread as well.

Thank you and have a nice day!

Best,
Bérangère

HubSpot’s AI-powered customer agent resolves up to 50% of customer queries instantly, with some customers reaching up to 90% resolution rates.
Learn More.

Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres! !

DebSchleede · ‎Aug 2, 2023

We are a partner and more than one customer is having the same issue. Huge uptick in spam submissions. There is no unique domain name to block, and CAPTCHA is already enabled. All the submissions seem to be humans or bots that can bypass Google's security to submit things like below. We are going to try a honeypot field but I am not confident that it will help. Other suggestions would be appreciated.

First: fgreqwf
Last: sdgfadhfda
Email: sdgsagf@hhh.com

KevinUy · ‎Jan 3, 2024

Hi Deb — We get these types of submissions as well. Did you ever figure out a solution? I attempted a honeypot but I could not get the bots to fill out the hidden field.

HunterEuchaski · ‎Jun 28, 2023

We've had quite a few spam submissions ourself. Would you mind showing me an example or two? I'm trying to see if this has anything to do with our forms on hubspot too.

BérangèreL · ‎Jun 29, 2023

Hi @HunterEuchaski and @DBroderick,

I'd like to share this similar post from @danmoyle that might help you "Protect Against Spam Accounts".

Also, from reading the previous posts, it sounds like you have taken the right course of actions so far.

I checked internally for you and currently, you can enable Captcha and block specific email domains or free email providers.

Those are the options that we have to control bot/spam submissions. However there isn't much more action we can take from our end to prevent them unfortunately.

One thing to note is that when captcha is live, you may see some spam submissions come through. That indicates they managed to bypass Google's security filters and didn't trigger as suspicious for some reason.

I hope this helps!

Have a nice day!
Bérangère

HubSpot’s AI-powered customer agent resolves up to 50% of customer queries instantly, with some customers reaching up to 90% resolution rates.
Learn More.

Saviez vous que la Communauté est disponible en français?
Rejoignez les discussions francophones en changeant votre langue dans les paramètres! !

DBroderick · ‎Jun 28, 2023

We're having the same issue. It's a major problem. Huge uptick in spam submissions. Any guidance other than inable the email filter or Captcha would be helpful or just an acknowledgement that it's becomng more prevelant.

PamCotton · ‎Jun 23, 2023

Hello @Sue_M Happy Friday! Thank you for posting in our Community!

I want to share this knowledge base with more details on how to prevent spam form submissions.

Are the spam emails coming from the same address? You are able to block specific email domains on top of blocking free email addresses. Let us know if that works.

I hope this information helps.

CRM