Enforce unique email address for a tracking cookie

Migrated from legacy feedback forum with 246 votes


When two different people convert from the same browser (tracking cookie), HubSpot overwrites the contact each time with the new email address and form data. This is the last thing we would ever want to happen. There is a setting to disable cookie tracking on a form, but we don't want to lose valuable analytics data either.


The use case for when someone will come back to our site with the same tracking cookie, and want to update their email address to a new one, is very very rare. On the other hand, the use case for multiple people filling out forms from the same computer/device is much more broad. It happens all the time and when we least expect it. It has happened to many of our clients who get frustrated and upset when they see valid leads getting overwritten in HubSpot because of some cookie technology they don't understand.


Can we please have a setting, either Contacts-wide or per-form, that will enforce unique email addresses for a tracking cookie? If a different email address converts on a form with an existing contact associated, HubSpot should create a new contact. That new contact would then have no cookie associated until the person identified themselves from a unique cookie.


Please HubSpot, we know you can find a solution for this!

HubSpot updates
Enforce unique email address for a tracking cookieHubSpot Product Team

Hi @dhika  we're working on a new feature which will allow a visitor to reset their cookie if the pre-populated information from the cookie does not match their information. We hope to have this on wide release very soon and will update here as soon as we have more information. 

Enforce unique email address for a tracking cookieHubSpot Product Team

Hi all, to help minimise cookie overwrites with forms we've just released a new setting within our forms.

Within your form settings you can enable a link on your forms which will display if your form is pre-populating information from a known cookie. This will display "not you? click here to reset" at the top right of your form. If a visitor clicks this, the form will be reset and the submission will not submit a cookie. This will create a new, fresh contact record and will ensure the tracking from the original submission will remain intact. 


Full information on how to enable this is available on our Knowledgebase: https://knowledge.hubspot.com/articles/kcs_article/forms/create-forms#reset


Thanks to everyone for your continued feedback and for helping us build a great product Smiley Happy

Enforce unique email address for a tracking cookieHubSpot Product Team
changed to: Delivered

Enforce unique email address for a tracking cookieHubSpot Product Team
changed to: In Planning

Our product team are currently experimenting with a new feature around this issue. Will update here as soon as we have beta features available. 

Enforce unique email address for a tracking cookieHubSpot Product Team

Hey @dhika yes this would technically achieve a similar affect to the cookie off. Essentially it is the ability to disable the cookie on a per submission basis. As opposed to having to disable all cookies on your form. 


For instance, if you were using a tablet at a conference, and you submit your first submission. Then you go back to the page to submit the second submission that second submission would see the first submissions information pre-populated with a link in the top saying "not you? click here to reset" once this link is clicked the form will reset and be empty. This second submission will then not submit a cookie and will create a new contact record. 


For conferences and events that are using the same browser I would definitely still recomend turning off your forms cookie tracking. Cookies are browser specific, so if visitors are visiting your booth and submitting a form through your tablet we would only be tracking their visiting information from that browser. 


Hope this helps! 

26 Replies
New Contributor

 Hi Shay, 


We have the exact same problem. One of the solutions that was presented to us (when this happens because a contact has forwarded an email  to a colleague that later fills out a form on a landing page, for example) was to put the Social Sharing module to share the web version of the email https://knowledge.hubspot.com/articles/kcs_article/email/how-can-i-share-the-web-page-version-of-my-...


Hope this helps. 


If anyone as discover a temporary workaround please let us know. 



- Mariana 

New Contributor

We have the same issue from tracking emails that get forwarded and then the contact gets overridden.


One suggestion from Hubspot (which kind of works), is to uses the "Disable Cookie Tracking" option on your form.  That way we don't remove our original contact.  However, when this form is submitted, the response does not set new cookies, which is what I would expect since this potentially creates a new user. A subsequent form appear to not track the user since the existing cookie is "disabled".


I agree with the original post to not change the email address when tracking. (Or at least make that a configurable option.)  Please don't let the primary key change- that is not good.  Please fix this.

New Contributor

Is there a solution yet in the works? This is a pretty massive fault to an otherwise awesome platform. I spent hours fixing records in HubSpot and Salesforce this week following a recent webinar promotion that resulted in a lot of form submissions due to internal email forwarding. It's a major issue that needs urgent resolution. Even with using the forward email option, human nature is to forward the email not hunt for the forward link.


There should be a method to render the cookie invalid based on email forward event data. There should also be a method to sort this out with multiple users on the same machine. At my org which does routine email promotion driving to HubSpot forms, a fix on the email issue is most pressing. It's very frustrating the platform needed for targeting, nurture triggers etc. is at risk of also rendering the data the platform and our business relies on much less valueable and confusing to manage. 


I hope this is being priortized urgently and look forward to updates.

New Contributor

The original poster says that the same person submitting a form with a different email address is rare, but I have seen it happen.  However, if a returning user with a cookie submits a form with a different first name, last name, and email address -- can't we at least consider that sufficient evidence that a new HubSpot contact should be created?


If you're worried about customers being confused about why new contacts are only sometimes created, I think it would be OK if I had to do a configuration on each form to set the rule for when a new contact is created.

Occasional Contributor

This is a massive issue for me as it happens all the time!


Hubspot - do you have a solution yet?



New Contributor

We have the same issues with collected forms.


Is there any solution to disable cookies tracking for collected forms on Hubspot Marketing Free plan?



New Contributor

 Agree - this is a big issue for us.  Especially with forwarded emails from one prospect to another.  We spend hours each week separating these records in both Hubspot and our CRM.  And it is even more frustrating when we know that other platforms do not have this issue as they tie the contact record to the email address and not the cookie.


Please find a solution soon.




Occasional Contributor

Encountered this issue earlier today and was both flabbergasted and infuriated (apologies to the CSM who will eventually read my angry support ticket on this subject -- it's not your fault). It just simply makes no sense whatsoever for a marketing automation system to assume that two records with different email addresses are the same and should be matched. Full stop. End of story. 


It's incredibly common (and in fact, a behavior that most of us marketers would like to encourage) for people to forward on emails they find interesting to their colleagues. Whether it's signing up for a webinar, registering for a newsletter, or, as was the case today, actually requesting a demo -- we *want* people to vouch for our content and our products by inviting their coworkers to sign up through a link that was emailed to them. What happened today -- the overwriting and merging of two legitimately different human beings legitimately requesting two different demos at two different times -- is unacceptable from a solution like Hubspot. It muddies the attribution and analytics waters, makes it impossible for a sales rep to reach out with complete information, and damages the trust between marketing and sales during handoff. 


I can't imagine that it would be a particularly heavy lift for Hubspot to rectify this as the default and expected behavior of every database ever is matching via email address. So please -- address this as quickly as possible! We don't want to lose all the functionality that comes with cookieing users, but this represents an enormous risk to our ability to track and attribute accurately. 

Regular Contributor

This whole issue boils down to the assumption that a link is always associated with a user, which is reflected in a tracking cookie.


To my mind the solution is to check if that original cookie exists (because we know that the link code and the cookie speaks to each other), and if not, challenge the user to confirm that they are the original recipient of the email.  If not, then a clean cookie is set and the link code dissociated.


Here is an oversimplified flow diagram that makes the point:

Hubspot Cookie Tracking 002.png

Yes, you can check if a cookie exists (e.g. Java, JavaScipt).  Once the presence of the cookie is established, the rest falls in place.


In some of our use cases there is a clear GDPR related risk - if any user clicks on a forwarded tracked link, they could potentially gain access to all the form data that the original user provided.  Whether intended or not, this is a clear breach which incur costs to manage and exposes us to the risk of severe fines and bad PR.


This issue must be a high priority for the development team before GDPR kicks in on 25 May. 


Please get this done Hubspot team!  We have too many "mashed" profiles on our system that could lead to large sales losses and big embarassment.





New Contributor

Yes. This is a big deal for us as well. We have a customer base that frequently forwards our webinar emails to colleagues. This issue creates corruption in our database that is hard to detect and frustrating for us and our customers.