Imagine this. You are a humble Marketo Engage admin, managing operations, keeping the trains running (so to speak), and ensuring everything coming out of your Marketo instance is in tip-top shape. Lead flow is dialed. You have a great relationship with your Salesforce admin. You have your dream job and life is sweet – if a little busy.
And then one day, you log in. You get a sneaking suspicion that something is amiss. Maybe your reports are looking really strange. Or maybe you get an alert. Maybe your Slack starts blowing up. Suddenly you realize: one of your worst nightmares as a Marketo admin has come to pass. A bot attack on your website, going after your Contact Us form. Lead after lead starts pouring in, inundating your systems with garbage leads that are definitely not human. Your boss is calling you – what is going on? Your Sales Development Reps start Slacking you – why did I suddenly get alerts for 1587 new leads that all look really strange? Your Salesforce admin is at your desk – how did we already hit our API limit?
On a normal day, marketing operations folks already face significant challenges in regard to data quality, accurate measurement, and getting a true sense of their lead value – and that’s all before spam bots begin to overwhelm their systems and lead processing with fake leads. Spam bots and fraud create undue overhead, increase system cost, reduce email deliverability, inaccurate reporting, reduce lead quality, and are generally a massive annoyance nobody wants to deal with. If you’re actively dealing with – or have dealt with – a bot attack on your website, you know the heartache this can cause.
Thankfully, Marketo Engage has made it much easier to prevent spam from entering your database. Through functionality released in the fall of 2022, Marketo Engage released an integration with CAPTCHA using Google reCAPTCHA v3. By configuring this CAPTCHA integration, you can prevent spam records from negatively impacting your data quality and ability to accurately report on marketing initiatives.
Will I have to find the crosswalks in a dozen pictures? Will my users have to jump through a dozen hoops to fill out a form? What is reCAPTCHA v3?
All in the interest of preventing spam form submissions, you have surely experienced various puzzle challenges, forcing you to identify letters, crosswalks, motorcycles, and any number of other strange shapes and images in order to fill out forms. The user experience on these challenges is often not very pleasant, but they get the job done in blocking spam and preventing poor data quality. These puzzles are all examples of a CAPTCHA – an acronym that stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart.”
Over time, bots have become increasingly sophisticated. They become simultaneously more capable of solving CAPTCHA puzzles, so CAPTCHAs are forced to become more advanced as bots adapt. Google’s reCAPTCHA – Google’s proprietary CAPTCHA solution – has evolved from its original v1 form making users identify distorted words or numbers, into its current v3 version which is frictionless for website visitors. Additional versions will inevitably be released over time.
Marketo Engage is integrated with Google reCAPTCHA v3 – the frictionless solution – so thankfully, you will not make your site visitors find all the stoplights, all in the interest of maintaining your data quality. Marketo’s product team does not have any other CAPTCHA providers planned for future integration, but they will consider this based on user feedback.
By configuring this integration and activating reCAPTCHA on your Marketo forms, you will then be able to capture new, specific attributes related to Google’s judgment of whether a record should be considered trusted, suspicious, or if some kind of error occurs. With these attributes, you can quarantine or otherwise treat suspicious records in whatever particular way you see fit.
Okay, but I have a thousand other things on my plate. Why should I prioritize this?
Well, if you have ever been the stressed out Marketo admin as described above (and I certainly have been), you know exactly the panic that arises when bots start submitting your forms. If you haven’t gone through this, well – hopefully you can put this solution in place and stay (relatively) stress-free.
This effort can often be justified in a couple ways: first, what time can you spend now configuring reCAPTCHA and enabling it on your forms, in order to spend less time in emergency mode later? And second, if you are anywhere near your Marketo database limit, you don’t want to fill up the rest of the space with spam leads – that database space is precious!
So basically just flip a switch to protect our database from spam records that fill up our database with garbage leads?
No, it’s not QUITE as simple as just flipping a switch. There are a couple of components you need to fully utilize this new functionality.
First, a Google Cloud Account – reCAPTCHA v3 accounts are provided up to 1M calls per month at no cost. You then connect your Marketo instance to Google using a set of keys found through Google – much like setting up any other Launchpoint integration.
Secondly, you need to be using Marketo forms (either on a Marketo landing page or embedded on your website, either is fine) so you can enable CAPTCHA functionality. Depending on whether you currently use one form per asset or whether you have a global forms structure, this is where enlisting the help of your team can come in handy – just to make quick work of the updates.
However, just by enabling CAPTCHA on Marketo forms, you are not protected automatically. Out of the box, nothing will happen in Marketo based on the CAPTCHA results. Instead, you need to build some mechanism in order to take action on spam records to prevent them from interfering with your data quality. In other words, you must decide whether to isolate, delete records, or simply monitor the results that come through on the evaluation.
If this is your first attempt at CAPTCHA implementation and you are not experiencing an active bot attack right now, start by setting up reCAPTCHA, testing it, and making sure you are getting data from fills out form activities.
Once you establish that the data is coming through, you can build a fairly simple mechanism to sort people’s form fill activities by the normalized score. Perhaps you handle all trusted records normally, you put any suspicious leads into a static list for review, and you configure an alert for any errors.
Ultimately, handling these records is more art than science, and it boils down to your business needs when deciding what to do next. Typically, a quarantine and review approach is the most sustainable to undertake.
Do we need a web developer/IT team/data analyst/superadmin to configure Marketo Engage’s CAPTCHA solution?
This is where Marketo’s solution shines. This integration is advanced and does require access to Google Admin Console, which may be owned by your IT team. If that’s the case, it should be easy enough to make the case to get their help. You do need to understand the basics of configuring integrations in Marketo admin and have strong enough organizational skills to inventory and update all of your live Marketo forms. Lastly, you need to be able to understand what is transmitted from Google to Marketo and how to use it.
Hopefully you didn’t stumble upon this post in the midst of a bot attack. If you did, I’m sending all the good bot prevention and data quality vibes I can (is that a thing? I think it’s a thing). Assuming you’re trying to plan ahead, now that you have a basic understanding of Marketo’s CAPTCHA solution, you can start to plan your project. Hopefully by getting ahead of an issue now, you will be well prepared should the bots turn their eyes on your website.