Protect your Salesforce org from spam with one simple trick

With so many new ways to start connecting your website’s online experience with Salesforce, there’s one really important thing to know: the spammers have already begun their attack on your Salesforce account.

Eeeek! How do we protect your Salesforce account from these nefarious hackers? Roll up your virtual sleeves, because we’re going to get ready to build a shield of protection for your Salesforce org.

Door lock

It’s time to build a honey pot!

If you’ve watched any Winnie the Pooh movies, you know that Winnie was a big fan of honey pots. Big awesome bowls of sweet honey goodness. They’re irresistible. In the online world, we apply this same inescapable attraction to spam protection. Our goal is to find a way that a spammer will be attracted to certain form elements, fill them out, and whammo, we immediately will know it’s a spammer!

Now, this flies in the face of what a lot of folks will tell you. Many folks, even those you know and love, may quickly hear about your spam concern and say, “Just use CAPTCHA”. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.

This should really be translated into, “YOU’RE ABOUT TO LOSE A SIGNIFICANT PORTION OF YOUR DONORS!”

Don’t believe me? How about Stanford University? Researchers there analyzed the use of CAPTCHA and found the following.

Visual CAPTCHAs take 9.8 seconds to complete
Audio CAPTCHAs take much longer (28.4 seconds) to hear and solve
Audio CAPTCHA has a 50% give-up rate
Only 71% of the time will 3 users agree on the translation of a CAPTCHA
Only 31.2% of the time will 3 users agree on the translation of an audio CAPTCHA

To top that off, in 2009, a researcher found that turning off CAPTCHA would typically increase a company’s conversion rate by up to 3.2%. By using CAPTCHA, we’re putting our challenge with spammers onto the shoulders of donors just trying to give us money.

Hmm...that doesn’t seem like a great trade-off for donors.

It’s time to say goodbye to squiggly text, and hello to a smarter way to fight the spammers. Let’s dig in for the solution you can use right away with Salesforce. Just follow these three easy steps.

Create hidden fields on your website’s forms

What we want to do, either through CSS tricks or just simple hidden form fields, is create fields that sound juicy for automated spam bots, but that are actually fake fields. For instance, creating fields with names like “first_name”, “last_name”, “email_address” sound scrumptious for spammers. Create enough fields that you think that at least one of them will be picked up by a spam bot.
Create rules to weed out the spam in Salesforce

So, your form gets hit by a spam bot, and a new record, let’s say a Lead, gets created in your Salesforce org that’s connected to your website. Yes, the spammer has now infiltrated your org...but we’re about to boot ‘em out! Just create a trigger, process builder, whatever you’d like to notify you about the spam record, which you’ll know is spam because those fake fields were filled out by the spammer. Heck, since you know it’s spam, and could only be filled by a spammer, delete away!
Dance!

You’ve just kept the bad guys from making your Salesforce org a spam-filled mess. You should celebrate!

Want to automate this whole process? Want to make sure every form you have is protected from sending spam data into Salesforce?

Take a quick tour of Soapbox Engage to see how this can all happen easily and quickly!

Now that you’re protecting your Salesforce org, let’s save you money on the hidden cost of API calls. Don’t know what that means? No worries, we’ll give you the inside scoop in the next post.

Keep engaging!

Soapbox Engage Blog

Online engagement news and strategies for changemakers

Other posts in this series

Search the site

Apps to Shape a Better World

Recent Blog Posts