Occasionally we get questions from prospects or new clients regarding CAPTCHAs, better known to us non-techies as the little boxes with letters and numbers that you're required to fill out to submit a form. The purpose of these sometimes boxes is to eliminate bots that fill out forms and result in spam in your database.
By default, Pardot uses a hidden method called a honeypot. All forms hosted by Pardot have built-in bot protection in the form of a negative CAPTCHA, or an invisible field that your prospects can't see. The trick is, bots do see this field, and they fill it out. This is how Pardot detects and protects when you're being spammed.
You can also add this honeypot field to your form handlers.
Unfortunately, as spam prevention improves, so does spam. The most sophisticated bots may be able to figure out a honeypot, so we have also added a Conditional CAPTCHA feature to all Pardot accounts (there is nothing you need to do to enable it).
When a visitor hits one of your Pardot-hosted forms or landing pages, we ping a database of known spammers from the past year (generally around a half a million active IP addresses). If the visitor is listed (e.g. a known spammer), we display a CAPTCHA. If not, we simply display the normal form. This lets you have the security of CAPTCHA to stop bots, but humans will never see it and your conversion rates won’t suffer.
If you find yourself wanting even more form spam protection, you can certainly add a full fledged reCAPTCHA to your forms that will appear for all prospects (regardless of their IP address) by selecting that option in step 3 of the form wizard. You can find it on Step 3 under the Advanced tab.
If you are seeing a CAPTCHA on your forms and it is not explicitly enabled at the form level, contact our support team and let them know what your IP address is (this site will tell you what IP you're on) so they can investigate.
Need more? Start a conversation with other Pardot users in our Success Community