I’m sharing this as it may help others and I’m also looking for any tips and suggestions on how to improve our ability to block spam leads.

We’re a B2B SaaS and have this issue with Google PPC ads. We get anything from 2-20 spam leads a day.

These are the steps we have taken to at least slow the volume down. They are not automated bots unfortunately.

1. Block IP and ASN for offending leads. ASN is a broad stroke wheras IP blocking is limited as the perpetrators use muliple VPN / Virtual Server and apparently hacked networks
2. Implement email and phone validation on form
3. Track all lead submissions in Cloudflare WAF to track activity in near real-time
4. Where possible report IP addresses to their ISP abuse email address or phone, provide Cloudflare logs
5. Block direct traffic to landing pages
6. Block traffic from outsite USA
7. Implemeted ClickCease to further limit bad traffic
8. Implemented Smartlook to track user screen so we can see their behavior
9. TODO: Implement restriction so users cannot Paste data into the webform - this is what I need help with now.

Overall Cloudflare has been a very powerful tool.