Are there server-side spam filters in place for form submissions in Unbounce?

  • 5 June 2017
  • 4 replies
  • 203 views

Happily, we haven’t actually received any spam through our Unbounce forms. My initial guess for why this is the case was because none of our pages are indexed (they’re all exclusively PPC landing pages), but I wonder if Unbounce has any kind of server-side filtering in place for form submissions?

The reason I ask is because I’m using a spam plugin for our non-Unbounce pages, and every once in a while a valid lead will get caught in the spam filter (for various legitimate reasons, usually). There’s a log that I can check to view all submissions picked up by the filter, so if Unbounce does have their own spam filters in place, I’m hoping that there is similarly some kind of log that I can check for false positives.

Thanks!


4 replies

Userlevel 7
Badge +1

Hey Leah!

Just curious, what kind of spam plugin are you using on your other pages?

In all Unbounce pages, we’ve introduced something called Reputator. Reputator is a service we’ve deployed that aggregates reputation information about IPs from sources around the internet, and decides if their reputation is suspect enough for us to be confident that the traffic is from a bot. If it is, Reputator informs our page servers of the IP, and they begin flagging traffic from it. Reputator will continue to monitor that IP’s reputation, and if it eventually cleans up its act, will stop flagging it.

☝️ That’s from a great blog post written by our development team, which can be found here. It’ll highlight more about how we block spam. I’d recommend giving it a read, as it does a much better job at explaining than I probably would ☺

There’s also an article in the Community where a customer of ours shared his instructions for adding Google’s CAPTCHA to their Unbounce form, you can read the discussion here:

In terms of finding a log to find false positives, I’ll continue to dig, but there’s some good content to look over in the meantime! ☺

The plugin I’m using is called WP-SpamShield (it’s exclusive to Wordpress, as far as I know). Among other things, it checks for very outdated (years old) browser versions, which is usually where our valid submissions get caught up. A lot of grandmas on Windows98 are interested in our services. 🙂

It looks like that link to the Reputator post didn’t come through, but I think I found it – this one?

In any event, this looks like a pretty powerful tool! It would still be awesome if we had a way to check some kind of log of everything caught by the filter, even if it was just the ability to download a raw TXT file. With dynamic IPs, there’s still that chance (albeit a small chance) that someone could be submitting a valid form over a home or public network that was flagged for malicious traffic.

Userlevel 7
Badge +1

That’s the one! I’ve connected with some members of our dev team and have been told:

Our Reputator filters are like throttlers, so if you throw too much traffic at Unbounce then you will be flagged as ‘spammy’. Our other method of blocking leads goes through a manually edited file where we can block leads based on any kind of http header, including things like IP address or user agent. However, we only do the manual process when there is something that we can block globally for all of our users, like a known bad user-agent or a data center.

I’ve taken your feedback and have added it to our internal request forum which helps prioritize our Product Roadmap, because this seems like something that could be very useful. I’ll keep you posted on that.

😂

I’d be curious to know if Reputator does something similar, especially because there are still many campaigns that could target an audience using some pretty archaic technology. I’d have to ask.

I’d be curious to know if Reputator does something similar, especially because there are still many campaigns that could target an audience using some pretty archaic technology. I’d have to ask.

If not with Reputator, this should definitely be possible if you do manual blocking by user agent (if something like that is not in place already)!

Anywho, thanks for passing this request along. Appreciate it!

Reply