Salesforce web to lead form is a great way of collecting leads straight from your website into Salesforce CRM. The biggest problem is that Salesforce has not put in place a SPAM filtre for this, so once your form is out there anyone can cache it and send SPAM to your CRM as a new lead.
What about CAPTCHA
CAPTCHA alone won’t help. Since the form can be submitted from any server, once they get hold of your web to lead OID, they can cache your form, remove the CAPTCHA and continue to SPAM you.
At the moment I am using the following solution posted by Scott Hemmeter on his blog post “Stopping web to lead SPAM“. This solution is to setup a Validation Rule in Salesforce in order to avoid SPAM leads being created.
Let’s hope Salesforce will come up with a way of checking and stopping web to lead SPAM.