We're starting to see more and more Marketo forms attacked with spam, and with increasing intensity. The most troubling part of this is how the spammers are utilizing the typical Marketo functionality to amplify the impact of these attacks.

The latest attack we have witnessed happened just last week where 125k leads were entered into the Marketo database. The email addresses all seemed to be legitimate personal emails and in the first name field they included inappropriate text and a malicious link.

When attacks like this happen, it has many downstream effects making this bad situation even worse, including;

• Thousands of autoresponder emails sent to the new leads with malicious links in the first name token
• Thousands of email alerts sent internally causing issues on the internal email system
• Performance issues in SFDC and exceed API limit
• Webhook enrichment triggered
• Campaign queue backlog in Marketo slowing down the whole system
• Privacy/GDPR issues
• Future email deliverability issues and sender reputation impacted

In this fwd video, we discuss all of these issues and potential solutions.

Here’s some of the solutions we touch on to consider for taking preventive actions:

• Honeypot - A commonly used option but not truly reliable, as spammers can bypass this
• Recaptcha - The most robust option, but involves a bit of work to properly implement
• Third party forms that offer security options and integrate with your tools
• Discontinue the use of forms and ungate all content (maybe use a tool like Drift instead of a form)

Expect more on this topic as we dive deeper, and don’t forget you can listen to the audio of our video content on Apple podcasts