Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Greetings all,

One of the most highly anticipated feature launches—Spam Detection in webforms—has finally arrived!

Webforms are a vital tool for record generation, but they're also vulnerable to submissions from unauthenticated or malicious sources, which can lead to the collection of spam records that clutter CRM systems and reduce data quality. 

Zoho CRM's new spam detection capability provides an additional security layer and minimizes dependencies on the basic options such as captchas and double opt-ins, ultimately improving data quality of webform submissions. Users no longer have to check potential spam records from webforms manually.

Let's dive into how Spam Detection restricts suspected spam records from webforms and helps users keep their CRM clean and organized.

What does spam detection do?

Spam detection offers the following advantages:
  1. Simplifies the manual review of potential spam in webform submissions.
  2. Detects potential spam submissions by identifying invalid or suspicious email addresses and scoring them to indicate spam probability.
  3. Holds these possible spam records for manual approval from users.
  4. Automatically blocks spam records to keep them out of the CRM account.

What happens to webform submissions?

All webform submissions are evaluated against predefined criteria and screened for spam detection. Let's say you've received several webform submissions for the Leads module from your website visitors.

Clean, non-suspicious records that originate from verified IP addresses—and are therefore deemed likely to be genuine and valid—are fed into the Leads module (unless approval has been set for all webform submissions).

In contrast, suspicious submissions are flagged as potentially spam and held back for manual approval in the usual record approval page called, Awaiting Leads (previously known as Approve Leads). These records are assigned a Spam Possibility Score based on the identified suspicious factors. 

The new Record Source column provides details related to the submission's source—for example, the submission's IP address, the webform name, and the URL—when you hover over the info icon. 

The new Spam Possibility column indicates the spam probability for each record as a percentage. You can also view the top reasons behind the scores of the spam record by hovering over the info icon beside it. 


Each reason identified contributes to the score, and the sum is calculated to determine the final Spam Possibility Score for the record. Some of the reasons are listed below:
  1. Submission from bots/crawlers: If a bot or crawler fills and makes a submission via your hosted webform, the Spam Detection layer will automatically identify this malicious submission.
  2. Submission with invalid phone numbers: If a form respondent shares an incorrect phone number, a toll-free number, or a junk contact number, it will be flagged as an invalid phone number.
  3. Submission with invalid email addresses: If the submitted email address originates from a spam source, an unauthorized domain, or a temporary mailbox, it will be flagged as an invalid email address.
We're also introducing an advanced security layer: Honeypot Field, which is a cybersecurity mechanism that identifies bots by detecting submissions made to invisible form fields that genuine users don't interact with. If the submission comes with values filled in the hidden fields, the system flags the entry as likely being a spam submission.

Spam Detection has more parameters like these to detect spam submissions and assign appropriate scores. For quick probability recognition, the following colors represent the severity of spam possibilities:
  1. Green: 1% - 20%
  2. Orange: 21% - 70% 
  3. Red: 71% - 100%

How spam detection helps handle records awaiting approval

Previously, records that awaited approval were evaluated manually and then approved, merged, resolved, or deleted accordingly. In addition to these traditional actions, and with the introduction of Spam Detection, administrators can now optionally block IP addresses of records with high spam possibility scores if they want to restrict further submissions from them.

  1. The Block IP button is available, along with the other buttons like Merge, Approve, or Resolve.

  1. Admins can also directly block an IP by using the Block IP button available when hovering over the info icon.

Record submissions from such blocked IPs will be categorized under the new Blocked record category.
Additionally, Zoho's system internally maintains a set of blacklisted IPs based on security assessments. Records submitted from those IPs will be automatically and permanently blocked by the CRM.
Notes
Note: Records under the Blocked category will be deleted in 60 days.

How to enable Spam Detection for your webforms

While setting up a webform, you'll see the Spam Detection section where you can adjust the Spam Possibility Score slider to set the threshold at which records should be flagged for manual review.

A score range of 90% to 100% will be set by default for all webforms as the tolerance level, which the webform owner can change anytime based on their preferences.

NotesNote: Records whose spam possibility scores fall within the set range will be held for approval, along with the relevant percentages and reasons. If, say, the chosen range is 80 to 100%, only those records with spam possibility percentages between 80 and 100 will be listed. Submissions with lower percentages will not be held as spam.

We've revamped the record approval page to provide a better UI experience and make it easier to manage and review spam records. Let's look at the changes in detail.

Revamped record approval page

  1. In modules like Leads, the "Approve Leads" field under Actions has been renamed to "Awaiting Leads". This change extends to other modules as well.
  2. The approval page has been redesigned to make it easier to switch between categories and review all records. This enhancement applies to all webform-supported modules and team modules.

  3. The number of records in each category displayed prevents users from overlooking records that are awaiting approval.
  4. You can also filter these records using the new filters in the left panel on the Awaiting Leads page.
    1. Filter By Source: Filters records based on the source—webform or import.
    2. Filter By Spam Possibilities: Choosing the Webform option will enable this filter to list records based on the spam possibilities.
    3. Filter By Fields: Lists records based on these fields: Created Time and Record Owner.
    4. Filter By IP - Webform: Filters blocked possible spam entries based on whether a given record is blocked manually by a user or automatically by the system. This filter is available only under the Blocked category.
That concludes everything about spam detection in webforms. Feel free to share your thoughts and suggestions in the comments.

Info
Availability 

Editions: All paid editions, including the developer edition (except for the paid trial edition)
DC: All DCs
Release Plan: This feature will be rolled out in phases. {Updated on Jan 30, 2026]

Regards,
Fiona

    • Recent Topics

    • Super Admin removal

      I brought a sub, and I gave the Super admin rights to a person who is no longer with us, so I need to change, and I need to make myself the Super admin

    • Better Notes Commenting

      Hi, I'd like to suggest better collaboration tools for NOTES. The current notes section for Accounts, Contacts and Deals is not ideally suitable for any degree of communication or collaboration. When responding to a note, there is no ability to leave

    • Exporting Templates

      I have just spent 2 hours creating a project template for a Netsuite configuration, and want to share it with other Zoho Projects users - who have a different account. Is there any way to do this?

    • Power of Automation:: Streamline Associated Teams based on the Task Owner update.

      Hello Everyone, A Custom function is a user-written set of code to achieve a specific requirement. Set the required conditions needed as when to trigger using the Workflow rules (be it Tasks / Project) and associate the custom function to it. Requirement:

    • No Response from Zoho Support in 8 Days - Typical?

      I have a couple of issues I'm trying to work through. Initially, I was getting support from support@zohofsm.com, but I have not received a response in 8 days (11 on another question). Is this typical? Can I pay for support? For context, I am not spamming

    • Add QUOTE OWNER profile image to a Quote Template

      I can add their email address.. phone number, DOB. I need to add a users profile picture so when they assign a template to a quote they own it adds their picture to the cover page. I've tried hacking a solution together but there has to be an easier way.

    • Zoho Connections Desk API relative URL PATTERN_NOT_MATCHED

      While i am trying to do this: async function fetchTicketsFromDesk(timeFilter = 'current_month') { try { const response = await ZOHO.CRM.CONNECTION.invoke("desk_connection", { url: "/api/v1/tickets", method: "GET", }); const data = response.details ? JSON.parse(response.details)

    • Zoho CRM - Custom Views for Portal Users

      I'm looking for an option to customise custom views for portal users in CRM. It would be great if "portal user" was a permission on custom views.

    • 【参加無料】10/17(金) 東京 ユーザ交流会 Vol.3 参加登録 受付開始!

      ユーザーの皆さま、こんにちは。コミュニティチームの藤澤です。 10/17(金)に、東京・新橋で「東京 ユーザー交流会 Vol.3」を開催します! 今回のユーザー事例セッションのテーマは、「Zoho Flowを活用した他社の決済サービスとの連携事例」です。 さらに、Zoho Flowに限らず、Analytics や Campaigns などの多彩なZohoサービスの活用方法について、豊富なご経験をもとにご紹介いただきます。 また、Zoho社員セッションでは、Zoho CRMを活用して日々の営業業務を効率化する具体的な事例をお話しします。業界を問わず、幅広い方にご参考いただける内容となっています!

    • Zoho Meeting Plug compatibility with newer versions of Outlook

      Documentation states that the zoho meeting plug in for outlook is only compatible with versions up to Outlook 2019 What is available to users of more up to date versions of outlook/office 365?

    • Introducing Zoho's own SMS gateway

      We're thrilled to announce the launch of our own SMS gateway feature within Zoho Marketing Automation! This new feature enables seamless SMS campaign management alongside your email marketing initiatives, providing a more integrated and efficient way

    • Embedding in Desk articles

      We would like to embed documents in our Desk articles. When we use an iframe for the embed, we get scrollbars and a frame border. Neither of those is acceptable. I've spoken with the Desk Support team about what we want and they tell me that it cannot

    • Zoho CRM button to download images from image upload field

      Hello, I am trying to create a button in Zoho CRM that I can place in my record details view for each record and use it to download all images in the image upload fields. I tried deluge, client scripts and even with a widget, but feel lost, could not

    • Mass Update Contacts In Zoho Campaigns

      Is there a way to mass update contacts in zoho campaigns? I want to be able to change the content of a field for a few hundred contacts, and can't go through all of them individually.

    • report showing assignment type

      Hi, We've created a number of workflows to allow us to auto assign tickets to agents based on keywords and other criteria. I'm struggling to create a report that would show me what is the percentage of tickets that are assigned automatically via workflows

    • Option to Disable Knowledge Base Section in Feedback Widget Popup Hello Zoho Desk Team

      Hello Zoho Desk Team, How are you? We are actively using Zoho Desk and would like to make more use of the Feedback Widget. One of the ways we implement it is through the popup option. At the moment, the popup always displays the Knowledge Base section,

    • Placeholders in Ticket Templates

      We should be able to use placeholders in ticket templates. When we create a new ticket, our description field is shown to the client in the email they receive.  It would be very handy to be able to personalize that description field in our ticket templates to pull in the name of the client that the ticket is for. Using them in the subject field as well, so we can auto populate Account Names, etc. 

    • when the record is created the tag want to Show as Opportunity how i achive this using Deluge Script

      In the quotation i have the work flow schedule for create opportunity record in the module , on that time the quotation tag select as opportunity created. How i achive this using Deluge Script . this like i want to Do tag1 = Map(); tag1.put("name","Nurturing

    • Delete a channel

      I need delete a channel in tickets.

    • Subtasks don't update parent task's times

      Hi there: I've recently upgraded to premium and check that subtasks completion % don't update the proportional completion of the parent tasks related to it.  We've been challenging with the problem of having to update twice or sometimes 3 times the completion of the related tasks. I've seen posts similar to this, of 3 years old.  Is there any roadmap for making this happen in a future release? Thanx César Ratto Lima, Perú.

    • IMAP Server not responding.

      Trying to connect a phone via IMAP and getting "imap.zoho.com not responding." Is the server down, for maintenance or otherwise? I've tried this on two different devices and got the same error on both.

    • Tip #44 – Get Deeper Insights with Zoho Assist’s Custom Reports – ‘Insider Insights’

      In today’s fast-paced IT environment, having a clear view of your remote support activities is more important than ever. Zoho Assist’s Custom Reports feature gives IT teams the ability to generate tailored reports that provide actionable insights and

    • Issue with SalesIQ Visitor Identification on WordPress

      Hi Zoho Support Team, I need some help with an issue on my WordPress website. My goal is to automatically identify logged-in WordPress users in Zoho SalesIQ, so I can see their name and email in the visitor list. Currently, my logged-in users are still

    • Message "...does not support more than 100 distinct values..." WHY????

      I get this message on one of my reports: Sorry, Zoho Reports currently does not support more than 100 distinct values in columns. 'Account Name * Sum(Amount),Count(Amount Tier)' contains more than 100 distinct values.  Possibly, you can apply filter to reduce the number of distinct values in 'Account Name' or drop the 'Account Name' field in Rows. I want to list all ACCOUNT NAMES (about 500) with SALES BY ACCOUNT.  What is blocking this?

    • Let's Talk Recruit: Super-charge hiring with Zoho Recruit add-ons

      Welcome back to our Let’s Talk Recruit series! This time, we’re diving into something that might seem like a small upgrade but has a huge impact on recruiter productivity: Zoho Recruit add-ons. Think about how much of your day is spent in your inbox or

    • Vendor Signatures Needed for Purchase Orders

      Hello everyone, We have a unique requirement that necessitates that Vendors & Suppliers formally acknowledge our Purchase Orders upon receipt. I was hoping that there would be an option to do so in Zoho Books, but that does not appear to be the case.

    • Store "Sign in with Google/Microsoft/GitHub etc." details

      Quite often now, users are using a sign-in provider like Google or Microsoft to sign into various apps and services. It would be great if Vault could remember which providers you use for each website and sign you in with that provider instead of a username

    • Tip of the Week #72– Assign thread ownership to avoid confusion.

      When teams handle a large volume of emails, managing threads becomes important to stay organized. Without a clear system, duplicate replies, missed follow-ups, or confusion over responsibilities can happen. Thread assignment solves this by designating

    • Unarchive tickets

      How can I manually unarchive tickets?

    • Optimize your Knowledge Base for enhanced accessibility by adding alt tags for images

      Let's learn why alt tags are crucial for your articles. You can add alternative tags (alt tags) and alternative text (alt text) to the images you share on your community forums or when embedding them in articles. Alt tags refer to the HTML attribute,

    • FSM trying again

      have not linked FSM yet to the rest of out Zoho suit. It certainly looks like the apointment and service part is more manageable for our staff. The question is that our engineers multi task examples 1. deliver products to customers not fitted 2. Service

    • Feature Request: Conditional Field Mandatoriness Based on Display Status

      Hello Zoho Creator Team, I would like to suggest an enhancement to improve the flexibility of form validations. Currently, when we need a field to be mandatory only if it's displayed on the form, the only option is to: Set the field as not mandatory in

    • Data Migration Strategies for Moving to a Cloud Solution

      Hi everyone, I’ve been working on moving some of our critical systems, including CRM and project data, to a Zoho cloud solution, and one of the biggest challenges I’ve encountered is data migration. Transferring large volumes of data while keeping it

    • Commerce Order as Invoice instead of Sales Order?

      I need a purchase made on my Commerce Site to result in an Invoice for services instead of a Sales Order that will be pushed to Books. My customers don't pay until I after I add some details to their transaction. Can I change the settings to make this

    • How to set different item selling prices for Zoho Commerce and Zoho Books

      Item selling prices for Zoho Commerce and Zoho Books are in sync. If we update the Item selling price in Books, the same will happen in commerce and vice versa. I need a separate commerce selling price for online users and a separate books selling price

    • How to report 'Response violation' OR 'Resolution violation'

      Hi, I want to report on SLA Violation Type. I grouped my tickets on this column. It seems I only get 'Response and Resolution Violation' or 'Not Violated'. The former seems to be given to a ticket if only the Response Time was violated. I would expect

    • Enable Keyword-Based Bot Activation in SalesIQ Without Scripts

      Hello team, We’d like to highlight an important limitation in Zoho SalesIQ Zobot. Current situation: In the no-code builder, bots can only be activated based on visitor attributes (country, page, campaign, CRM, etc.). If we want a bot to activate when

    • Date triggering Workflow rule

      I have a function triggered by a workflow rule. The function takes a date and creates a task for that date and fills in a field with the name of the day for that date. It also updates the status field of the record. The workflow rule is set to run whenever

    • Restricting contact creation

      Hi all! I am looking to use Zoho Desk in a part of the business that takes end user enquiries. These are generally single interactions, and not linked to an account name. As Desk is Account centric, has anyone designed a way to manage these incoming emails

    • Import Holiday Calendars

      HI Zoho Is there anyway of importing an online calendar like https://www.calendarlabs.com into the business hours calendars, to speed up setup of holiday calendars. Also could we also request a feature where you can specify a Holiday as hours, i.e it could be that the company is on a 1/2 day due to a holiday or when it is Eid in the UAE and they are only allowed to work restricted hours so we need the calendar to be flexible to allow for this. Regards Jamie

    • Next Page