Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Greetings all,

One of the most highly anticipated feature launches—Spam Detection in webforms—has finally arrived!

Webforms are a vital tool for record generation, but they're also vulnerable to submissions from unauthenticated or malicious sources, which can lead to the collection of spam records that clutter CRM systems and reduce data quality. 

Zoho CRM's new spam detection capability provides an additional security layer and minimizes dependencies on the basic options such as captchas and double opt-ins, ultimately improving data quality of webform submissions. Users no longer have to check potential spam records from webforms manually.

Let's dive into how Spam Detection restricts suspected spam records from webforms and helps users keep their CRM clean and organized.

What does spam detection do?

Spam detection offers the following advantages:
  1. Simplifies the manual review of potential spam in webform submissions.
  2. Detects potential spam submissions by identifying invalid or suspicious email addresses and scoring them to indicate spam probability.
  3. Holds these possible spam records for manual approval from users.
  4. Automatically blocks spam records to keep them out of the CRM account.

What happens to webform submissions?

All webform submissions are evaluated against predefined criteria and screened for spam detection. Let's say you've received several webform submissions for the Leads module from your website visitors.

Clean, non-suspicious records that originate from verified IP addresses—and are therefore deemed likely to be genuine and valid—are fed into the Leads module (unless approval has been set for all webform submissions).

In contrast, suspicious submissions are flagged as potentially spam and held back for manual approval in the usual record approval page called, Awaiting Leads (previously known as Approve Leads). These records are assigned a Spam Possibility Score based on the identified suspicious factors. 

The new Record Source column provides details related to the submission's source—for example, the submission's IP address, the webform name, and the URL—when you hover over the info icon. 

The new Spam Possibility column indicates the spam probability for each record as a percentage. You can also view the top reasons behind the scores of the spam record by hovering over the info icon beside it. 


Each reason identified contributes to the score, and the sum is calculated to determine the final Spam Possibility Score for the record. Some of the reasons are listed below:
  1. Submission from bots/crawlers: If a bot or crawler fills and makes a submission via your hosted webform, the Spam Detection layer will automatically identify this malicious submission.
  2. Submission with invalid phone numbers: If a form respondent shares an incorrect phone number, a toll-free number, or a junk contact number, it will be flagged as an invalid phone number.
  3. Submission with invalid email addresses: If the submitted email address originates from a spam source, an unauthorized domain, or a temporary mailbox, it will be flagged as an invalid email address.
We're also introducing an advanced security layer: Honeypot Field, which is a cybersecurity mechanism that identifies bots by detecting submissions made to invisible form fields that genuine users don't interact with. If the submission comes with values filled in the hidden fields, the system flags the entry as likely being a spam submission.

Spam Detection has more parameters like these to detect spam submissions and assign appropriate scores. For quick probability recognition, the following colors represent the severity of spam possibilities:
  1. Green: 1% - 20%
  2. Orange: 21% - 70% 
  3. Red: 71% - 100%

How spam detection helps handle records awaiting approval

Previously, records that awaited approval were evaluated manually and then approved, merged, resolved, or deleted accordingly. In addition to these traditional actions, and with the introduction of Spam Detection, administrators can now optionally block IP addresses of records with high spam possibility scores if they want to restrict further submissions from them.

  1. The Block IP button is available, along with the other buttons like Merge, Approve, or Resolve.

  1. Admins can also directly block an IP by using the Block IP button available when hovering over the info icon.

Record submissions from such blocked IPs will be categorized under the new Blocked record category.
Additionally, Zoho's system internally maintains a set of blacklisted IPs based on security assessments. Records submitted from those IPs will be automatically and permanently blocked by the CRM.
Notes
Note: Records under the Blocked category will be deleted in 60 days.

How to enable Spam Detection for your webforms

While setting up a webform, you'll see the Spam Detection section where you can adjust the Spam Possibility Score slider to set the threshold at which records should be flagged for manual review.

A score range of 90% to 100% will be set by default for all webforms as the tolerance level, which the webform owner can change anytime based on their preferences.

NotesNote: Records whose spam possibility scores fall within the set range will be held for approval, along with the relevant percentages and reasons. If, say, the chosen range is 80 to 100%, only those records with spam possibility percentages between 80 and 100 will be listed. Submissions with lower percentages will not be held as spam.

We've revamped the record approval page to provide a better UI experience and make it easier to manage and review spam records. Let's look at the changes in detail.

Revamped record approval page

  1. In modules like Leads, the "Approve Leads" field under Actions has been renamed to "Awaiting Leads". This change extends to other modules as well.
  2. The approval page has been redesigned to make it easier to switch between categories and review all records. This enhancement applies to all webform-supported modules and team modules.

  3. The number of records in each category displayed prevents users from overlooking records that are awaiting approval.
  4. You can also filter these records using the new filters in the left panel on the Awaiting Leads page.
    1. Filter By Source: Filters records based on the source—webform or import.
    2. Filter By Spam Possibilities: Choosing the Webform option will enable this filter to list records based on the spam possibilities.
    3. Filter By Fields: Lists records based on these fields: Created Time and Record Owner.
    4. Filter By IP - Webform: Filters blocked possible spam entries based on whether a given record is blocked manually by a user or automatically by the system. This filter is available only under the Blocked category.
That concludes everything about spam detection in webforms. Feel free to share your thoughts and suggestions in the comments.

Info
Availability 

Editions: All paid editions, including the developer edition (except for the paid trial edition)
DC: All DCs
Release Plan: This feature will be rolled out in phases. {Updated on Jan 30, 2026]

Regards,
Fiona

    • Recent Topics

    • How to access Recruit Variables in a Deluge function?

      I have set up Recruit Variables in Zoho Recruit, and I would like to know how to retrieve these variables from within a Recruit custom function (Deluge). Could someone please explain the correct way to access them? I tried the following code, but it did

    • Upon De activate a user what name doe sthe contacts candidates go under?

      When deactivating a user, does the user name remain the same, as the candidate owner? If not what/who, does it change to? Do I need to change the user name in contacts and candidates before I deactivate the user?

    • Weekly Tips: Customize alerts from your Priority Users

      You might receive hundreds of emails daily, but messages from your manager, clients, or team leads often require immediate attention, as they may contain urgent requests or critical updates. How would you ensure you never miss important messages from

    • Maximum 100 records in Sheet View is limiting. How can I increase this?

      Thanks in advance for any help with this. There was a similar post that showed answered but it did not help with increasing the number of records you see in a Sheet View. Editing in the Sheet View is fast and efficient but I have 3500 records and I need

    • Revenue Management: #3 Revenue Recognition Simplified

      In continuation of the previous post on how to compute revenue recognition, let's explore a solution that helps businesses handle real-world complexities. While the Accounting Standards provide a clear framework for recognizing revenue, the real challenge

    • Push Invoices to Xero Manually

      Hi guys, I'm wondering if anyone has wanted to do this and has a workaround or knows of an app that may be able to help with this. I sell B2B and B2C. The customers can purchase on our website or through marketplace, all of which send sales to zoho. The

    • OpenAI error code: 1010 in a Zobot

      Please see short linked screen recording. Insights welcome. Please and thank you! https://workdrive.zohoexternal.com/external/f3247ba9c872639157b707700c0300c433c7664aea924a034f4da3c3ad2e355f

    • Ability to Create Sub-Modules in Zoho CRM

      We believe there needs to be a better, more native way to manage related records in Zoho CRM without creating clutter. Ideally, Zoho would support "sub-modules" that we can create and associate under a parent module. Our use case: We have a custom module

    • Installing EMAIL Setup in New Domain

      Respected Support team, I'm facing an issue with cloudflare in Pakistan, I want to setup Zoho Mail Setup but I Don't know how to enable Zoho mail setup without cloudflare. My Website https://stumbleguymod.com/ is using CF, and I want a different Zoho

    • Signature change

      I cannot see how to change signature or out of office details easily now in the new format.

    • Inventory API - Retrieve all uploaded product / item images

      I know that I can get the primary image for each product / item or composite item, by using the /image endpoint.  https://inventory.zoho.com/api/v1/compositeitems/<item-id>/image?authtoken=<TOKEN> This will return only one photo, even if the item has multiple images uploaded. Is there a way to retrieve all images stored for an item via the Zoho Inventory API?

    • Ebay Integration malfunction

      My eBay integration in Inventory has always worked well. It suddenly malfunctioned. It is creating its own parts in Inventory that are unavailable instead of selling the parts I've always sold. Tech help was unable to resolve this. The latest sale attempt

    • how to get all the records in the custom View more than 200 records , Without using the page Concept

      how to get all the records in the custom View more than 200 records , Without giveing page as default in the Loop Concept Pls help how We can Achive this void schedule.Lead_Attempt_To_contact_schedule_10_30() { pages = {1,2}; for each pg in pages { query_map

    • The way that Users can view the ticket

      I have created users. What I would like to achieve is the following: All users under the same company account should be able to view each other’s tickets.

    • Zoho UAE SMS/WHATSAPP

      Hello everyone, so I have a question as regards DC and their impact on automation, integration and app usage. For example I am working with a UAE clientniw but each time I tried to connect their WhatsApp and sms then automate their process I tend to receive

    • Looking to Flag or Tag contacts/ accounts on Zoho Desk?

      I am looking for a way to flag certain accounts and make it obvious on the views pages. So for example if a has a certain package or needs extra attention it is clear before even clicking on the ticket. This could be via adding a tag or flag onto an account,

    • setting date-time field from string

      hello everyone, i hope someone could help me. i have a date-time field in a form that i want to fill in from two separate fields of date, and time. i need to combine the two fields to a one date-time field but can make it work. i tried to convert the

    • Calendars and CRM Contacts

      I'm finding having multiple calendars in Zoho One so confusing. I have a few questions so I can get this straight. We have a meeting room that we have set up as a resource in Calendar. Can this be set up in Bookings and the CRM Calendar? Using Zoho Calendar,

    • Announcing new features in Trident for Mac (v1.23.0)

      Hello everyone! Trident for macOS (v.1.23.0) is here with interesting features and thoughtful enhancements to elevate your workplace communication and productivity. Here's a quick look at what's new. Record your meetings. You can now record audio and

    • Applying a record template

      Hi all, I can't figure this out. I hope you can help. The scenario: We have learners who have to complete a 'digital' journal with tasks in order to qualify. Those tasks, once completed, need a final signature from their 'Mentor', which will trigger their

    • Quickbooks invoice with Zoho Creator

      Is it possible to push data from Zoho Creator directly to an invoice on QuickBooks? If so, where can I find information on how to do this?

    • Help: Capture full page URL in hidden field when same Zoho Form is embedded on multiple pages (iframe)

      Hi all, Goal Use one Zoho Form across multiple pages and record the exact page URL (incl. subdomain + path + hash) where the user submitted it. Example pages: https://www.example.com/cargo/ https://www.example.com/cargo/containers/#contact https://cargo.example.com/auto/

    • Automatically Populate fields - HELP!

      There have been many discussions on this but I still can't seem to get it to work for me. I am trying to create a lookup field and have other fields automatically populate. Based on the instructions in the Help Center, I should be using the "on user input". It's just not working, here is the layout...   Both forms are in the same application. Current form is called Add Note, form to fetch records from is called Add Client. Lookup field is called Select_Client_ID related field in fetch form is called

    • Push notifications to portal users

      Hi all, it is possible to send push notifications to portal users?

    • Rename the attachment from record template pdf in the sendmail deluge script

      Hello Zoho, I urgently need a feature to rename record templates that I send via the sendmail feature. The program I created sends emails to clients with an invoices that have been created in the invoice database. If the user selects 3 invoice numbers,

    • Alt Text On Multiple Images

      I'm using Zoho Social to post to a charity website. Often the posts have multiple images, but it seems there is only one field for Alt Text. Does that mean I can only include it for the first image? Or is there a way to add alt text for all the imag

    • [SOLVED] Getting 401 when trying to download ticket attachment via API

      I'm able to use the API just fine to access ticket content. But I cannot download ticket attachment, keep getting 401 Client Error. Example: https://desk.zoho.com.au/api/v1/tickets/{ticket_id}/attachments/{attachment_id}/content?orgId={org_id} For headers,

    • Zoho project – Workdrive integration.

      Hello everyone, I was wondering something, we did the Zoho projects integration with Zoho Workdrive but nowhere during this integration we could set the location of the folders that would be automatically created in Workdrive. As I understand it, it creates

    • Scriptを埋め込みたくてOn User Inputを探しているのですが・・・

      編集モードで、Scriptを埋め込みたい項目を選択し、「項目のプロパティ」パネルで、その下のほうに「フィールドアクション(Field Actions)」という見出しがあると聞いたのですが、そもそも、それが見つかりません。そのために、On User Inputなどのイベントが選べません。 画面の英語を日本語に訳しているためにわけわからん状態になっているのかも知れませんが、わかる方、いらっしゃいますか?

    • Problem with cloud query exceeded

      When making a call I get this error, It is associated with a function in node that calls external APIs This is the code //tokenConsultar = thisapp.ObtenerToken(); //input.token = tokenConsultar.get("output").toMap().get("token");

    • Showing Total of Funnel Chart Legend (With Values) Items

      Hi, We are using the funnel type chart for displaying our zCRM sales pipeline stages and associated sum of deals in each stage.  We have configured the legend to show the associated value (Deal Amount (Sum)) for each stage adjacent to the legend items (Stages). Is there a way to display the total of the values in the same chart?  For example, at the bottom of the legend or maybe as a #merge placeholder in the legend title?

    • How to Convert VCF Contacts to CSV using Excel

      Many users switch from traditional address books to digital formats like vCard and CSV. These formats allow users to easily manage their contacts. However, a difficulty comes when you need to transfer your contact information to another application or

    • Field authorization for Linking module in Zoho CRM portal

      Hi guys! Currently building a customer portal for one of my clients, and I ran into a bit of a roadblock while using a multi-select lookup field. The issue is that there is no way to hide or define access in the linking module created by this multi-select

    • Kaizen #63 - Layout Rules in Zoho CRM

      Hello and welcome to another week of Kaizen! This week, we will be discussing Layout Rules in Zoho CRM. If you need to modify the layout of a module based on user inputs, or to show or hide sections based on the value of a specific field, we have got

    • "Trigger flow for each entry" not working

      I've read this article on how to trigger a flow for each entry in my array. https://help.zoho.com/portal/en/kb/flow/user-guide/create-a-flow/articles/webhook-trigger#Trigger_flow_for_each_entry I cannot get the flow to run for each variant in this JSON

    • Zoho CRM Portals - allow access per account

      Hello all, I am trying to set up a portal for our customer but I seem to be hitting an obstacle and I am not sure if it is my problem or a limitation in the software. So basically the way I understand the portal Contact Email > Each Record or Related

    • Android - Writer não acentua em Português com teclado bluetooth

      Gosto muito do Zoho, tanto o Note quando o Writer. Infelizmente, o Writer sofre de um problema sério: ao usar um teclado bluetooth, forma mais cômoda de lidar com um processador de texto, os acentos (todos!) da Língua Portuguesa não são aceitos. Todos

    • Set File Upload fields as mandatory

      Currently the CRM for some reason lacks the ability to set a file upload field as mandatory So we have an issue We have a requirement that before a Deal stage is set as Deal is Won the member needs to upload a file Now for some weird reason in Zoho I

    • Editing HTML in Zoho CRM Email Template

      I am trying to create a template within the CRM email option, but need to be able to use custom HTML. There does not seem to be a way to do so.

    • Ability to CC on a mass email

      Ability to CC someone on a mass email.

    • Next Page