Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Greetings all,

One of the most highly anticipated feature launches—Spam Detection in webforms—has finally arrived!

Webforms are a vital tool for record generation, but they're also vulnerable to submissions from unauthenticated or malicious sources, which can lead to the collection of spam records that clutter CRM systems and reduce data quality. 

Zoho CRM's new spam detection capability provides an additional security layer and minimizes dependencies on the basic options such as captchas and double opt-ins, ultimately improving data quality of webform submissions. Users no longer have to check potential spam records from webforms manually.

Let's dive into how Spam Detection restricts suspected spam records from webforms and helps users keep their CRM clean and organized.

What does spam detection do?

Spam detection offers the following advantages:
  1. Simplifies the manual review of potential spam in webform submissions.
  2. Detects potential spam submissions by identifying invalid or suspicious email addresses and scoring them to indicate spam probability.
  3. Holds these possible spam records for manual approval from users.
  4. Automatically blocks spam records to keep them out of the CRM account.

What happens to webform submissions?

All webform submissions are evaluated against predefined criteria and screened for spam detection. Let's say you've received several webform submissions for the Leads module from your website visitors.

Clean, non-suspicious records that originate from verified IP addresses—and are therefore deemed likely to be genuine and valid—are fed into the Leads module (unless approval has been set for all webform submissions).

In contrast, suspicious submissions are flagged as potentially spam and held back for manual approval in the usual record approval page called, Awaiting Leads (previously known as Approve Leads). These records are assigned a Spam Possibility Score based on the identified suspicious factors. 

The new Record Source column provides details related to the submission's source—for example, the submission's IP address, the webform name, and the URL—when you hover over the info icon. 

The new Spam Possibility column indicates the spam probability for each record as a percentage. You can also view the top reasons behind the scores of the spam record by hovering over the info icon beside it. 


Each reason identified contributes to the score, and the sum is calculated to determine the final Spam Possibility Score for the record. Some of the reasons are listed below:
  1. Submission from bots/crawlers: If a bot or crawler fills and makes a submission via your hosted webform, the Spam Detection layer will automatically identify this malicious submission.
  2. Submission with invalid phone numbers: If a form respondent shares an incorrect phone number, a toll-free number, or a junk contact number, it will be flagged as an invalid phone number.
  3. Submission with invalid email addresses: If the submitted email address originates from a spam source, an unauthorized domain, or a temporary mailbox, it will be flagged as an invalid email address.
We're also introducing an advanced security layer: Honeypot Field, which is a cybersecurity mechanism that identifies bots by detecting submissions made to invisible form fields that genuine users don't interact with. If the submission comes with values filled in the hidden fields, the system flags the entry as likely being a spam submission.

Spam Detection has more parameters like these to detect spam submissions and assign appropriate scores. For quick probability recognition, the following colors represent the severity of spam possibilities:
  1. Green: 1% - 20%
  2. Orange: 21% - 70% 
  3. Red: 71% - 100%

How spam detection helps handle records awaiting approval

Previously, records that awaited approval were evaluated manually and then approved, merged, resolved, or deleted accordingly. In addition to these traditional actions, and with the introduction of Spam Detection, administrators can now optionally block IP addresses of records with high spam possibility scores if they want to restrict further submissions from them.

  1. The Block IP button is available, along with the other buttons like Merge, Approve, or Resolve.

  1. Admins can also directly block an IP by using the Block IP button available when hovering over the info icon.

Record submissions from such blocked IPs will be categorized under the new Blocked record category.
Additionally, Zoho's system internally maintains a set of blacklisted IPs based on security assessments. Records submitted from those IPs will be automatically and permanently blocked by the CRM.
Notes
Note: Records under the Blocked category will be deleted in 60 days.

How to enable Spam Detection for your webforms

While setting up a webform, you'll see the Spam Detection section where you can adjust the Spam Possibility Score slider to set the threshold at which records should be flagged for manual review.

A score range of 90% to 100% will be set by default for all webforms as the tolerance level, which the webform owner can change anytime based on their preferences.

NotesNote: Records whose spam possibility scores fall within the set range will be held for approval, along with the relevant percentages and reasons. If, say, the chosen range is 80 to 100%, only those records with spam possibility percentages between 80 and 100 will be listed. Submissions with lower percentages will not be held as spam.

We've revamped the record approval page to provide a better UI experience and make it easier to manage and review spam records. Let's look at the changes in detail.

Revamped record approval page

  1. In modules like Leads, the "Approve Leads" field under Actions has been renamed to "Awaiting Leads". This change extends to other modules as well.
  2. The approval page has been redesigned to make it easier to switch between categories and review all records. This enhancement applies to all webform-supported modules and team modules.

  3. The number of records in each category displayed prevents users from overlooking records that are awaiting approval.
  4. You can also filter these records using the new filters in the left panel on the Awaiting Leads page.
    1. Filter By Source: Filters records based on the source—webform or import.
    2. Filter By Spam Possibilities: Choosing the Webform option will enable this filter to list records based on the spam possibilities.
    3. Filter By Fields: Lists records based on these fields: Created Time and Record Owner.
    4. Filter By IP - Webform: Filters blocked possible spam entries based on whether a given record is blocked manually by a user or automatically by the system. This filter is available only under the Blocked category.
That concludes everything about spam detection in webforms. Feel free to share your thoughts and suggestions in the comments.

Info
Availability 

Editions: All paid editions, including the developer edition (except for the paid trial edition)
DC: All DCs
Release Plan: This feature will be rolled out in phases. {Updated on Jan 30, 2026]

Regards,
Fiona

    • Recent Topics

    • Editing the text on the Help Center home page

      Is it possible to edit the "Welcome to Help Center" message anywhere? This one: We'd like to be able to tailor it a little more ourselves.

    • WHMCS for Zoho Flow

      Can we use WHMCS for Zoho flow?

    • Online meetings through Calendar Booking form with options

      This is great to see and particularly for those users who don't have Zoho BOOKINGS. The shame of it all though is that it could have been better. Why do we have to set up separate booking forms for each type of meeting and for each online conferencing

    • Agents permission per department

      Hi Team, can I setup permission for each agent what they can do in each department, for example I want account department agents to only have view access to support department tickets and not allowed to assign or reply to clients. I am sure this would

    • CRM notes

      I want to be able to add notes to a task that do not necessarily get rolled up into an account or contact.   For example, I tasks to work on a Court Order for John Doe divorce account.  There might be lots of updates (in the form of notes) that employees

    • Alternative / optional Position

      How do you create an alternative position or an optional position (article) in offers?

    • جمود في الصفحة عند حفظ عمل

      عندما اقوم باضافة ايقونة الى صفحة النموذج تجمد الصفحة ولا تعمل وتصبح مثل المظلة احدث الصفحة لا تعمل انتظر قليلا لا تعمل اقوم بنسخ رابط الصفحة والصقه في الرابط فيعمل

    • ZOHO Books Canadian payroll Integration

      Hello, I know ZOHO books doesn't have Canadian payroll and I dont believe its coming anytime soon. My question is there a Canadian payroll software that could be integrated with Zoho Books? Thank you HD

    • Zoho Desk Time Tracking and the Salary Privacy Issue

      Hello colleagues, Just wondering if anyone did hit the same wall? In the Desk, when the agent-specific hourly rates are enabled (Zoho Desk → Setup → Time Tracking → Billing Preferences), these Time Entries are being displayed in the Ticket History tab.

    • How to Delete, Disable, or Remove Streams from the Mail App?

      Is there a way to remove Streams from the mail app sidebar? I get too many notifications, it doesn't add any value to Zoho's functionality (especially since you can just make comments inside an email), and is distracting. I do not want notifications/alerts

    • Delay in MX updates

      Hi, I set MX Records 12 hours ago, and I am receiving email normally, but I still get notification MX record is not pointing correctly. Error: The MX records of your domain is not yet pointed to Zoho Mail. Why there is a delay in detecting MX records,

    • make.com integration

      Just wondering if anyone on Zoho One account connecting apps to Make.com We're on Canadian server (.com) and when connecting to Make.com, it keeps having error of Invalid Client ID. I have contacted both Zoho and Make and both sides said it's not an error

    • Article Numbers for KB articles

      Hello, I was wondering if it's possible to turn on article numbers/ part numbering for KB articles. If this is not already a feature, we'd like to request it. Frequently a solution will require multiple articles so tracking which articles are referenced

    • Refund Request ,Zoho Mail Subscription (zoho suport is not replying)

      Hi Zoho Team, I recently subscribed to the Zoho Mail yearly plan, but after evaluating it, I found that the interface does not suit my workflow. I’ve already canceled the subscription from my end. As I’m well within your 30-day refund window, I’m requesting

    • File Encryption - Zoho Desk iOS app update

      Hello, Everyone! We have now introduced the 'File Encryption' option within the Zoho Desk app as part of the HIPAA Compliance. This option allows the user to encrypt the attachments within the Desk mobile app, which acts as an additional layer of security.

    • Data encryption - Zoho Desk iOS

      Hello, Everyone! In the recent iOS version(v2.8.23) of the Zoho Desk app, we have supported data encryption. As a part of HIPAA Compliance, the Zoho Desk mobile app now allow users to encrypt the Desk mobile database as an additional layer of security.

    • Notify Admin when a user forgets to check-in or check-out at the designated time.

      Hello, I would like notify the Admin via email when a user forgets to check-in or check-out at the designated time. What is the best way to setup this email notification?

    • Assistance Needed with Prospect Conversion Issue

      Hi, I attempted to convert a prospect to an account, but received a pop-up notification indicating that the contact information matches an existing contact. I selected the option to add it to the existing contact, but it appears the prospect was not successfully

    • Mail Merge - unable to send more than 50 email

      Hi, I've subscribed to the pay email service because of the Mail Merge feature. However, I've found that this feature only allow to send up to 50 emails. I've to attach a screenshot for your reference. This limitation is not mentioned anywhere in service.

    • Zoholics Europe 2025: Your Ultimate Data Analysis (Zoho Analytics) Workshop Experience

      Why should you attend? This year, Zoholics Europe 2025 is putting data analysis centre stage. With a dedicated workshop designed to answer all your data-related questions, you’ll gain practical skills, real-time solutions, and expert insights that you

    • UK payroll entries

      Hey guys, Nett payroll payments are imported direct into the bank, using an external payroll system (will be glad for Zoho to have a UK payroll app) At present I have monthly recurring bills for HMRC which are auto entered & paid when due. This seems

    • Reverse Charge Services (Non-EU) Showing Correctly in 84/85 and 67, But Missing in Box 46 - Germany

      Hi, I'm located in Germany and I’ve set up my expenses for non-EU services (e.g., OpenAI, DeepSeek) under the reverse charge mechanism (§ 13b UStG) in Zoho Books, and I noticed some discrepancies in the VAT Summary Report. What’s Correct: Reverse Charge

    • Zoho Live Chat/Support

      What is going on with Zoho support lately? I've tried to use the live chat feature 4 different times and it refuses to connect to any (despite waiting over 30 minutes one of the tries). I finally gave up and emailed my question nearly a week ago and still

    • Can we have a module to records Certificate No and TDS rates for Lower TDS Certificates by the vendors ?

      Can we have a module to records Certificate No and TDS rates for Lower TDS Certificates by the vendors ?

    • Tip #38- Track Organizational Changes: A Guide to Using Action Log Viewer- 'Insider Insights'

      Hello Zoho Assist Community! Ever needed to trace who did what and when within your remote support operations? Let’s say your support team is growing, and you want to monitor key activities like settings updates, user invites, module changes, or permission

    • Answer Bot - Issues with language recognization

      When a user enters the phrase "gift vouchers" into the chatbot as their first message, the bot responds in French, even though: The default bot language is set to English The user's browser language settings are set to English All translate settings in

    • Tip of the Week #67– Avoid confusion – Mark duplicate threads.

      When customers send the same message to multiple email addresses, such as support@ and sales@, your team may end up seeing the same message in different inboxes. This creates confusion, risks double replies, and clutters your workspace. Use the Mark as

    • Final Reminder: Discontinuation of Older ASAP Widgets and Mobile SDK Support

      We launched the new ASAP Help Widget last year, introducing a unified and enhanced experience. Since then, older configurations have been placed in read-only mode, with all major updates and improvements built exclusively on the new version. As part of

    • Zoho Subscriptions -- Zoho Commerce integration

      Is there integration between Zoho Subscriptions and Zoho Commerce? I would like to create subscription plans in Zoho Subscritpions and list them for on my Zoho Commerce store.

    • Website show Blank white screen

      Customer called me to tell me my website is currently down upon review it shows a white screen however I can access everything via editor. JITCADCAM.com

    • How manufacturing analytics can transform your enterprise with Zoho Projects Plus

      Did you know that every single car is made up of 30,000 to 40,000 individual parts? All of these are manufactured meticulously in various facilities before being assembled into one. The global manufacturing industry spans a wide range from delivering

    • Customize your SalesIQ live chat with Custom CSS and blend it with your website design

      Hi everyone. Hope you all are having a great day! SalesIQ offers various inbuilt customization choices for your chat widget and window like changes in colour, theme, font etc. Although these choices are many, sometimes they may not match with the design

    • From Email Address When Replaying to Missed Chats

      One of the most common things we do is follow up on every missed chat.  Missed chats are like money in the bank, people just waiting for your response and to start a relationship with our companies. However, SalesIQ only lets you respond from 1 email address from your entire account?! We have happily paid for 4 subscriptions, but our users cannot reply from their own email address?  How are we supposed to build customer relationships? The fix to this issue is so simple, just load in the logged in

    • Narrative 6 - The impact of rebranding

      Behind the scenes of a successful ticketing system - BTS Series Narrative 6 - The impact of rebranding Every organization has invested in branding to set itself apart, and that should be reflected in the help desk. Zoho Desk enables organizations to apply

    • custom color palette for picklist in Sheet

      Migrating over from Google Sheets and missing the ability to customize the individual item colors of my picklist/dropdown menus. Is this something that is possible? A search showed me creating a custom color palette in Analytics is possible but I am not

    • What's New - July 2025 | Zoho Backstage

      Start smart, end strong. From knowing who’s coming to celebrating who showed up, July’s updates help you run events that feel organized from the first invite to the final thank you. Planning an event used to be like writing a choose-your-own-adventure

    • Image Upload Field API get encrypted ID and sequence number

      Hello is there a way to extract the encrypted id and sequence number from image upload fields through the Zoho CRM API? I created a custom script with javascript within Zoho CRM, but I want to extract the encrypted id and sequence number for all my images

    • Attention: Changes to 10DLC TCR pricing and new authentication requirements

      Hi everyone, Starting August 1, 2025, The Campaign Registry (TCR) is introducing new pricing changes and a mandatory brand verification process called Authentication+ 2.0, which will affect how you register and manage your 10DLC messaging services. These

    • Better Time Tracking

      We need better time tracking customization for IT MSPs. We also need reporting that is built in, rather than having to try and fumble with creating custom reports. We also need to be able to mark whether a ticket has been billed or not, I don't think

    • Scheduled Tickets Need Updated

      There is a very clunky manual way to create reoccurring scheduled tickets. This should be created to be easy for the administrator to create. We create several (10 to 12) reoccurring tickets per account for biweekly and monthly auditing purposes.. The

    • Next Page