Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Greetings all,

One of the most highly anticipated feature launches—Spam Detection in webforms—has finally arrived!

Webforms are a vital tool for record generation, but they're also vulnerable to submissions from unauthenticated or malicious sources, which can lead to the collection of spam records that clutter CRM systems and reduce data quality. 

Zoho CRM's new spam detection capability provides an additional security layer and minimizes dependencies on the basic options such as captchas and double opt-ins, ultimately improving data quality of webform submissions. Users no longer have to check potential spam records from webforms manually.

Let's dive into how Spam Detection restricts suspected spam records from webforms and helps users keep their CRM clean and organized.

What does spam detection do?

Spam detection offers the following advantages:

1. Simplifies the manual review of potential spam in webform submissions.
2. Detects potential spam submissions by identifying invalid or suspicious email addresses and scoring them to indicate spam probability.
3. Holds these possible spam records for manual approval from users.
4. Automatically blocks spam records to keep them out of the CRM account.

What happens to webform submissions?

All webform submissions are evaluated against predefined criteria and screened for spam detection. Let's say you've received several webform submissions for the Leads module from your website visitors.

Clean, non-suspicious records that originate from verified IP addresses—and are therefore deemed likely to be genuine and valid—are fed into the Leads module (unless approval has been set for all webform submissions).

In contrast, suspicious submissions are flagged as potentially spam and held back for manual approval in the usual record approval page called, Awaiting Leads (previously known as Approve Leads). These records are assigned a Spam Possibility Score based on the identified suspicious factors. 

The new Record Source column provides details related to the submission's source—for example, the submission's IP address, the webform name, and the URL—when you hover over the info icon. 

The new Spam Possibility column indicates the spam probability for each record as a percentage. You can also view the top reasons behind the scores of the spam record by hovering over the info icon beside it. 

Each reason identified contributes to the score, and the sum is calculated to determine the final Spam Possibility Score for the record. Some of the reasons are listed below:

1. Submission from bots/crawlers: If a bot or crawler fills and makes a submission via your hosted webform, the Spam Detection layer will automatically identify this malicious submission.
2. Submission with invalid phone numbers: If a form respondent shares an incorrect phone number, a toll-free number, or a junk contact number, it will be flagged as an invalid phone number.
3. Submission with invalid email addresses: If the submitted email address originates from a spam source, an unauthorized domain, or a temporary mailbox, it will be flagged as an invalid email address.

We're also introducing an advanced security layer: Honeypot Field, which is a cybersecurity mechanism that identifies bots by detecting submissions made to invisible form fields that genuine users don't interact with. If the submission comes with values filled in the hidden fields, the system flags the entry as likely being a spam submission.

Spam Detection has more parameters like these to detect spam submissions and assign appropriate scores. For quick probability recognition, the following colors represent the severity of spam possibilities:

1. Green: 1% - 20%
2. Orange: 21% - 70% 
3. Red: 71% - 100%
   

How spam detection helps handle records awaiting approval

Previously, records that awaited approval were evaluated manually and then approved, merged, resolved, or deleted accordingly. In addition to these traditional actions, and with the introduction of Spam Detection, administrators can now optionally block IP addresses of records with high spam possibility scores if they want to restrict further submissions from them.

1. The Block IP button is available, along with the other buttons like Merge, Approve, or Resolve.
   
   

1. Admins can also directly block an IP by using the Block IP button available when hovering over the info icon.
   
   

Record submissions from such blocked IPs will be categorized under the new Blocked record category.

Additionally, Zoho's system internally maintains a set of blacklisted IPs based on security assessments. Records submitted from those IPs will be automatically and permanently blocked by the CRM.

Note: Records under the Blocked category will be deleted in 60 days.

How to enable Spam Detection for your webforms

While setting up a webform, you'll see the Spam Detection section where you can adjust the Spam Possibility Score slider to set the threshold at which records should be flagged for manual review.

A score range of 90% to 100% will be set by default for all webforms as the tolerance level, which the webform owner can change anytime based on their preferences.

Note: Records whose spam possibility scores fall within the set range will be held for approval, along with the relevant percentages and reasons. If, say, the chosen range is 80 to 100%, only those records with spam possibility percentages between 80 and 100 will be listed. Submissions with lower percentages will not be held as spam.

We've revamped the record approval page to provide a better UI experience and make it easier to manage and review spam records. Let's look at the changes in detail.

Revamped record approval page

1. In modules like Leads, the "Approve Leads" field under Actions has been renamed to "Awaiting Leads". This change extends to other modules as well.
2. The approval page has been redesigned to make it easier to switch between categories and review all records. This enhancement applies to all webform-supported modules and team modules.
   
   
3. The number of records in each category displayed prevents users from overlooking records that are awaiting approval.
4. You can also filter these records using the new filters in the left panel on the Awaiting Leads page.
1. Filter By Source: Filters records based on the source—webform or import.
2. Filter By Spam Possibilities: Choosing the Webform option will enable this filter to list records based on the spam possibilities.
3. Filter By Fields: Lists records based on these fields: Created Time and Record Owner.
4. Filter By IP - Webform: Filters blocked possible spam entries based on whether a given record is blocked manually by a user or automatically by the system. This filter is available only under the Blocked category.
   

That concludes everything about spam detection in webforms. Feel free to share your thoughts and suggestions in the comments.

Availability 

Editions: All paid editions, including the developer edition (except for the paid trial edition)

DC: All DCs

Release Plan: This feature will be rolled out in phases. {Updated on Jan 30, 2026]

Regards,

Fiona

• Topic Participants

• Pauplin Fiona Peries G

  

• Sticky Posts

• Good news! Calendar in Zoho CRM gets a face lift

  Dear Customers, We are delighted to unveil the revamped calendar UI in Zoho CRM. With a complete visual overhaul aligned with CRM for Everyone, the calendar now offers a more intuitive and flexible scheduling experience. What’s new? Distinguish activities

• VoC in Zoho CRM is now data savvy: Explore response drilldown, summary components and participation in CRM criteria

  VoC has all the goods when it comes to customer intelligence—which is why we're constantly enhancing it. We recently added the following: A customer drilldown component that shows you the list of prospects and customers behind a chart's attribute Expanded

• Wrapping up 2025 on a high note: CRM Release Highlights of the year

  Dear Customers, 2025 was an eventful year for us at Zoho CRM. We’ve had releases of all sizes and impact, and we are excited to look back, break it down, and rediscover them with you! Before we rewind—we’d like to take a minute and sincerely thank you

• Presenting ABM for Zoho CRM: Expand and retain your customers with precision

  Picture this scenario: You're a growing SaaS company ready to launch a powerful business suite, and are looking to gain traction and momentum. But as a business with a tight budget, you know acquiring new customers is slow, expensive, and often delivers

• Create and populate a record in an instant: Introducing zero-shot field prompting to Zia's ICR

  A couple of months ago, we upgraded our in-house AI image detection and validation tool, Zia Vision, with intelligent character recognition (ICR). By training Zia with sample images, you could create and enrich CRM records with data extracted from standard

• Recent Topics

• Is it possible to set a region lookup table so that my deal country can lookup this lookup table

  Hi there, I would like to be able to add a data lookup table with the following fields: Country, Region. And then in my deal report, i can then lookup this table to fish out the region in my report. This will be important for my sales process to categorise

• Test Emails Show Sent "via zcsend.net" in My Gmail Account

  I noticed the following info... However, a few email service providers such as Outlook and Gmail will display that the email was sent by zcsend.net (Zoho campaigns’ server) on your behalf instead of just your from email address.  In order to prevent this, you can go for either of these options: Do not select the check box meant for DomainKey Signature which is listed under Unverified sender domains. Include our mail servers by advanced authentication method such as SPF/ Sender ID and DomainKey/ DKIM.

• 'UnAuthenticated Connection: zbooks_connection'

  I have a zoho connection in Zoho Books, the link name es zbooks_connection, but I like to validate if exist, by example if I use this line in my code: response=zoho.books.getTemplates("", "","zbooks_connection"); But I don't  have the connection I like

• Calling the new 'Custom API' feature from within a Custom Widget

  From what I've learned it is not possible to call an endpoint from the new "Custom API" feature within a Creator Widget. The SDK's doesn't support it yet, when calling it natively you end up with CORS issues or at least I couldn't get it working even

• Cannot post to Instagram. I get the error: Insufficient permission to publish on this page. Check with your page Admin to update permissions.

  We had another admin that left the company. Since he left, we get this error when posting to Instagram.

• Zoho desk desktop application

  does zoho desk has a destop applicaion?

• Ability to re-order Workflow Rules

  We really need the ability to re-order workflow rules within departments.  Either the ability to drag/drop them into a different order or something.

• Create an article template

  I have a question concern the Knolwedge Database from Zoho Desk. There is any possibility to create an article template ? Exemple of what I research : TODAY : I want to create a lot af articles with the same baseline > I create one article > I copy/paste

• Change of Blog Author

  Hi, I am creating the blog post on behalf of my colleague. When I publish the post, it is showing my name as author of the post which is not intended and needs to be changed to my colleague's name. How can I change the name of the author in the blogs?? Thanks, Ramanan

• Zoho FSM API Delete Record

  Hi FSM Team, It would be great if you could delete a record via API. Thank you,

• Instant Messaging Update | Now migrate your WhatsApp Business phonenumber from another BSP to Zoho Desk | Dec'23

  Hi All, Everything seems to move at lightning speed these days, and time is certainly flying by for the IM team. But we are delighted at how much ground we covered this year. 🚀 For one, we enabled WhatsApp business phone number migration so that you

• Upload ticket attachments via Drag-&-Drop

  Hello, if you want to upload a file to the ticket attachment you need to click the button and use the file browser to select and upload the desired file. In many cases, it would be much more efficient if you could simply drag the file to the browser window...

• Can we disable add to cart in Zoho Commerce?

  Hello, Our sales happen on the phone. During the call the customer is directed to our website to inspect the products together with the sales rep. So we need a way to present our inventory. I figured Zoho Commerce is a good fit for this use case. However

• Introducing WhatsApp integration in Bigin

  Greetings! In today's business landscape, messaging apps play a significant role in customer operations. Customers can engage with businesses, seek support, ask questions, receive personalized recommendations, read reviews, and even make purchases—all

• Zoho One account closure vs deactivation

  I wonder what are the best practices and guidelines around deactivating vs deleting Zoho accounts in organisations? Any practical considerations?

• Global Search placement in the new UI

  Having a hard time with the global search placement in the UI redesign. Surely I can't be the only one. Previously global search placement was perfect. A bar at the top/center of the page. Exactly where you would expect it to be. Since the new UI has

• Schedule Zoho CRM reports only on Business Days

  Hello, Is it possible to schedule reports only on business days ? We currently get daily sales reports on weekend which has no value since the sales team doesn't work on weekends. Thanks

• How to install Widget in inventory module

  Hi， I am trying to install a app into Sales Order Module related list, however there is no button allow me to do that. May I ask how to install widget to inventory module related list?

• How to track a contact or customer's past product purchases in Bigin Premiere?

  Hello there. I am the sole user of Bigin for a small company (chess club), and would like to track current and past purchases made by a contact (player) or company (family which includes the player). Players may register for multiple tournaments, take

• LENTITUD EN RECIBIR MAIL

  Buenas tardes, Estamos experimentando lentitud en la recepción de correos electrónicos.

• Items should display under specific warehouse

  I have configured the multi warehouse but it show all the items under all warehouse which is not correct according to our business logic, so i want that items should only display under that specific warehouse not under all the warehouses not even with zero quantity. Some items should be common but not all so is there any option for that purpose so i can specific the items to its warehouse. Regards

• Partial refunds

  I am trying to process refund for a one item invoice, however the refund is partial: i am getting this error while creating credit note, can anyone share some wisdom about this

• Best practice importing items and matching assemblies

  Hi, I was wondering what would be the best practice to import items and composite items (assemblies) From my backup, what should I import first? The items or the composite items? I am on Zoho one, using inventory and books. Kind regards, Sabine

• Bulk Fill In & Edit PO/Bill/SO/Invoice

  Hello, I am adding stock in bulk on a PO, the system is automatically populating the Rate (price) and Tax from the item data. Problem is that the bill rate is different from the rate on the item data, so I have to manually erase each and enter the price.

• Separate Items & Services

  Hi, please separate items and services into different categories. Thank you

• Items Below Reorder Point Report?

  Is there a way to run a report of Items that are below the Reorder Point? I don't see this as a specific report, nor can I figure out how to customize any of the other stock reports to give me this information. Please tell me I'm missing something s

• Cancelled Transfer order problem

  Hello, We've canceled a transfer order, and we can't add the related items to a new Transfer Order. The system tells us that the bin doesn't have the required quantity, but when we check the item, it indicates that there are 2 units in the bin. It also

• Creating a Chart from a Report

  In Zoho Analytics, is it possible to create a chart from a Pivot View report? We are looking to use Zoho Analytics to replace Excel for Sales reports and would like to be able to show both the table and the chart together.

• Client Portal ZOHO ONE

  Dear Zoho one is fantastic option for companies but it seems to me that it is still an aggregation of aps let me explain I have zoho books with client portal so client access their invoice then I have zoho project with client portal so they can access their project but not their invoice without another URL another LOGIN Are you planning in creating a beautiful UI portal for client so we can control access to client in one location to multiple aps at least unify project and invoice aps that would

• Email Insights included in Bigin emals are marked as SPAM everywhere

  Today I noticed that email recipients who use Office 365 never receive emails sent from Bigin. Further examination showed that all Email Insights links in email headers are marked as spam/phishing by Office 365. Example screen included. The problem is

• Data Import | Zoho Analytics Custom Query Window Size

  Please increase the window size for the Custom Query Data Import. It's impossible to work with such a small query window.

• Name changed in settings for mailbox but still not changed when typed in To field

  In the email account secretary@ i have updaetd the new staff members details but the old members name still appears when I type secretary@ in the To field. I cant work out where Zoho is finding the old name from. I have deleted the browser cache. If I

• Cannot add my name to my domain name

  I want to have My name@mydomain.com and it says my name is linked to another account already. Please fix it since I do not have another account.

• Invoice status on write-off is "Paid" - how do I change this to "Written off"

  HI guys, I want to write off a couple of outstanding invoices, but when I do this, the status of the invoices shows as "Paid". Clearly this is not the case and I need to be able to see that they are written off in the customer's history. Is there a way

• Establishing new Zoho email account on laptop

  Good Morning: I am very long time Outlook business user and decided to try your email service last night and had established an account. I am trying to verify my account; how do I establish my Zoho email account on my laptop? I opened the account with

• unable to send message reason 550 5.4.6 unusual sending activity

  My email account can't send message. It shows unable to send message reason 550 5.4.6 unusual sending activity detected

• how to add email to existing organization i w

  I am already registered my organization and i have an email id. I need one more email id but i can't find anywhere .i want the cheapest email id . how to add ?

• e-mail bloqueado

  Estou com meu e-mail lucas@peplus.me bloqueado, preciso desbloquear para retorno de usos em minhas atividades.

• zoho labels api not working

  We're using n8n to automte email reply using zoho api. I'm facing issue with label api. I added the required scopes but its not working. i followed zoho api documentation but didn't work. also, where do i find/how do i create zoho oauth token mentioneeed

• Desk DMARC forwarding failure for some senders

  I am not receiving important emails into Desk, because of DMARC errors. Here's what's happening: 1. email is sent from customer e.g. john@doe.com, to my email address, e.g info@acme.com 2. email is delivered successfully to info@acme.com (a shared inbox

• Next Page