Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Introducing spam detection for webforms: An additional layer of protection to keep your Zoho CRM clean and secure

Greetings all,

One of the most highly anticipated feature launches—Spam Detection in webforms—has finally arrived!

Webforms are a vital tool for record generation, but they're also vulnerable to submissions from unauthenticated or malicious sources, which can lead to the collection of spam records that clutter CRM systems and reduce data quality. 

Zoho CRM's new spam detection capability provides an additional security layer and minimizes dependencies on the basic options such as captchas and double opt-ins, ultimately improving data quality of webform submissions. Users no longer have to check potential spam records from webforms manually.

Let's dive into how Spam Detection restricts suspected spam records from webforms and helps users keep their CRM clean and organized.

What does spam detection do?

Spam detection offers the following advantages:
  1. Simplifies the manual review of potential spam in webform submissions.
  2. Detects potential spam submissions by identifying invalid or suspicious email addresses and scoring them to indicate spam probability.
  3. Holds these possible spam records for manual approval from users.
  4. Automatically blocks spam records to keep them out of the CRM account.

What happens to webform submissions?

All webform submissions are evaluated against predefined criteria and screened for spam detection. Let's say you've received several webform submissions for the Leads module from your website visitors.

Clean, non-suspicious records that originate from verified IP addresses—and are therefore deemed likely to be genuine and valid—are fed into the Leads module (unless approval has been set for all webform submissions).

In contrast, suspicious submissions are flagged as potentially spam and held back for manual approval in the usual record approval page called, Awaiting Leads (previously known as Approve Leads). These records are assigned a Spam Possibility Score based on the identified suspicious factors. 

The new Record Source column provides details related to the submission's source—for example, the submission's IP address, the webform name, and the URL—when you hover over the info icon. 

The new Spam Possibility column indicates the spam probability for each record as a percentage. You can also view the top reasons behind the scores of the spam record by hovering over the info icon beside it. 


Each reason identified contributes to the score, and the sum is calculated to determine the final Spam Possibility Score for the record. Some of the reasons are listed below:
  1. Submission from bots/crawlers: If a bot or crawler fills and makes a submission via your hosted webform, the Spam Detection layer will automatically identify this malicious submission.
  2. Submission with invalid phone numbers: If a form respondent shares an incorrect phone number, a toll-free number, or a junk contact number, it will be flagged as an invalid phone number.
  3. Submission with invalid email addresses: If the submitted email address originates from a spam source, an unauthorized domain, or a temporary mailbox, it will be flagged as an invalid email address.
We're also introducing an advanced security layer: Honeypot Field, which is a cybersecurity mechanism that identifies bots by detecting submissions made to invisible form fields that genuine users don't interact with. If the submission comes with values filled in the hidden fields, the system flags the entry as likely being a spam submission.

Spam Detection has more parameters like these to detect spam submissions and assign appropriate scores. For quick probability recognition, the following colors represent the severity of spam possibilities:
  1. Green: 1% - 20%
  2. Orange: 21% - 70% 
  3. Red: 71% - 100%

How spam detection helps handle records awaiting approval

Previously, records that awaited approval were evaluated manually and then approved, merged, resolved, or deleted accordingly. In addition to these traditional actions, and with the introduction of Spam Detection, administrators can now optionally block IP addresses of records with high spam possibility scores if they want to restrict further submissions from them.

  1. The Block IP button is available, along with the other buttons like Merge, Approve, or Resolve.

  1. Admins can also directly block an IP by using the Block IP button available when hovering over the info icon.

Record submissions from such blocked IPs will be categorized under the new Blocked record category.
Additionally, Zoho's system internally maintains a set of blacklisted IPs based on security assessments. Records submitted from those IPs will be automatically and permanently blocked by the CRM.
Notes
Note: Records under the Blocked category will be deleted in 60 days.

How to enable Spam Detection for your webforms

While setting up a webform, you'll see the Spam Detection section where you can adjust the Spam Possibility Score slider to set the threshold at which records should be flagged for manual review.

A score range of 90% to 100% will be set by default for all webforms as the tolerance level, which the webform owner can change anytime based on their preferences.

NotesNote: Records whose spam possibility scores fall within the set range will be held for approval, along with the relevant percentages and reasons. If, say, the chosen range is 80 to 100%, only those records with spam possibility percentages between 80 and 100 will be listed. Submissions with lower percentages will not be held as spam.

We've revamped the record approval page to provide a better UI experience and make it easier to manage and review spam records. Let's look at the changes in detail.

Revamped record approval page

  1. In modules like Leads, the "Approve Leads" field under Actions has been renamed to "Awaiting Leads". This change extends to other modules as well.
  2. The approval page has been redesigned to make it easier to switch between categories and review all records. This enhancement applies to all webform-supported modules and team modules.

  3. The number of records in each category displayed prevents users from overlooking records that are awaiting approval.
  4. You can also filter these records using the new filters in the left panel on the Awaiting Leads page.
    1. Filter By Source: Filters records based on the source—webform or import.
    2. Filter By Spam Possibilities: Choosing the Webform option will enable this filter to list records based on the spam possibilities.
    3. Filter By Fields: Lists records based on these fields: Created Time and Record Owner.
    4. Filter By IP - Webform: Filters blocked possible spam entries based on whether a given record is blocked manually by a user or automatically by the system. This filter is available only under the Blocked category.
That concludes everything about spam detection in webforms. Feel free to share your thoughts and suggestions in the comments.

Info
Availability 

Editions: All paid editions, including the developer edition (except for the paid trial edition)
DC: All DCs
Release Plan: This feature will be rolled out in phases. {Updated on Jan 30, 2026]

Regards,
Fiona

    • Recent Topics

    • Template modifiactions

      Hello, I am struggling with the templates in ZOHO Books. Especially with the placement of some items, like company address, ship to, bill to etc.  For example: One item I like from template X (placement of ship to and bill to next to each other in the

    • Aggregating the First Value in the Group By of a dataset

      Hi I am trying to get the following Aggregate Formula to work in my chart, but cannot seem to get the right format. I have a series of data that I am running an include_groupby and want to SUM only a column in the first row of each group. So for example.

    • Track Zoho Campaign and Workflow sales impact

      I am attempting to measure the performance of our marketing workflows and campaigns by comparing the date each campaign was sent to a contact with the purchase date of the contact. For example, if Contact A was sent Email A on 9/1 and made a purchase

    • What is a line break code for zoho?

      Hi, I am archiving data by adding values from a single line field from one form to a multi-line field in another form. So I need a code/function that starts a new line on that multi-line field so it does not just keep adding it on the same line. Example, doing something like this means that it will be on a same line. archive.field1 = archive.field1 + input.Field1 I need a code so the input.Field1 can just start on the next line. Instead of "value 1, 2,3,4,5" It will be: "1 2 3 4 etc.".  something

    • Automatic Project Owner change

      Is there a way to change Project Owner automatically once a specific Milestone in a project is marked as completed. Different Teams are working on projects in our Org, they have their own Milestones to complete and so we transfer the project from team

    • Button to add product to cart

      Is there a way to have a button on a page, that when clicked, will add Qty 1 of a product to the cart?

    • Problem with Submit Button Design

      I have made a template to apply to my forms and under the button controls, I have it set to "standard" and yet it's still filling the container. This is super frustrating and looks weird. Why do we not have full control over button size? How can I fix

    • Zoho CRM- Authorize your Microsoft Teams account issue

      Hi, I tried to link Zoho CRM with Teams and I got the following message: Clicking "Authorize now" sent me to the following page, Microsoft tried to start a session but, after 3 seconds the page closed and nothing happened. I get the same message each

    • Is there a way to associate an email in ZOHO Main to a Vendor record in ZOHO CRM

      My situation is as below, I have a vendor in ZOHO CRM lets say "Vend A" and an associated contact, "Cont A" If Cont A sends me an email using the email I've registered in the contact record the standard OOTB email sync will work. But the vendor has some

    • Kaizen #207 - Answering your Questions | Advanced Queries using COQL API

      Hi everyone, and welcome to another Kaizen week! As part of Kaizen #200 milestone, many of you shared topics you would like us to cover, and we have been addressing them one by one over the past few weeks. Today, we are picking up one of those requests

    • Présentation de SecureForms dans Zoho Vault

      Soyons francs : demander à quelqu’un de transmettre un mot de passe ou des informations sensibles n’est jamais une tâche facile. On attend, on relance, parfois de nombreuses fois. Et quand l’information arrive, elle se retrouve souvent dispersée dans

    • Granular Email Forwarding Controls in Zoho Mail (Admin Console and Zoho One)

      Hello Zoho Mail Team, How are you? At present, the Zoho Mail Admin Console allows administrators to configure email forwarding for an entire mailbox, forwarding all incoming emails to another address. This is helpful for delegation or backup purposes,

    • Kaizen #190 - Queries in Custom Related Lists

      Hello everyone! Welcome back to another week of Kaizen! This week, we will discuss yet another interesting enhancement to Queries. As you all know, Queries allow you to dynamically retrieve data from CRM as well as third-party services directly within

    • Need the ability to have read only fields on a form.

      There needs to be functionality in Creator that allows a field on a form to be read only. Most screen building software applications have this capability. I know you can hide certain fields from specific users and that you can also make the whole form read only but that's not the functionality I need. I want to be able to create a form where certain fields are editable and other are for display purposes only (read only). For example if the form was displaying information on an item that the user

    • Reverse payment on accidentally closed invoice.

      An invoice was closed accidentally with the full payment added. However, only partial payment was paid. How can I reopen the invoice and reverse this to update it to show partial payment?

    • New integration: Track booking page appointments in Google Analytics 4

      Hello all, Greetings from the Zoho Bookings team! We’re excited to introduce our new Google Analytics 4 (GA4) integration designed to help you track booking activity, understand customer behavior, and measure marketing performance, all in one place. What

    • How to list emails in a folder, e.g. Inbox, on multiple pages when using Zoho mail webpage?

      Something as shown in the figure. There are totally 50 emails in Sent folder. If "Mail per page" equals 20, then the Sent folder is split into 3 pages. When I wander through Sent folder, I can just select a specific page to jump to. BTW, it seems that

    • Zoho Calendar soft bounce on @hotmail.com and @yahoo.com email addresses

      Hello, our Zoho calendar recently does not send the calendar invites to emails with hotmail and yahoo domains and comes back with a "soft bounce". other domains like Gmail works fine. Also sending "email" to the same emails to the above domains work well

    • ERROR CODE :512 - 5.4.4 DNS error:NXDOMAIN.

      Suddenly we cant send mail, we are getting this error for all outbound mail to multiple domains.

    • Unveiling Cadences: Redefining CRM interactions with automated sequential follow-ups

      Last modified on 01/04/2024: Cadences is now available for all Zoho CRM users in all data centres (DCs). Note that it was previously an early access feature, available only upon request, and was also known as Cadences Studio. As of April 1, 2024, it's

    • customer data security

      We are exploring ways to enhance our within Zoho CRM. Our Goal: We want to fully integrate RingCentral with Zoho CRM to enable click-to-call functionality for our sales team. However, to comply with data privacy regulations and protect customer contact

    • Sync CRM inventory data with Zoho Books

      I just switched everything over to ZoHo books, but I am trying to find out why the CRM Estimates, Invoices, and Sales Orders created in ZoHo CRM are not then duplicated in ZoHo Books? I had Quickbooks before, and had to do everything twice, I thought

    • mask Customer phone number and agents cant see customer phone number

      Is there any way we can integrate Zoom Phone with Zoho CRM while ensuring that customer phone numbers remain masked? We need a solution where agents can make outbound calls but cannot see customer phone numbers. Please let us know if there is any solution

    • Email Reminders on Shared Calendars

      How do we turn off the setting that emails reminders to everyone who has accepted or declined a calendar invite? If 8 of us have been invited to the same meeting, we receive 8 notifications for every step of the process, from invitation to decision.

    • How to refresh a ticket view ?

      I am doing a widget where I send a rest api call to make a new draft to the ticket I am viewing. The issue is sometimes it refresh a ticket view and I can see inserted draft right away, but sometimes I do not see it even if it is inserted correctly and

    • Ugh! - Text Box (Single Line) Not Enough - Text Box (Multi-line) Unavailable in PDF!

      I provide services, I do not sell items. In each estimate I send I provide a customized job description. A two or three sentence summary of the job to be performed. I need to be able to include this job description on each estimate I send as it's a critical

    • Supervisor Rules - Zoho Desk

      Hi, I have set up a Supervisor Rule in Zoho Desk to send an email alert when a ticket has been on hold for 48 hours. Is there a way to change it so that the alert only sends once and not on an hourly basis? Thank you Laura

    • ResponseCode 421, 4.7.0 [TSS04] Messages from 136.143.188.51 temporarily deferred due to user complaints

      Had email bounce. Let me know if you can fix this. Thanks. Michael

    • New Zoho triggers Google Dangerous flag due toabnormal charcters

      Just signed up and doing my first email test. I sent it to my google email account but it got flagged as Dangerous" due abnormal characters. My DNS setup looks ok. Page snips attached Help Please Thanks, Rick DC PowerWorld

    • Is there a API to fetch tasks in a Board/Section

      I am writing a scheduled function that retrieves all the tasks and send an reminder on cliq. I cannot seem to find a API to fetch tasks (by user / board / section) What are the way to fetch tasks?

    • Having trouble fetching contents of Zoho Connect Feeds using the API, requesting alternative API documentation.

      I'm trying to retrieve feed/post data from Zoho Connect using the API but facing challenges with the current documentation. What I've tried: OAuth authentication is working correctly (getting 200 OK responses) Tested multiple endpoints: /pulse/nativeapi/v2/feeds,

    • Adding an Account Name to Tasks/Reminders

      Does anyone know how to add the related account name to a task?  When we look at the list of activities and when the reminders pop up, there is no way of quickly seeing who the account is. 

    • Triggering Zoho Flow on Workdrive File Label

      Right now Im trying to have a zoho flow trigger on the labeling/classification of a file in a folder. Looking at the trigger options they arent great for something like this. File event occurred is probably the most applicable, but the events it has arent

    • SendMail to multiple recipients

      Hi, I'm trying to send an email to a list of recipients.  Right now the "to" field is directed to a string variable. (List variables won't work here). In the string variable, how can I make it work? trying "user@app.com;user2@app.com" or "user@app.com; user2@app.com" just failed to send the emails. Ravid

    • Populate drop down field from another form's subform

      Hello, I found how to do that, but not in case of a subform. I have a Product form that has a subform for unit and prices. A product might have more than one unit. For example, the product "Brocoli" can be sold in unit at 3$ or in box of 10 at 25 $. Both

    • Usar o Inventory ou módulo customizado no CRM para Gestão de Estoque ?

      Minha maior dor hoje em usar o zoho é a gestão do meu estoque. Sou uma empresa de varejo e essa gestão é fundamental pra mim. Obviamente preciso que esse estoque seja visível no CRM, Inicialmente fiz através de módulos personalizados no próprio Zoho CRM,

    • Signup forms behaviour : Same email & multiple submissions

      My use case is that I have a signup form (FormA) that I use in several places on my website, with a hidden field so I can see where the contact has been made from. I also have a couple of other signup forms (FormB and FormC) that slight differences. All

    • getting error in project users api

      Hello, I'm getting a "Given URL is wrong" error when trying to use the Zoho Projects V3 API endpoint for adding users to a project. The URL I'm using is https://projectsapi.zoho.com/api/v3/portal/{portalid}/projects/{projectid}/projectusers/ and it's

    • Change total display format in weekly time logs

      Hi! Would it be possible to display the total of the value entered in the weekly time log in the same format that the user input? This could be an option in the general settings -> display daily timesheet total in XX.XX format or XX:XX.

    • How to display historical ticket information of the total time spent in each status

      Hi All, Hoping someone can help me, as I am new to Zoho Analytics, and I am a little stuck. I am looking to create a bar chart that looks back over tickets raised in the previous month and displays how much time was spent in each status (With Customer,

    • Next Page