Reject email addresses from specific domains

Hi Raul,

I realize that your team doesn't have the bandwidth to handle a ton of case-by-case issues, but I'm curious how to make this will work with embedded forms. I cannot seem to get it to function properly on my page where I have a Marketo form embedded.

Thanks,

Rich

EDIT: I found a script (credit to Murtza Manzur on stackoverflow) which functions well when the form is embedded using Marketo's embed script.

http://stackoverflow.com/questions/23447863/can-i-intercept-marketo-landing-page-form-submission-with-jquery

<script>
(function (){
  // Please include the email domains you would like to block in this list
  var invalidDomains = ["@gmail.","@yahoo.","@hotmail.","@live.","@aol.","@outlook."];

  MktoForms2.whenReady(function (form){
  form.onValidate(function(){
   var email = form.vals().Email;
   if(email){
   if(!isEmailGood(email)) {
  form.submitable(false);
   var emailElem = form.getFormElem().find("#Email");
  form.showErrorMessage("Must be Business email.", emailElem);
   }else{
  form.submitable(true);
   }
   }
   });
  });

  function isEmailGood(email) {
   for(var i=0; i < invalidDomains.length; i++) {
   var domain = invalidDomains[i];
   if (email.indexOf(domain) != -1) {
   return false;
   }
   }
   return true;
  }

})();
</script>

Hello Rich,

I apologize for the long delayed response. Let me see if we can/should use the script from Murtza Manzur and update the article ensuring to give him credit as one of our Marketing Nation Marketers.

Raul

Great, thanks Raul.

Hi Rich,

The article has been updated with Murtza Manzur's script.

Thanks again!

Raul

Hi -- This information is great. We're looking to implement this for some spam we have been receiving. Can anyone help direct me where/how to place this on our LP for the form? Thanks in advance! Stephanie

Hi Stephanie,

What I suggest you do is reach out to Kathy Mammon who is your company’s primary contact and ask her to open a support case on your behalf. This way you’ll receive more complete answers to all your questions.

Thank you,

Raul

Hi all,

I'm curious to know if anybody has had success just doing this on the back end in Marketo - and be able to add in specific exceptions for people. One could code in some exceptions in the .js above, but then it's easy to cheat by editing this public code. The problem is, the further a contact is up the company food chain, the less likely you're going to get a work email.

In other words, a backend smartlist or something, that excludes all gmails, except "bob-fortune500ceo@gmail.com" etcetera.

I have the same question as we are getting inundated every day with a domain signing up fake emails to our blog in an embedded form.  It's just not clear where to put this script. Should we log a support ticket?

Scott, there are multiple types of unwanted form data, and the means by which they enter your system (and thus the means by which they must be stopped) are distinctly different:

• A legitimate, interactive human lead (i.e. actual person using a browser) providing a working email address @ a domain you don't consider up to your standards (i.e. freemail or anonymous). This is the easiest to stop, because the non-malicious user is not able to, or not interested in, circumventing JavaScript-based validation. You may not get a form submissions from these folks, but you can reasonably dissuade them from providing unwanted data.
• A legitimate, interactive human lead providing a non-working email address that may or may not be at a unwanted domain. If such an address is at a domain that you allow, then you won't be able to block it completely unless you also perform end-to-end address validation in real-time in on the form. You can also perform validation from the server after submission.
• A malicious bot providing either working or non-working email addresses, at either allowed or disallowed domains. In this case all JS validation is deliberately being ignored and will have no effect. Only a ReCAPTCHA on the form can detect (on the server) that there wasn't a legitimate human behind the keyboard, and discard data accordingly. (Some attempt a "honeypot" approach here, but a bot can be taught to evade the honeypot easily.)
• A malicious human interacting directly with the form and sending arbitrary addresses. Save for rate limits (Marketo only allows 30 form posts per minute per IP address) and additional rate limiting of the ReCAPTCHA experience, this one is impossible to stop.  If so inclined, a malicious human with reasonable tech skills can both (a) pass a ReCAPTCHA and (b) submit arbitrary email addresses around your JS validation. If those email addresses are also emailable (so they pass server-side validation) they'll be indistinguishable from legit human leads.
• A malicious human submitting someone else's info. This is a special case to also be aware of. It's like the point above, except the attacker is deliberately trying to use your form to make you contact someone else. In these cases the issue is not the email address itself but ensuring that you don't send auto-responder emails that echo back raw user-provided data (i.e. if the lead may include a malicious link in a form field, don't send them back that link in an auto-response).

Marketo Support will not be able to tell you where to place the forms JS you write for these cases  You should open threads in Products with your questions, or hire a developer to deploy the code.