(This blog post was created in year 2010. You can now include Google reCAPTCHA in web-to-lead/web-to-case forms to prevent the spamming. Please refer to my new blog post Step By Step Guide to Setting Up Web-to-Lead & Web-to-Case in Salesforce with reCAPTCHA on how to prevent the spam – updated on 25-Feb-2020)
If you are using web-to-lead form to capture leads from your website directly into Salesforce, there is a very high chance of getting hundreds and thousands of junk or spam leads. If you want Salesforce to do something about it please vote for the idea at URL http://sites.force.com/answers/ideaView?id=08730000000BrZkAAKAnd while we are waiting for Salesforce to come up with the solution, here is what you can do.
Create a data validation rule on Leads (Setup -> Customize -> Leads -> Validation Rules).
which will look something like this
Email = “email@example.com” || CONTAINS(FirstName, “online”) || CONTAINS(LastName, “online”) || CONTAINS( Message__c, “http://”)
This validation condition has been created because most of the time the spam lead that I receive has one of the following characteristic
1. The e-mail address is the same (like “firstname.lastname@example.org”) or
2. contains the keyword “online” in first name or last name
3. Has ” http:// ” in the message or description field.
If you can find a characteristic like this, you may want to create a data validation rule to disallow such leads. But you need to be careful to ensure that no genuine lead gets rejected by this validation rule.
Hope this helps. If anyone else has got any other idea, please feel free to share.