Help

Re: Best way to handle spam that comes in from embedded forms?

3016 7
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Shereen_Adel1
4 - Data Explorer
4 - Data Explorer
See Solution in Thread

โ€ŽJan 02, 2023 01:31 PM

Does anyone have a recommended way to handle spam that comes in through publicly share/embedded Airtable forms? We've had forms published for over a year that never got spam before and then between Dec 20, 2022 and Dec 23, 2022 we got 49,245 spam submissions. It disrupted our workflow and prompted messages that we are over our limit. It generally feels invasive and pretty horrible. Any tips are welcome!

18 Replies 18
Bill_French
17 - Neptune
17 - Neptune
In response to onar
See Solution in Thread

โ€ŽOct 11, 2023 02:01 PM

>>> For most cases this flow will work just fine, considering Airtable API rate limit is 5 requests per second per base.

The API rate is not the issue. Most Airtable users must abide by a new limit - calls per month.

It's unlikely that a single form will attract a million requests. But it is likely for every legitimate form submission, some magnitude more will be bots doing what bots do. This approach will eat into the new API quota, and as we all know, Airtable APIs are married to the user's instance, so they can also affect user performance.

It's no secret -- I'm not a fan of using external automation platforms unless absolutely necessary. As such, I would approach this differently.

One approach - internal automation; when a record is added, use AI to identify any records that are probably created by a bot. There are numerous ways to target nefarious submissions with a deterministic prompt, including learner-shot examples that examine certain fields. The learner shots could be dynamic based on a known and vetted collection of legitimate records. This approach would be performant, would not require API calls, or sending all your data to another platform.

KuboS
5 - Automation Enthusiast
5 - Automation Enthusiast
In response to Bill_French
See Solution in Thread

โ€ŽOct 30, 2023 04:04 AM

Can you provide an examoples? 
I really wonder why they don't at least try for a sollution here. (Airtable)

0 Kudos
onar
5 - Automation Enthusiast
5 - Automation Enthusiast
In response to Bill_French
See Solution in Thread

โ€ŽOct 30, 2023 08:03 AM

Sorry for the late reply.

It is true! Sending your data to third parties is not preferable. That said, OOPSpam is a privacy friendly, doesn't require IP and email. Also, maintaining a spam detection infrastructure like the one you mentioned is a lot of work. Airtable may not be interested in building the system just for the forms.

To add to the internal automation discussion, the internal automation allows Run script, so it is possible to bypass Zapier and do an API directly to OOPSpam within the Airtable automation.

0 Kudos
Bill_French
17 - Neptune
17 - Neptune
In response to onar
See Solution in Thread

โ€ŽOct 30, 2023 08:10 AM

>... maintaining a spam detection infrastructure like the one you mentioned is a lot of work.

It's actually less work.

> Airtable may not be interested in building the system just for the forms.

This is not just about forms. An API process is just as capable of injecting bad data into your system. Airtable has proven over the years that it is not interested in building many good feature ideas. As such, no-codeists must look for solutions that involve things they can do to mitigate issues like this. I believe they will increasingly lean on generative AI to meet these requirements.

0 Kudos
onar
5 - Automation Enthusiast
5 - Automation Enthusiast
In response to Bill_French
See Solution in Thread

โ€ŽOct 30, 2023 08:16 AM

I see. I thought you were referring to Airtable to build the system.

Could you please provide an example so others can benefit?

0 Kudos
Bill_French
17 - Neptune
17 - Neptune
In response to onar
See Solution in Thread

โ€ŽOct 30, 2023 08:50 AM

> ... please provide an example

Sure. Imagine an AI field that applies a generative AI prompt whenever a new record is added. If the AI inference returns false, an automation deletes the record. The prompt might look something like this.

You are an expert who can recognize records that are spam. By definition, spam records contain data values that are vastly unlike legitimate records. I will provide you with the field values of a record you will use to gauge legitimacy. I will also provide you with a small set of example records that are legitimate. You will assess the current record and output "true" if legitimate and "false" if illegitimate.

Examples: `
  <fieldNames>: <dataValues>
  [output]: <true|false>
`
Record: <dataValues>
[output]

 

0 Kudos
KuboS
5 - Automation Enthusiast
5 - Automation Enthusiast
In response to Bill_French
See Solution in Thread

โ€ŽNov 01, 2023 01:39 PM

Slowly on me please. I can build a form and am basic in formulas. 
I can build a hidden field or a field that unhides. 
But you said conditioning is useless .... 2-5 ... if is inserted incorrect value the form record will be deleted.

But am not understanding your condition

0 Kudos
Bill_French
17 - Neptune
17 - Neptune
In response to KuboS
See Solution in Thread

โ€ŽNov 01, 2023 02:29 PM

The term "condition" was used twice in this thread by you, not me. So I don't understand what you are saying. You'll have to use more words to help me understand your question.

0 Kudos
CristianCG
7 - App Architect
7 - App Architect
See Solution in Thread

โ€ŽOct 14, 2024 08:16 PM

Hi there!

To solve this problem, at miniExtensions, we've created a third-party form that integrates seamlessly with Airtable and allows you to add security with CAPTCHA and even set a password for an added layer of protection.

CristianCG_0-1728962131977.png

Feel free to try out all these features with a free account at miniExtensions ๐Ÿ‘

0 Kudos
Copyright © 2024 Khoros, LLC