Question about form and contact-update behaviour

Hello,

I try to implement my first forms with mautic. I want to create a simple form for newsletter-sign-up with data like company name, firstname, lastname and email. This form should be available for all users on the website.

When I insert a email-adress of an existing user it seems like mautic updates the existing user with the form data.

This means that ANYONE is able to change data of my mautic contacts, just by guessing an existing email address.

I don’t like this behaviour and think this is kind of critical for misuse.

How do you think about this? Is there any way to avoid this?

I also tried the kiosk mode in the form settings but the update-behaviour seems the same.

Thanks for some help!

Best regards,

Timo

Yes it’s possible. You would able to see the ip where this is coming from and ban if you want. Of course this would result in a whack a mole game, but you have this option.
Not sure what the benefit is besides messing with you. I’ve never had this issue.
I had other issues but not this.

Hi Joey,

thanks for your quick reply. So there is no way to disable this form-update-contact-behaviour in any way?

The only possibility I see is to submit the data via rest api and check if the email already exists (and then do no update on the names). But this is much more effort because these calls have to be programmed.

Best regards,

Timo

Hi, sure. So what you wanna do is not to save the entry if the email already exists?

Right - I don’t want to save/update the contact in this case. Is there a build-in way to do this?

You can just not connect it with any field. Would that work?

I think not - or In don’t understand how mean it.

I want to save the firstname in the firstname. But in best case just for new contacts.

Can you explain me how you mean “not connect”?