Stop Mautic from adding contacts from queried form page loads?

Your software
My Mautic version is: v4.4.9
My PHP version is: 8.0.29
My Database type and version is: 10.6.12-MariaDB-0ubuntu0.22.04.1 | pdo_mysql | Doctrine\DBAL\Platforms\MariaDb1027Platform

Your problem
My problem is: It looks like bots are crawling one of our landing page forms even though we have it set to not be index in the editor and have added that page to the robots.txt file for Mautic. When they crawl, they are adding query parameters to the url like: ourmauticdomain.com/contact-preferences?email=bork%40gmail.com%2Ffavicon.ico which will auto populate the email field in the form that’s on that page. This is intended, as we want to be able to auto populate the form on that page in our apps or other sources. What is not intended is that Mautic will automatically create a contact with “bork@gmail.comfavicon.ico” just based off the page hit. We would only want a contact to be created / updated if the form is actually submitted.

Is the only way to accomplish this is with a campaign that catches these types of page hits and deletes them?

These errors are showing in the log:

  • nothing.

Steps I have tried to fix the problem:

  • Looked at Mautic settings and documentation to look for any method to blacklist domains via regex with “s/.*favicon.ico/gm”

My tracking settings:

it seems the bot is submitting the form with some random data, can you confirm that? (are the bot submissions appearing in the forms results?).

if that is not the case, it seems very awkward behavior because the regular mautic tracking would not auto fill the e-mail based on the url, the bot would instead create a anonymous contact.

this doesn’t look to be a work of a serious bot that would respect robots.txt

if it is the case the bot is submitting the form, you should look for bot submission prevention solutions, like recaptcha or maybe some other simpler solution

Yeah it’s not due to the bot submitting it. I’ve checked the results and nothing there. I have a recaptcha on the form and the contact activity in Mautic actually shows it was simply visiting this page, and did not submit the form.

Mautic does have autopopulation capabilities with a form, which is what we are using: Managing forms | Mautic

I just didn’t expect it to make a contact on page hit lol

I can see this would be possible with the “Identify visitor by tracking url” option set to Yes, which seem to be disable in your configuration, here is what documentation says:

Identify visitors by tracking URL

There is a configuration section for identifying visitors by tracking URL although this is not recommended for use because it could be used to spoof tracking. If enabled, returning visitors will be identified by tracking URLs from channels (especially from emails) when no cookie exists yet.

Note: The email contact field has to be marked as a unique identifier and publicly updatable in your Mautic configuration.

perhaps enabling saving, and then disabling again would do the trick?

another workaround would be to use a different name for url parameter and form field, like e-address the form can still map the field to the contact e-mail field, but by changing the url parameter’s name it might prevent the identification, I know its not the best solution, just a workaround.

Tried enabling and disabling that and it didn’t work.

I’ll try changing the form field name and see if that does the trick. Worst comes to worst, I’ll set up some segment & campaign that catches these types of submissions quickly and deletes them.

Check your settings for email under custom fields. I think your email field is on public. This allows lead identification via the email url parameter.

If you disable it the mautic tracking should no longer use the email adress in the url as lead ident criteria.

Greetings
Sebastian