To set up Form Defender, follow these steps:
1) Navigate to the form defender tab in the admin console (here)
2) Customize the settings, according to the definitions below
3) Copy/paste the Javascript tag in the UI onto the page or container tag (eg: Google Tag Manager) where your form lives.
=====================
Email Validation Settings
These settings are related to validating emails submitted on your forms to prevent
Validate Email On Form Submission
When activated, the email field in a given form field will be verified using KittAI (you can preview what that experience looks like using the site here).
Email Validation Timeout
Default value = 10s. Sets the maximum time a user is kept waiting for their email to be validated before the form submission proceeds. Note: the loading animation automatically adjusts its progress bar to match the timeout and show consistent progress towards completion. The max this value can be is 20 (if higher, the default value will apply)
Treat Aliases As Invalid
When checked, our system will try to detect aliases that forward to other emails and block them. Some people use aliases to create multiple accounts; this option forces the person to use the real email account the aliases are tied to. If detected, the user will be shown a browser alert telling them the email is an alias and they need to use the real email address the alias is tied to.
Treat Fake Websites & parked landing pages as Invalid
This step checks the domain tied to the email and whether or not it's tied to a real webpage (using AI). Many spam emails will either be linked to a 404 not found page or some form of "this domain has been purchased" type landing page. Websites requiring JS rendering are handled. If detected, the user is shown a browser alert telling them the email appears related to a non-commercial or parked website.
Block Free Email Providers
This will treat emails like @yahoo.com, @aol.com, @gmail.com and hundreds of others like it as invalid. If detected, the user is shown a browser alert telling that free email providers are blocked and a commercial email account must be used.
Fraud Detection Settings
Block VPN/Proxy Users
Checks for plugins/apps that tamper with the computer's networking to mask its true IP address. Also checks IP against a large database of known VPN providers. If detected, the user is shown a browser alert telling them that a VPN/proxy has been detect ed and they need to disable it to proceed.
Block Fraud Risk IPs
Checks the submitted IP against a known database of risky IPs against which abuse has been reported across the internet. If detected, the user will either be shown a browser alert telling them that 'an unhandled exception has occurred' or be redirected to your Dummy Redirect URL if it exists-- this is done as a standard because risky ips have a very low false positive rate, and the best solution in these cases is to trick the bot into thinking it succeeded.
Block Submissions On Mobile Devices
Checks to make sure the device being used to signup is not mobile (phone, tablet, etc). If detected, the user is shown a browser alert telling them that only desktop devices are supported for signup.
Block Submissions On Non-Chrome Browsers
Checks to make sure a specific browser is used for signups to prevent users fudging device fingerprints by switching browsers to sign up. If detected, the user is shown a browser alert telling them that only Chrome is supported for signup.
Block Fraud Risk IPs
Checks the settings of the browser being used to detect automation frameworks (headless chrome, puppeteer, playwright, phantomjs, etc). If detected, the user will either be shown a browser alert telling them that 'an unhandled exception has occurred' or be redirected to your Dummy Redirect URL if it exists-- this is done as a standard because bot detection has a very low false positive rate, and the best solution in these cases is to trick the bot into thinking it succeeded.
Block High Risk Regions
Blocks form submissions from countries that have a very high rate of internet fraud (mostly across Africa/South Asia). If detected, the user is shown a browser alert telling them that the form is not yet supported in their region.
Additional Settings
Dummy Redirect URL
Most bots trying to commit ad fraud will move on if they think they have succeeded, whereas excess validation may cause them and their overlords to try to keep hitting your form/work around the issue repeatedly. You can optionally provide a Dummy Redirect URL which represents a 'fake landing page' (eg: a conversion page without a conversion pixel) that just tells the person something like "Your request has been received, check your email!"
Custom Form CSS ID
Our script tag currently only works with a single form on a given page (which is most typical for marketing/signup forms). However, in the event you have multiple forms, you can specify which form you want Form Defender to attach itself to, by providing a CSS ID of the form.