Subscription forms can be the target of abusive behavior, such as automated submissions of spam trap email addresses, or the addresses of people who did not actually sign up for the list.
GreenArrow offers the option of using invisible reCAPTCHA version 2 authentication to reduce the risk of this abusive behavior succeeding. Each time a form that uses reCAPTCHA is submitted, reCAPTCHA evaluates whether the submission came from a human or machine. If it believes that the submission is from a human, it is accepted. If it believes that the submission could be from a machine, it issues a challenge, such as asking the submitter to click on all squares containing an object:
The challenges are intended to be solvable by people, but not computers.
reCAPTCHA validation is disabled by default. To use it:
- Register reCAPTCHA keys for your GreenArrow installation, as shown in the reCAPTCHA Registration section.
- Configure GreenArrow to use your site and secret keys as shown in the System Configuration section.
- Enable reCAPTCHA for individual subscription forms, as shown in the Form Configuration section.
Here’s how to register for reCAPTCHA keys:
Go to https://www.google.com/recaptcha/ and register for a reCAPTCHA v2 Invisible key. Enter all domain name(s) that will host signup forms in the “Domains” field. See reCAPTCHA’s Domain/Package Name Validation document for details on how the domains that get entered into the form are interpreted:
Record the Site key and Secret key that are provided. You’ll need both later:
Scroll down to the “Key Settings” form, and either:
- Verify that all domain names that will host signup forms are listed.
- If you aren’t able to define the full list of domains that will be used for signup forms, then expand the “Advanced Settings” section, uncheck the “Verify the origin of reCAPTCHA solutions” box, then save changes.
- Login to GreenArow Studio.
- Navigate to “Admin” => “System”.
- Click on any of the “Edit System Configuration” buttons.
Scroll down to the “CAPTCHA” section, and enter the site key and secret key that were obtained earlier, then click “Update system configuration”:
Deleting either the reCAPTCHA secret key or site key from GreenArrow’s configuration will cause reCAPTCHA functionality to be disabled on all forms.
Next, update the subscription forms that you want to use reCAPTCHA:
- Login to GreenArow Studio.
- Click on the “Mailing Lists” tab.
- Click on the View (magnifying glass) icon that appears to the right of the list whose form you wish to update.
- Click on the “FORMS” link.
- Click the Edit (pencil and wrench) icon that appears to the right of the form that you wish to edit.
- Set the “REQUIRE CAPTCHA” field to “YES”, then click “UPDATE THIS FORM”.
If subscribers access the form via the “Public Form URL” or “Public Form IFRAME” option, then there’s no need to post an updated link or IFRAME code.
If subscribers access the form via a page that uses the “Public Form HTML” code, then post the updated code. You can view it by doing the following:
- Click on the View (magnifying glass) icon that appears to the right of the form you just edited.
- Copy the contents of the “Public Form HTML” field.
You can obtain visual confirmation that reCAPTCHA validation is being used by looking for a reCAPTCHA badge towards the bottom right of your signup page:
If you wish to manually trigger a challenge for testing purposes, then try connecting from a new IP address and using your browser’s equivalent of Incognito mode.