3 Ways to Protect Google Forms from Spamming

Introduction

In this article, you will discover the 3 Ways to Protect Google Forms from Spamming. Google Forms is a powerful tool that allows users to create surveys, quizzes, and feedback forms. However, one of the challenges that users often face is spamming. Spam submissions can not only skew the data but also waste valuable time and resources.

One day you woke up and feel excited that you got thousands responses for your Google forms survey. When you opened the spreadsheet, you're staggered. Most of responses are garbage spams.

You may be surprised that these malicious bot spam tools does exist in the market, such as this Google Form Submitter. (Thanks to Google, it ranks the first so it's easy for anyone to find and hack. 😂)

Some guys hope reCAPTCHA to be integrated with Google Forms. At least at the moment of writing this article, such integration is yet to come.

So how do you fight your forms from being spammed? We shows you 3 imperfect workarounds to reduce spams. Just like flu, we can get flu shots for a season protection, but we cannot be immune from spams forever.

3 Ways to Protect Google Forms from Spamming Methods:

Method 1. Password protection

First of all, we assume you published a naked google form on social medias or embedded in your own site. Anyone can discover the form link and submit answers without any restrictions.

The old school password strategy is easy to understand.

Pros

Secure. If you have a long strong password, it's hard for spammers to break into.
Simple to implement.

Cons

Dilemma. If you don't share the password with the public link, no one can submit any answer. If you shared, it makes no senses.

Here is how it works.

Open your Google form.
Add a Short answer question, named Password.
Click the icon
Click Response validation.

Add a password short text question with response validation

In the validation conditions, select Regular expression Matches
Type in a long and strong password and an error message when respondents typed a wrong password.
Turn on Required.

Text validation for password short answer. select text contains some long password. and write some text message if password is incorrect. — Text Validation for password short answer

Now try to submit a response with a wrong password. You will find you cannot. It tells you the password is incorrect.

Wrong password will stop you from submitting spam answers. It prompts your password is incorrect — Wrong password will stop you from submitting spam answers

Method 2. Limit only 1 response

This method is apparently the easiest since it's one click. This method will more or less slow down spammers and thus decrease the number of spams.

Pros

Secure.
Easiest to do.

Cons

Limited to google users.
May lower conversion rate for the extra step.

Here is how it works.

Open your Google form.
Click Settings.
In the General tab, check the Limit to 1 response option.

Limit to 1 response option in Google forms settings

When you are done, any respondents without their google accounts logged in will see the following screen.

when a respondent opens a form, a Google Account sign in dialog pops up to demand signing in before filling the form — Google Account sign in required to fill the form

When they want to re-submit another spam answer, they will be blocked.

You've already responded message shown after you try to submit another response. It tells you you can only fill out this form once. Try contacting the owner of the form. — You've already responded message shown after you try to submit another response

Method 3. Simulated CAPTCHA

This method relies on a form addon to work, named Captcha for Forms. It adds an additional security layer without compromise of flexibility. The addon adds a dynamic captcha code challenge for respondents. Unlike the dilemma using password method above, the tool is able to expire the captcha frequently so no permanent spamming is possible.

Let's take a look how it works.

Download and install Captcha for Forms. You may follow this full installation guide.

Once you are done with installation, open Captcha for Forms from the menu.
In the popped sidebar, turn on Enable Captcha.
That's it, simple.

Captcha for forms adds a code challenge to respondents to protect forms from spams

Now let's see the respondent's screen.

Bots cannot easily get through a dynamic challenge

It's difficult for bot to respond the captcha challenge but human.

Conclusion

Spamming can be a significant issue when using Google Forms, but by implementing these three methods, you can protect your forms and ensure the integrity of your data.
Anti-spam is an endless game. Please leave any comments if you have any questions.

Google Forms Captcha: Anti-Spamming For Google Forms

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. This cookie is installed the first time a visitor enters the website through a browser. When the visitor comes back to the website through the same browser, the cookie will consider them to be the same visitor. Only in the event that the visitor changes browser, will they be deemed to be a different visitor.
_gat_gtag-###	1 minute	This cookie is installed by Google Analytics. It is used to analyze visitor browsing habits, flow, source and other information.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected includes the number of visitors, the source where they have come from, and the pages visited in an anonymous form.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
__Secure-1PAPISID	2 years	Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalized Google advertising
__Secure-1PSID	2 years	Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalized Google advertising.
__Secure-3PAPISID	2 years	Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalized Google advertising.
__Secure-3PSID	2 years	Used by for targeting purposes to build a profile of the website visitor's interests in order to show relevant & personalized Google advertising.
_gcl_au	3 months	This cookie is set by Google Analytics to take information in advert clicks and store it in a 1st party cookie so that conversions can be attributed outside of the landing page.
1P_JAR	1 month	This cookie is installed by Google Ads. This cookie is used to collect site statistics and track conversion rates.
APISID	2 years	This cookie is used by Google to store user preferences and information while viewing Youtube videos on this site.
HSID	2 years	This cookie contains digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. Google uses security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.
LOGIN_INFO	2 years	This cookie is used by YouTube (Google) for storing user preferences and other unspecified purposes.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
PREF	2 years	This cookie is used by YouTube (Google) for storing user preferences and other unspecified purposes.
SID	2 years	This cookie contains digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. Google uses security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties.
SIDCC	1 year	This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
SSID	2 years	This cookie is used to save the user's preferences and other information.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	6 months	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	This cookie is used by YouTube to remember user input and associate a user’s actions. This cookie lasts for as long as the user keeps their browser open.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

3 Ways to Protect Google Forms from Spamming

Introduction

3 Ways to Protect Google Forms from Spamming Methods:

Method 1. Password protection

Method 2. Limit only 1 response

Method 3. Simulated CAPTCHA

Conclusion

Related Articles:

Products & Services

Company

Contact

Follow us