Perspectives on Salesforce.com

This functionality has been improved, runs native on force.com and released on the AppExchange. Learn more on our website.

Back in January, I posted about a way to help combat web to lead spam. That type of solution works well, but is not scalable. Also, it is a reactive approach rather than a proactive one.

I decided to try and see if I could incorporate Akismet into the web to lead process and I was successful in doing so! I created a set of scripts for you to download if you’d like to leverage Akismet with your web to lead forms.

Akismet is the best spam tool I have ever used. When I posted in January, it had captured 7,680 spam in its existence on this blog. Less than 4 months later, the spam count is up to 23,994. Needless to stay, spam is an exponentially increasing problem and will plague your Salesforce.com environment eventually. I feel that Salesforce.com needs to include a spam filter in their product for web to lead (vote for it).

Until then, leveraging Akismet could help you significantly.

About the Solution

The scripts are intended to be proof of concept for you to use and apply to your own environment. The code and downloads are now being officially hosted at Arrowpointe’s Open Source Project at Google.

To use this solution, you’ll point your web to lead forms to this script rather than to the standard Salesforce Web to Lead page. The script accepts the data from your web to lead form, passes it to Akismet to determine whether it’s spam or not and then passes the data to Salesforce.com’s web to lead page with the Akismet result appended to it.

In Salesforce, you’ll need to add checkbox field (e.g. “Akismet marked as spam”) on your Lead. If Akismet thinks it’s spam, that field will be set to TRUE. You would then need to add assignment rules or validation rules to do whatever you need. For example, you could have a lead assignment rule looking at that one checkbox field and put leads into a special queue if they are marked as spam.

The script leverages the Akismet PHP5 Class to handle the core communication with Akismet. I found this class from the Akismet Development page.

This script will only work on PHP5 and requires the cURL module to be enabled. cURL is enabled by default in most PHP installations. The PHP5 requirement is a limitation of the Akismet PHP5 Class. If you are on another platform (PHP4, Ruby, Java, etc.), I don’t see any reason why you couldn’t use these scripts and integrate a different Akismet toolkit into it. Additional toolkits are available from the Akismet Developer Page.

Cost

You’ll need a server running PHP5. If you have a server already setup, then hardware should cost you nothing.

Akismet is free for personal use, but has a small license fee for commercial use. If you will be using this in production, you should purchase an Akismet Commercial License Key. During development, I am sure you could use a personal key to make sure it works.

The scripts themselves are free and licensed under the GNU General Public License v3. I did this as a proof of concept for the betterment of Salesforce.com data quality everywhere.

Getting Started

1. Add a checkbox field to your Salesforce.com Lead Object that will hold whether Akismet thinks it’s spam or not.



2. Download the scripts. Three files will exist in the zip file:
   • index.php: The main script that handles the incoming data, talks to Akismet and posts the data to Salesforce.com Web to Lead.
   • constants.php: You will need to go into this file and edit some variable values based upon your own organizational setup. See the next step.
   • Akismet.class.php: This is the Akismet PHP5 class I was talking about above.
3. Edit the constants.php file:
   • Enter your WordPress API key where it says ENTER_WORDPRESS_API_KEY. Get a personal or commercial key if you don’t have one.
   • Enter your company URL where it says ENTER_YOUR_COMPANY_URL.
   • Enter your company’s Salesforce.com Org ID where it says ENTER_YOUR_SALESFORCE_ORG_ID. This is actually optional. Doing this allows you to remove the OID from your public web to lead forms so spammers don’t know your Org ID. Doing this will reduce the amount of spam you actually need to process.
   • Generate a web to lead form in your Salesforce setup. Find the new Salesforce field you created in step 1 and copy the id value from the HTML form and put it in the constants.php file where it says ENTER_THE_W2L_CUSTOMFIELD_NAME. This step is required so that your Salesforce org is actually populated with the Akismet result.
   • PHP Advanced: The $Akismet_noPass array holds the names of fields that should not be included in the content passed to Akismet. Feel free to add/remove values from this array. The values in the array are referring to the names of form fields in your web to lead HTML form. I have no idea if this helps/hurts, but it seemed like a practical thing to add into the script.
4. Upload the scripts to your web server and note the fully qualified URL for that directory (e.g. http://www.example.com/web2lead)
5. Update your web to lead forms to have them post to the location of the files from the previous step (e.g. http://www.example.com/web2lead/ – make sure to put the / at the end of the URL. Not sure why, but I wasn’t able to get it to work without it)
6. Test your form to see if it works. The script acts as an intermediary between your form and Salesforce web to lead. The end-user experience should be the exactly the same with or without the scripts.
7. Once you know it works, you should add a lead assignment rule into Salesforce as rule #1 that looks to see if this field is checked. If so, then route the lead to a “Potential Spam” queue or something of that nature. Another option is to create a validation rule that doesn’t even allow the lead into the system.
8. Make sure your Auto Response rules don’t email a reply to leads marked as spam. If you allow this, then those spammers have an email address to try.
9. Update some/all of your web to lead forms to post to this new page. If desired, remove the “oid” field from the HTML form for each of these since the script will pass your Org ID to Salesforce automatically.

Other Stuff

These scripts are a proof of concept. I am not officially supporting them, but am happy to help people out informally. Post comments here if you have questions/comments/criticisms.

I have only tested this with leads that were either real or very obviously spam. It worked well. From Akismet’s perspective, the data it checks looks just like a blog comment and I can attest that Akismet is amazing at identifying blog comment spam. So it should work well for Salesforce.com web to lead.

I am going to update my existing web to lead forms on this site and see how it works and report back to you. I encourage you to do the same and let me know your experiences with it or recommendations on how to improve the scripts.

Enjoy!

Mike Simonds created a blog with a Salesforce category to it. He just got it started and has written part 1 in a series of PHP Toolkit Tutorials.

This first example focuses on querying an Oracle database and pushing data to Salesforce.com using the upsert method.

If you are interested in the PHP toolkit (which is my preferred toolkit), it’s worth a read.

Check it out.

This is actually more of a lesson in JavaScript, but it shows how flexible the Salesforce environment can be to meet various requirements. The ability to add “OnClick JavaScript” behind a button is a really nice feature.

My requirements were:

1. Ability for an end user to, from an Account view, check the records that need to be processed and click a button to process them.
2. The processing is to take place in an external PHP page
3. Pass the parameters as an HTTP POST transaction (i.e. do NOT include the parameters in the URL string).

I knew I would need to create a custom List button so that it could appear above the view. I used the OnClick JavaScript option because what I needed to do was simple and I didn’t want the overhead of an s-Control getting invoked. That solves requirement #1.

Requirement #2 could be solved by having the button use 2 lines of JavaScript to pass the parameters to the PHP page.

idArray = {!GETRECORDIDS($ObjectType.Account)};

window.open(“https://www.mydomain.com/script.php?session={!API.Session_ID}
&server={!API.Partner_Server_URL_90}&idArray=”+idArray);

This got the job done, but violates requirement #3, which is to keep the data sent to the page hidden from view.

To meet requirement #3, I had to use JavaScript to dynamically build an HTML form on the fly, add data to it and then submit it.

// create the form. Set it up to POST the transaction
f = document.createElement(“form”);
f.action=”https://www.mydomain.com/script.php”;
f.method = “post”;
f.target = “_blank”;

// add the session id as a parameter
i = document.createElement(“input”);
i.id = “session”;
i.name = “session”;
i.type = “hidden”;
i.value = “{!API.Session_ID}”;
f.appendChild(i);

// add the server location as a parameter
i = document.createElement(“input”);
i.id = “server”;
i.name = “server”;
i.type = “hidden”;
i.value = “{!API.Partner_Server_URL_90}”;
f.appendChild(i);

// Get the Account IDs that were checked
idArray = {!GETRECORDIDS($ObjectType.Account)};

// add the idArray as a parameter
i = document.createElement(“input”);
i.id = “idArray”;
i.name = “idArray”;
i.type = “hidden”;
i.value = idArray;
f.appendChild(i);

// add the form to the document.
document.body.appendChild(f);

// submit the form
f.submit();

This solution worked perfectly. The end result was that the PHP page the form posted to was able to retrieve the Salesforce session Id, endpoint location and an array of Id values via the $_POST variable and none of those parameters were visible in the URL. The PHP was opened in a new window, which was defined in the f.target = “_blank”; line above.

I don’t know if there’s an easier way to do this or not (comments are welcome), but this turned out to be very easy and is an approach I will re-use. The hardest part was trying to figure out the JavaScript syntax.

This is a nice trick for non-Salesforce JavaScript development too.

Steve over at gokubi.com has been doing a lot with Apex Code recently. He has a clever post about writing Apex code triggers and having them run on a schedule. It’s a good post to get the wheels turning with regards to what you can now do on the platform.

Nice work, Steve.

Salesforce posted a new wiki page for a Flex Toolkit, allowing for rich interactive components to be built on Adobe’s Flex platform and integrated with Salesforce.com. The overview, per wiki page is:

The concept for this library is simple: Begin with the Salesforce AJAX toolkit, port the data layer to the ActionScript 3.0 programing language found in Adobe Flex, returning native strongly typed ActionScript objects for the Flex programmer to manipulate and render. This allows Flex programmers to build S-controls — components within the Apex interface where custom code can be executed — without dropping into JavaScript.

For more information:

• Visit the Flex Toolkit page on the Apex Wiki. There you will find Getting Started materials, downloads, object/class documentation, etc.
• Check out the screencast to learn about the IDE.
• See the end result in action in an AppExchange Test Drive