We strongly recommend using a CAPTCHA confirmation in your forms to protect against bot attacks and spam signups, which can result in issues such as fake data being added to your lists. If you are creating your subscription form in Brevo, you can choose between Google reCAPTCHA or Cloudflare Turnstile CAPTCHA.
Good to know
Adding a CAPTCHA to your subscription form is one of several techniques and best practices available to protect your forms from bots and spam signups. To learn more about the other techniques, check our dedicated article Protect your forms from bots and spam signups.
What is a CAPTCHA?
A CAPTCHA is a security feature used in forms to distinguish between human users and bots. It typically presents a challenge that is easy for humans to solve but difficult for bots, such as identifying distorted text, checking a box, selecting specific images, or solving simple math problems.
Here's an example of what the Google reCAPTCHA (v2) with an "I'm not a robot" checkbox looks like:
What is the difference between Google reCAPTCHA and Cloudflare Turnstile CAPTCHA?
Google reCAPTCHA and Cloudflare Turnstile CAPTCHA are both tools designed to prevent bots from submitting forms and interacting with websites. Here’s a brief comparison of the two:
Google reCAPTCHA | Cloudflare Turnstile CAPTCHA | |
---|---|---|
Provider | Cloudflare | |
Integration | Widely used across the web. | More commonly used among websites using Cloudflare services for broader security needs. |
Type of verification | Requires users to interact with a checkbox or invisible challenge to confirm they are human. | Provides customizable challenges based on detected bot behavior. |
Ease of use | Generally easy to implement with straightforward setup instructions. | Seamlessly integrated for websites using Cloudflare services. |
Cost | Free for most users, but Google may collect data from users to improve its services. | Included with Cloudflare’s service plans, which vary in pricing based on features and usage. |
As a best practice, it is recommended to include at least a CAPTCHA with a checkbox, such as Google reCAPTCHA v2 with the "I'm not a robot" checkbox, in your subscription form.
Step 1: Create your CAPTCHA
Start by creating your preferred CAPTCHA:
To create a Google reCAPTCHA:
- Go to https://www.google.com/recaptcha/about/.
- Click v3 Admin Console in the header.
- Log into your Google account or create a new one.
- Enter an internal name for your reCAPTCHA in the Label field.
- Select the reCAPTCHA type you want to use:
reCAPTCHA type User interaction Advantages Disadvantages Score based (v3) Always invisible, working silently to detect bot behavior without user interruption. Provides enhanced security without disrupting the user experience. Requires careful implementation to interpret scores correctly and take appropriate actions based on those scores. reCAPTCHA (v2) - "I'm not a robot" Checkbox Always requires users to click a checkbox to confirm they are human. Simple for users and effective against most bots. Can sometimes interrupt the user experience with additional verification steps, such as image-based challenges. reCAPTCHA (v2) - Invisible reCAPTCHA badge Typically runs invisibly but can prompt a challenge when necessary.
Reduces user interaction while still being able to prompt challenges when suspicious activity is detected.
Can occasionally interrupt the user experience with additional verification steps if the system detects potentially suspicious behavior. - Fill in the Domains field based on how you plan to share the form on your website:
-
If you want to share your form using Quick Share or Iframe
Add the domain sibforms.com. It is the domain Brevo uses to host the form. -
If you want to integrate your form with HTML
Add the domain of the website where you will display the form. For example, if you want to add the form on the website https://www.thegreenyoga.com/, enter www.thegreenyoga.com in this field.
💡 Good to knowIf you're not sure how you will share the form, you can add both of the above domains.
-
If you want to share your form using Quick Share or Iframe
- Click Submit.
Your reCAPTCHA is now created. You will see a page displaying the Site Key and Secret Key. Keep this page open, as you will need these keys for Step 2 to configure the reCAPTCHA within your form.
To create a Cloudflare Turnstile CAPTCHA:
- Log into your Cloudflare account.
- Select the Turnstile menu.
- Click Add site.
- Enter an internal name for your CAPTCHA in the Site name field to help you identify it among the widgets in your Cloudflare account.
- Fill in the Domains field based on how you plan to share the form on your website:
-
If you want to share your form using Quick Share or Iframe
Add the domain sibforms.com. It is the domain Brevo uses to host the form. -
If you want to integrate your form with HTML
Add the domain of the website where you will display the form. For example, if you want to add the form on http://www.thegreenyoga.com, add thegreenyoga.com in this field.
💡 Good to knowIf you're not sure how you will share the form, you can add both of the above domains.
-
If you want to share your form using Quick Share or Iframe
- Under Widget Type, choose how Cloudflare should process captcha requests on your forms:
-
Managed
This option allows Cloudflare to decide whether to show an interactive challenge or automatically verify the user based on their browser data and interaction. -
Non-interactive
This option will show the CAPTCHA widget on your form. However, it doesn’t require user interaction. Cloudflare will automatically run the challenge and verify the user. -
Invisible
This option runs in the background and requires no interaction from the user.
-
Managed
- Click Create.
The CAPTCHA is now created. You will see a page displaying the Site Key and Secret Key. Keep this page open, as you will need these keys for Step 2 to configure the CAPTCHA within your form.
Step 2: Add the CAPTCHA to a subscription form
To add the CAPTCHA to a subscription for created in Brevo:
- Log into your Brevo account.
- Go to Contacts > Forms.
- Create a new subscription form or open an existing one.
➡️ To learn more, check our dedicated article Create a subscription form in Brevo. - At the Design step, drag and drop the Captcha block into your subscription form.
- In the Captcha Type dropdown, select either reCAPTCHA v2, reCAPTCHA v3 or Cloudflare based on the CAPTCHA you created in Step 1.
- Copy and paste the Site Key and Secret Key that were displayed after completing Step 1 in their respective fields.
- (Optional) Add a Label name and Help text to your CAPTCHA.
-
If you created a reCAPTCHA v2 with the Invisible reCAPTCHA badge in Step 1, select Invisible Captcha.
That's it! You've added the CAPTCHA to your subscription form. Now, complete the setup of your subscription form and share it on your website.
➡️ To learn more, check our dedicated article Create a subscription form in Brevo - Share your subscription form.
Troubleshooting
Here are some troubleshooting tips for common CAPTCHA-related errors and issues:
The domain you have to enter in Google or Cloudfare depends on how you plan to share the form on your website:
-
If you want to share your form using Quick Share or Iframe
Add the domain sibforms.com. It is the domain Brevo uses to host the form. -
If you want to integrate your form with HTML
Add the domain of the website where you will display the form. For instance, if you want to add the form on http://www.thegreenyoga.com, add thegreenyoga.com in this field.
💡 Good to knowIf you're not sure how you will share the form, you can add both of the above domains.
When adding a reCAPTCHA to a form, ensure you enter the Site Key and Secret Key specific to the type of reCAPTCHA you created.
Site Keys and Secret Keys for one type are independent of the other type:
- Keys for Checkbox reCAPTCHA should only be used for Checkbox reCAPTCHA and not for Invisible reCAPTCHA.
- Keys for Invisible reCAPTCHA should only be used for Invisible reCAPTCHA and not for Checkbox reCAPTCHA.
Simple HTML doesn't include JavaScript
If you share your form using Simple HTML, the CAPTCHA won't be included. Simple HTML is a simplified version of your form's HTML that doesn't need JavaScript. However, since CAPTCHA requires JavaScript, it won't be included in forms shared via Simple HTML.
Same Site Key and Secret Key on multiple forms
We do not recommend using the same Site Key and Secret Key on multiple forms as it can sometimes cause errors and conflicts with the forms.
⏩ What's next?
🤔 Have a question?
If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.
If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo expert partner.