Add a CAPTCHA to a subscription form created in Brevo

We strongly recommend using a CAPTCHA confirmation in your forms to protect against bot attacks and spam signups, which can result in issues such as fake data being added to your lists. If you are creating your subscription form in Brevo, you can choose between Google reCAPTCHA or Cloudflare Turnstile CAPTCHA.

Good to know

Adding a CAPTCHA to your subscription form is one of several techniques and best practices available to protect your forms from bots and spam signups. To learn more about the other techniques, check our dedicated article Protect your forms from bots and spam signups.

What is a CAPTCHA?

A CAPTCHA is a security feature used in forms to distinguish between human users and bots. It typically presents a challenge that is easy for humans to solve but difficult for bots, such as identifying distorted text, checking a box, selecting specific images, or solving simple math problems.

Here's an example of what the Google reCAPTCHA (v2) with an "I'm not a robot" checkbox looks like:

CAPTCHA gif example

What is the difference between Google reCAPTCHA and Cloudflare Turnstile CAPTCHA?

Google reCAPTCHA and Cloudflare Turnstile CAPTCHA are both tools designed to prevent bots from submitting forms and interacting with websites. Here’s a brief comparison of the two:

  Google reCAPTCHA Cloudflare Turnstile CAPTCHA
Provider Google Cloudflare
Integration Widely used across the web. More commonly used among websites using Cloudflare services for broader security needs.
Type of verification Requires users to interact with a checkbox or invisible challenge to confirm they are human. Provides customizable challenges based on detected bot behavior.
Ease of use Generally easy to implement with straightforward setup instructions. Seamlessly integrated for websites using Cloudflare services.
Cost Free for most users, but Google may collect data from users to improve its services. Included with Cloudflare’s service plans, which vary in pricing based on features and usage.
💡 Good to know

As a best practice, it is recommended to include at least a CAPTCHA with a checkbox, such as Google reCAPTCHA v2 with the "I'm not a robot" checkbox, in your subscription form.

Step 1: Create your CAPTCHA

Start by creating your preferred CAPTCHA:

Create a Google reCAPTCHA Create a Cloudflare Turnstile CAPTCHA

To create a Google reCAPTCHA:

  1. Go to https://www.google.com/recaptcha/about/.
  2. Click v3 Admin Console in the header.
  3. Log into your Google account or create a new one.
  4. Enter an internal name for your reCAPTCHA in the Label field.
  5. Select the reCAPTCHA type you want to use:
    reCAPTCHA type User interaction Advantages Disadvantages
    Score based (v3) Always invisible, working silently to detect bot behavior without user interruption. Provides enhanced security without disrupting the user experience. Requires careful implementation to interpret scores correctly and take appropriate actions based on those scores.
    reCAPTCHA (v2) - "I'm not a robot" Checkbox Always requires users to click a checkbox to confirm they are human. Simple for users and effective against most bots. Can sometimes interrupt the user experience with additional verification steps, such as image-based challenges.
    reCAPTCHA (v2) - Invisible reCAPTCHA badge

    Typically runs invisibly but can prompt a challenge when necessary.

    Reduces user interaction while still being able to prompt challenges when suspicious activity is detected.

    Can occasionally interrupt the user experience with additional verification steps if the system detects potentially suspicious behavior.
  6. Fill in the Domains field based on how you plan to share the form on your website:
    • If you want to share your form using Quick Share or Iframe
      Add the domain sibforms.com. It is the domain Brevo uses to host the form.
    • If you want to integrate your form with HTML
      Add the domain of the website where you will display the form. For example, if you want to add the form on the website https://www.thegreenyoga.com/, enter www.thegreenyoga.com in this field.
      💡 Good to know
      If you're not sure how you will share the form, you can add both of the above domains.
  7. Click Submit.

Your reCAPTCHA is now created. You will see a page displaying the Site Key and Secret Key. Keep this page open, as you will need these keys for Step 2 to configure the reCAPTCHA within your form.

forms_captcha_secret-key_site-key_en-us.jpeg

Step 2: Add the CAPTCHA to a subscription form

To add the CAPTCHA to a subscription for created in Brevo:

  1. Log into your Brevo account.
  2. Go to Contacts > Forms.
  3. Create a new subscription form or open an existing one.
    ➡️ To learn more, check our dedicated article Create a subscription form in Brevo.
  4. At the Design step, drag and drop the Captcha block into your subscription form.
    forms_captcha-block_en-us.jpeg
  5. In the Captcha Type dropdown, select either reCAPTCHA v2, reCAPTCHA v3 or Cloudflare based on the CAPTCHA you created in Step 1.
  6. Copy and paste the Site Key and Secret Key that were displayed after completing Step 1 in their respective fields.
  7. (Optional) Add a Label name and Help text to your CAPTCHA.
  8. If you created a reCAPTCHA v2 with the Invisible reCAPTCHA badge in Step 1, select Invisible Captcha.

    contacts_forms_recaptcha.png

That's it! You've added the CAPTCHA to your subscription form. Now, complete the setup of your subscription form and share it on your website.

➡️ To learn more, check our dedicated article Create a subscription form in Brevo - Share your subscription form.

Troubleshooting

Here are some troubleshooting tips for common CAPTCHA-related errors and issues:

❌ I get the error "Invalid domain for site key"

The domain you have to enter in Google or Cloudfare depends on how you plan to share the form on your website:

  • If you want to share your form using Quick Share or Iframe
    Add the domain sibforms.com. It is the domain Brevo uses to host the form.
  • If you want to integrate your form with HTML
    Add the domain of the website where you will display the form. For instance, if you want to add the form on http://www.thegreenyoga.com, add thegreenyoga.com in this field.
    💡 Good to know
    If you're not sure how you will share the form, you can add both of the above domains.
❌ I get the error "Invalid key type"

When adding a reCAPTCHA to a form, ensure you enter the Site Key and Secret Key specific to the type of reCAPTCHA you created.

Site Keys and Secret Keys for one type are independent of the other type:

  • Keys for Checkbox reCAPTCHA should only be used for Checkbox reCAPTCHA and not for Invisible reCAPTCHA.
  • Keys for Invisible reCAPTCHA should only be used for Invisible reCAPTCHA and not for Checkbox reCAPTCHA.
❌ I can't see the CAPTCHA in my form

Simple HTML doesn't include JavaScript

If you share your form using Simple HTML, the CAPTCHA won't be included. Simple HTML is a simplified version of your form's HTML that doesn't need JavaScript. However, since CAPTCHA requires JavaScript, it won't be included in forms shared via Simple HTML.

Same Site Key and Secret Key on multiple forms

We do not recommend using the same Site Key and Secret Key on multiple forms as it can sometimes cause errors and conflicts with the forms.

⏩ What's next?

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.

If you’re looking for help with a project using Brevo, we can match you with the right certified Brevo expert partner.

💬 Was this article helpful?

201 out of 308 found this helpful