We have Marketo form on our website and we are getting junk emails. For example, people can put !,$ etc. and our forms still accept it. Is there a way to avoid it.
First of all: however rare, "!" and "$" are allowed characters in email addresses (on the left-hand/mailbox side, not on the domain side). So an HTML5- and SMTP-compliant email validator must not discard addresses because of those characters.
That said, Marketo's built-in validator is more permissive than most people expect, for example allowing test@example (without any TLD). Again, that is a valid email address. But it won't be routable on the public internet, and since the idea behind a Marketo form is to gather public email addresses, it stands to reason that it should not validate.
In reality, you have 3 different types of malicious use to cover:
You might also give a look at this blog post as it pertains to form-entered tokens in general.
Retrieving data ...