Loading

Web-to-Case and Web-to-Lead Daily Limits Exceeded Due to Spam: Pending Queue and Resolution Steps

Publish Date: Apr 2, 2026
Description

Salesforce enforces a maximum number of new Cases (5000) and Leads (500) generated in a 24 hours period (Salesforce Features and Edition Limits). Once the organization exceeds its daily Web-to-Case or Web-to-Lead limit, the default case owner or default lead creator receives a notification email that contains information about the case or lead. When an organization reaches the 24-hour limit, Salesforce stores additional requests in a pending request queue that contains both Web-to-Case and Web-to-Lead requests. The requests are submitted when the limit refreshes. These requests are then considered for the next day's limit. Queued leads will be processed before new leads are submitted as long as the daily limit is surpassed. The pending request queue has a limit of 50,000 combined requests. If an organization reaches the pending request limit, additional requests are rejected and not queued. The administrator will receive email notifications for the first five rejected submissions.

In certain circumstances, commonly due to spam requests, one or more of these limits may be met unexpectedly with non-desired records. Find below a number of recommendations about what to do in order to handle those situations.

Resolution

 

Get the web-to-x form under control

Make sure that the spam issue is controlled and that no additional requests are being created. The sooner this is managed the better in order to avoid the hard limit of 50,000 pending requests. A temporary measure could be to remove the web form from its website until a permanent solution is in place. Another suggestion would be to create a Validation Rule once a pattern is identified to stop the records from coming to the Org. A permanent solution would be to enforce a web-side validation or captcha to make sure that the web form is secure and protected from spam. Also, it'd be a best practice to try to avoid easily-accessible source code directly in your website. It's best practice to use other HTML/API methods instead in order to fully protect web submissions.

Identify existing spam records

Reports can be used (especially if the time of the spam records' creation is known) to identify spam records inside the org.  Once identified, records can be mass deleted or handled in order to prevent agent confusion. If a pattern is found during this procedure, a Validation Rule can be written to prevent further spam from similar sources.

What can Salesforce do for you?

Salesforce cannot take action on the pending queue. Clearing the pending queue is not an option. However,  the number of daily requests for your Organization can be increased temporarily to make sure the requests are processed.

In order to do this, please create a case with Support and provide the following information:

Organization ID: the Production or Sandbox Id needing this feature Navigate to Setup, enter 'Company Information' in the Quick Find box, select 'Company Information' 
Requested Limit: How much does the limit need to be increased? 
Requested Duration: Based on the requested limit, calculate the length of time required to get the spam under control
Business Reason: Provide an explanation about what happened that necessitates this limit increase.

Other considerations about the records that are pending, over limit

What is the Created Date for pending Web-to-Case or Web-to-Lead records?
The Created Date reflects when the record was actually created in Salesforce, not when it was submitted from the web form. For example, if a Lead was submitted yesterday but remained in Pending status for 24 hours, the Created Date will be today's date.
Will a limit increase immediately process pending requests?
No. The daily limit resets at midnight UTC. Even if the limit is increased during the day, pending requests will not be processed until after the next midnight reset.
What happens if the 50,000 pending request queue limit is exceeded?
If the 50,000 combined Web-to-Case and Web-to-Lead pending queue limit is exceeded, the administrator receives email notifications for the first five rejected submissions. After that, additional requests are permanently lost and cannot be recovered.
Knowledge Article Number

000382807

 
Loading
Salesforce Help | Article