Double Opt-in Is Not Enough To Prevent Bot Signups

I have been getting a lot of spam sign ups recently through my opt-in form. A few weeks ago I suddenly started to get new "subscribers" in strange patterns; 5-6 signups within a matter of an hour, every 3-4 days. Fake, definitely fake. ...Aren't they? In case you're wondering, I'm talking about the form you see in the side bar as well as the one at the bottom of every post for my readers to subscribe to my newsletters.

Double Opt-in Is Not Enough To Prevent Bot Signups

Fake Email Addresses

There is nothing to prove that these "subscribers" are bots​, except that all the email addresses have something in common which makes it look suspicious;

florindajeltema1453@yahoo.com

enolahelsing6920@yahoo.com

mitziedueber4017@yahoo.com

reathaholbach5966@yahoo.com

eveliapulk4184@yahoo.com

leoramashack6553@yahoo.com

violasnellings5723@yahoo.com

​See, they are all Yahoo domain, and the local part consist of 10-13 letters followed by 4 digit number.

​But they were all signed up at different IP addresses, all over within the States - Oregon, Arizona, Utah, Delaware, Florida, Texas and so on... Again they're most likely to be "fake" IP locations.

Double Opt-in Is Not Enough To Prevent Bot Signups

Double Opt-In Is Not Enough For Security?

If you are already my subscriber, you know it has a double opt-in (confirmed opt-in) system - where ​a confirmation email is sent to the new subscriber to verify it really is them. The helpdesk at GetResponse was initially adamant that these were bots - saying bots cannot confirm email.

Bots or not bots - is irrelevant to me, I just wanted to find out how to prevent it from happening. Well, it may be relevant - I have been a victim of cyber attacks a few times in the past. Imagine someone crazy spends all day, every day signing up with me manually...that'd be even creepier!

GetResponse's security team had a further look at the list of my recent subscriptions, and suggested that I should add a captcha to the webform. Also to monitor their activity for several days, and if they don't show any activity, simply delete them from the list.​

...which was the case. These spams signed up with me, and didn't do anything, did not open my "welcome" email, so I've deleted these addresses.

No "Brilliant" Options To Block Spam Signups

I have two different signup forms using different methods. I don't have an excellent option to solve the problem right now and, have taken two separate steps temporarily;

  • The webform shown in the sidebar is created using a GetResponse template (as of August 2016), which allows me to add a captcha option. When a new subscriber enters their email address and clicks "Sign Up Now", they are now required to enter captcha, then they'll receive a confirmation email to verify.
  • Whereas the form at the bottom of this article is part of Thrive Opt-In, connected to GetResponse using API. It's formatted by Thrive, with GetResponse's plain html code integrated. Unfortunately GetResponse does not allow you to add a captcha option to it. Instead I've added a "name" box to see what happens.
Signing up form before spam attack

This is a form before the spam bot attack.

Captcha is a strong, universally accepted method to prevent bots from signing up or logging in. However contrary to what GetResponse initially suggested, bots can click a link in email to "verify" the address. I know that adding an extra "name" box in the webform will only block the existing bots to sign up for the next few weeks (if not days).

I really don't like the idea of inconsistency - my visitors can either (a) sign up using the sidebar form without providing their name but must enter the captcha or (b) sign up using the bottom form without captcha but must provide their name. This is really a temporary solution for now. I'll keep searching for something better - if you have a good idea, do let me know!

Share This Page!
Ray Alexander

Hi! I’m Ray. Over the past 15+ years I have been involved with web designing, programming and online marketing. I work from home and have a passion for exploring new tools, services and programs in order to make money online. I’m here to help you succeed in building a profitable business by sharing my experiences. Any question, don’t hesitate to ask!

Click Here to Leave a Comment Below