About Fake Signups

Any time you put a form field or survey online, it's possible that you could receive some inaccurate information from pranksters, spambots, or people who are just in a hurry. Mailchimp signup forms aren't immune to this activity, but we have a few tools in place that help protect our users and their customers from bad data.

In this article, you’ll learn how we help protect your signup forms and what to do if you think some addresses in your audiences are spam.

What are spambots?

Spambots are automated computer programs that are built to find signup form code on your website or blog and submit fake information to your signup form. They can even click links inside emails.

Although a few of these signups aren't harmful, your audience data can be negatively impacted by a large amount of fake information. Fake information skews the accuracy of your audience statistics, which makes it difficult to know who your typical contact is or to tailor relevant content to targeted contacts.

How we prevent it

At Mailchimp, we have strong, intelligent data-backed systems in place to prevent spam for all of our hosted forms—single and double opt-in—to protect our customers’ deliverability and their customers’ inboxes. We also continually analyze and improve our spam prevention systems and technologies to stay ahead of new abuse tactics.

Here are a few techniques we use and enable for our customers.

ReCAPTCHA

ReCAPTCHA is our best line of defense against spambot signups, and we automatically add it to all Mailchimp hosted forms. If you use an embedded or pop-up form, reCAPTCHA can be enabled on the Audience name and defaults page.

This tool requires subscribers to check a protected reCAPTCHA box to complete the signup process. Since spambots can’t access the checkbox, they can’t join your audience.

Throttling

Sometimes, when an abuser attempts to takeover an account, they'll sign their target up for a several email newsletters at once. They hope that all the new emails in the target’s inbox will overwhelm them and distract them from malicious activity.

Because we know about this tactic, we can throttle new signups. That means that if the same email address is added to multiple audiences in a short period of time, we'll block it from being added to any other audiences for another 24 hours.

This type of throttling is effective in preventing these kind of attacks.

Honeypot fields

On all of our forms, we include some fake fields called honeypot fields that aren’t visible to humans. Forms submitted with the extra fields filled in are immediately flagged as spam and discarded. Those addresses never make it to your audience.

What to look for

If you have a lot of email addresses in your audience, it can be hard to tell which ones might be spam. Look for these characteristics that are typical of spam signups.

• The email address is a name, but doesn't look like a real name.
  This can be hard to determine, but sometimes addresses just look fake. A strange email address, combined with these other characteristics, can suggest spam.
• First and last name fields are filled, but don't match the name in the email address.
  Spambots don't always match audience data to the email address. If the email address is a name, and the first and last names provided don't match the email address, it could be a spam signup.

How to delete spam signups

If you notice that spam signups have started around a certain time, create a segment based on the characteristics of spam email addresses. Save the segment and review it periodically for further issues.

1. Click Audience, then click Segments.
2. If you have more than 1 audience, click the Current audience drop-down and choose the one you want to work with.
3. Click the Create regular segment button. If you’re on a Standard plan or higher, you can choose between creating a regular segment or an advanced segment.
4. Enter a segment name.
5. If you’re using an advanced segment, set the contacts that match drop-down to All.
6. Click the Add condition section, then select the Email Date Added condition. Choose is after | a specific date | and select a date.
7. When you click to add another condition, you’ll see buttons for the And/Or operators. You want the segment to find all contacts meeting each of the conditions, so leave the And option enabled.
8. For the second condition, select the Signup source condition. Choose source was | Hosted Signup Form.
9. Click Review segment to see who meets the criteria.

Check the segment for contacts whose names and email addresses don't match. If you use double opt-in, you can also export the segment and compare opt-in and confirmation IP addresses.

Compile a list of suspicious contacts, and delete them.