Looking for help with your list?
Mailchimp lists are now called audiences. They include the same data and functionality as before, along with valuable new insights about your contacts. As we introduce this change over time, you’ll notice fewer places where we still say list. Learn more about this change.
Any time you put a form field or survey online, it's possible that you could receive some inaccurate information from pranksters, spambots, or people who are just in a hurry. Mailchimp signup forms aren't immune to this activity, but we have a few tools in place that help protect our users and their customers from bad data.
In this article, you’ll learn how we help protect your lists and what to do if you think some addresses on your lists are spam.
What are spambots?
Spambots are automated computer programs that are built to find signup form code on your website or blog and submit fake information to your list. They can even click links inside emails.
Although a few of these signups aren't harmful, your list data can be negatively impacted by a large amount of fake information. Fake information skews the accuracy of your list statistics, which makes it difficult to know who your typical subscriber is or to tailor relevant content to targeted subscribers.
How We Prevent It
At Mailchimp, we have strong, intelligent data-backed systems in place to prevent spam for all of our hosted forms—single and double opt-in—to protect our customers’ deliverability and their customers’ inboxes. We also continually analyze and improve our spam prevention systems and technologies to stay ahead of new abuse tactics.
Here are a few techniques we use and enable for our customers.
ReCAPTCHA is our best line of defense against spambot signups, and we automatically add it to all Mailchimp hosted forms. If you use an embedded or pop-up form, reCAPTCHA can be enabled on the List name and defaults page.
This tool requires subscribers to check a protected reCAPTCHA box to complete the signup process. Since spambots can’t access the checkbox, they can’t join your list.
Sometimes, when an abuser attempts to takeover an account, they'll sign their target up for a several email lists at once. They hope that all the new emails in the target’s inbox will overwhelm them and distract them from malicious activity.
Because we know about this tactic, we can throttle new signups. That means that if the same email address is added to multiple lists in a short period of time, we'll block it from being added to any other lists for another 24 hours.
This type of throttling is effective in preventing these kind of attacks.
On all of our forms, we include some fake fields called honeypot fields that aren’t visible to humans. Forms submitted with the extra fields filled in are immediately flagged as spam and discarded. Those addresses never make it to your list.
What to Look For
If you have a lot of addresses in your list, it can be hard to tell which ones might be spam. Look for these characteristics that are typical of spam signups.
- The email address is a name, but doesn't look like a real name.
This can be hard to determine, but sometimes addresses just look fake. A strange email address, combined with these other characteristics, can suggest spam.
- First and last name fields are filled, but don't match the name in the email address.
Spambots don't always match list data to the email address. If the email address is a name, and the first and last names provided don't match the email address, it could be a spam signup.
How to Delete Spam Signups
If spam signups seem to have started around a certain time, create a segment based on the characteristics of spam email addresses and review it for further issues.
- Create a multi-part segment.
- Set the Subscribers match drop-down menu to all.
- For the first condition, set the drop-down menu to Date Added | is after | a specific date | and choose a date.
- For the second condition, set the drop-down menu to Signup Source | source was | Hosted Signup Form.
- Click Preview Segment to see who meets the criteria.
Check the segment for subscribers whose names and email addresses don't match. If you use double opt-in, you can also export the segment and compare opt-in and confirmation IP addresses.
Compile a list of suspicious subscribers, and delete them.