Any time you put a form field or survey online, it's possible that you could receive some inaccurate information from pranksters, spambots, or people who are just in a hurry. Mailchimp signup forms aren't immune to this activity, but we have a few tools in place that help protect our users and their customers from bad data.
In this article, you’ll learn how we help protect your signup forms and what to do if you think some addresses in your audiences are spam.
What are spambots?
Spambots are automated computer programs that are built to find signup form code on your website or blog and submit fake information to your signup form. They can even click links inside emails.
Although a few of these signups aren't harmful, your audience data can be negatively impacted by a large amount of fake information. Fake information skews the accuracy of your audience statistics, which makes it difficult to know who your typical contact is or to tailor relevant content to targeted contacts.
How we prevent it
At Mailchimp, we have strong, intelligent data-backed systems in place to prevent spam for all of our hosted forms—single and double opt-in—to protect our customers’ deliverability and their customers’ inboxes. We also continually analyze and improve our spam prevention systems and technologies to stay ahead of new abuse tactics.
Here are a few techniques we use and enable for our customers.
ReCAPTCHA is our best line of defense against spambot signups, and we automatically add it to all Mailchimp hosted forms. If you use an embedded or pop-up form, reCAPTCHA can be enabled on the Audience name and defaults page.
This tool requires subscribers to check a protected reCAPTCHA box to complete the signup process. Since spambots can’t access the checkbox, they can’t join your audience.
Sometimes, when an abuser attempts to takeover an account, they'll sign their target up for a several email newsletters at once. They hope that all the new emails in the target’s inbox will overwhelm them and distract them from malicious activity.
Because we know about this tactic, we can throttle new signups. That means that if the same email address is added to multiple audiences in a short period of time, we'll block it from being added to any other audiences for another 24 hours.
This type of throttling is effective in preventing these kind of attacks.
On all of our forms, we include some fake fields called honeypot fields that aren’t visible to humans. Forms submitted with the extra fields filled in are immediately flagged as spam and discarded. Those addresses never make it to your audience.
What to look for
If you have a lot of email addresses in your audience, it can be hard to tell which ones might be spam. Look for these characteristics that are typical of spam signups.
- The email address is a name, but doesn't look like a real name.
This can be hard to determine, but sometimes addresses just look fake. A strange email address, combined with these other characteristics, can suggest spam.
- First and last name fields are filled, but don't match the name in the email address.
Spambots don't always match audience data to the email address. If the email address is a name, and the first and last names provided don't match the email address, it could be a spam signup.
How to delete spam signups
If spam signups seem to have started around a certain time, create a segment based on the characteristics of spam email addresses and review it for further issues.
- Create a multi-part segment.
- Set the Contacts match drop-down menu to all.
- For the first condition, set the drop-down menu to Date Added | is after | a specific date | and choose a date.
- For the second condition, set the drop-down menu to Signup Source | source was | Hosted Signup Form.
- Click Preview Segment to see who meets the criteria.
Check the segment for contacts whose names and email addresses don't match. If you use double opt-in, you can also export the segment and compare opt-in and confirmation IP addresses.
Compile a list of suspicious contacts, and delete them.