Article first published August 2010, updated June 2019
Do you ever run into this problem? You have a subscriber form on your site, but it keeps filling up with spambots. Or, perhaps you want to use your subscribe form in a competition but don’t want to attract thousands of automated entries.
Let’s go through two ways you can expand on your subscribe forms to protect them from unwanted signups, while not having to tear your site’s code to pieces in the process.
1. Use reCAPTCHA with your subscribe form.
Most of us have seen (and used) a form with a CAPTCHA. In essence, it’s a test to make sure that you’re human, by making you interpret and type out scrambled letters, solve a problem, or essentially do something that a computer can’t do:
The most flexible way to add a CAPTCHA to a subscribe form is through an existing service like Google’s reCAPTCHA (above). reCAPTCHA provides the necessary form code and plugins required, alongside loads of documentation on installing and customizing a CAPTCHA form on your site. Even better, CAPTCHA answers are used to assist in digitizing old books!
You can also tweak how the CAPTCHA looks in your form. Alongside a set of standard themes are instructions to help you customize it as you see fit.
Of course, there are major reasons why you shouldn’t be forcing CAPTCHA on all your new signups. They can drop conversion rates as they lengthen forms and can be hard to interpret, they’re not fail-safe against human spammers and are potentially unusable by people who are blind, partially-sighted or suffer from dyslexia. Which leads us to the other option…
2. Use a Wufoo subscribe form.
Now that Wufoo can populate your custom fields, there’s no reason why you can’t create a subscribe form and synchronize it with your Campaign Monitor list. This also allows you to use some of Wufoo’s excellent form features, such as conditional logic, or only adding subscribers that tick an ‘I agree to receive email…’ box:
The icing on the cake is that Wufoo can automatically display a CAPTCHA if it thinks that someone’s abusing your subscribe form. This is great, as it means the CAPTCHA isn’t visible by default, thus it has no impact on subscribe rates. You can also limit form use to one entry per IP, although use this with care (it could impact folks trying to subscribe via public machines).
Wufoo forms can be both standalone or embedded in your site. You can set up a free account for up to 3 forms/10 fields/100 entries a month.
Keep in mind, there’s no magic cure for spammers, meaning it’s really up to your discretion if you want to verify all signups- or not.
Although these methods can ensure that most of your subscribers are real people interested in your emails, how you implement it can affect signup rates and even exclude members of the community from using your subscribe forms (CAPTCHA), or simply require a little extra legwork… And potentially, money (Wufoo). But sometimes, that’s the price to pay for a little peace of mind.
3. Use the confirmed opt-in procedure.
Confirmed opt-In (COI) procedure means sending a confirmation email to the email address used during sign up. The email sent will contain a link to confirm an op-in into your email list. When using this method, make sure to inform your subscribers that you will be sending a confirmation email and that they will only be added to your list after they click the link.
Source: Elegant Themes
The advantage of this procedure is that it helps you kill two birds with one stone–decreasing spambot abuse and ensuring your subscribers want to be subscribed. Another advantage is the reduction of hard bounces.
4. You can catch more spambots with honey(pot).
Another approach you can use to eliminate spam email addresses is the honey pot method. This is a simple approach that involves a field invisible to subscribers but tempting for spambots to fill. Any form that has this field filled is then eliminated from your list. However, this method only works for people without screen readers. For those with screen readers, you can simply attach a label to your “honey pot” that alerts humans not to fill it.
5. Clean up your email list.
There are times when some sophisticated bots can find their way onto your email list. The best way to ensure that your email list is clean is by removing all inactive email addresses from your list regularly. A period of about six months is a good way to ensure you’re not removing actual customers.
Doing this also has the added advantage of getting rid of subscribers who have lost interest in you and your business. As much as you may want them to boost your figures, keeping them will have a negative impact on your sender score and email marketing metrics. Additionally, if your payment plan is dependent on the number of emails sent, it could also increase your expenses and reduce your ROI.
When it comes to web form spam protection, you have to be vigilant. The fast technological advancements we are enjoying in this age also comes with an increase in the way malicious web-based attacks come. Use these methods to ensure the safety of your data and that of your customers.
Since security is a big concern here at Campaign Monitor, we do everything in our power to keep our clients’ data safe. You can check out our latest security features and updates here. Here’s to safer signup forms and clean email lists.