I guess I'm not alone here, but how is the community handling conspicuously fake email addresses being subscribed.
You know, ten subscriptions back to back with the word "shoes" in the address, or those with lots of full stops, like hj.s.d.f.gs.bc. ...
Any thoughts from the field?
Hey Jonathan, Fake subscribers can definitely be frustrating! The best way to stop those subscribers from signing up is to switch to using a confirmed opt-in list. We've got some info on this here. We've also got some tips on stopping fake subscribers in our blog post on alternatives to captcha.
Hope this could help!
Thanks Paul. That's a good idea. We'll take a look at that.
is there any way to use chapcha to get rid of these fake subscriptions?
We add our email subscribers using the CM API on our sites using PHP code. At the same time, we've built in some basic email validation. It's not 100% foolproof, but consists of two parts:
1) reject any email addresses with words on a banned wordlist (like viagra, russian, etc.)
2) reject any that have more than 3 non-alphanumeric characters.
This is achieved through some basic PHP regexes.
We also had a third level of security, using GeoIP to ban any addresses from China, Russia, all of Africa and other places we don't have customers or don't want them from. This last test is now superfluous for us now: we went a step further and modified .htaccess to prevent the site from being displayed from anywhere but a list of valid countries. So CN, RU etc. don't see the site at all. Admittedely, it's a bit of a sledgehammer solution.
To get the list of countries to ban, we simply analysed our Apache logs and picked out all the hack attempt IPs, country matched them, sorted and add the top 10 countries to the .htaccess banned list. A determined hacker can of course get round this by IP masking, but it seems to have cut our hack attempts down very dramatically (from 20 or so a day to 1 or 2 - mainly from the US which we need to keep on the valid country list.