A spambot is an abusive computer program that signs up a large number of real or fake email addresses to thousands of mailing lists. Spambot attacks can cause issues with your reporting, significantly damage your sender reputation, and reduce your deliverability rates.
Symptoms of a spambot attack
Typically, victims of a spambot attack see an increase in spam complaints, bounces, and unsubscribes, as well as decreased open rates.
Spam complaints increase when real email addresses are added by spambots without the owner’s permission or knowledge. Imagine your email landing in hundreds of the inboxes of people who have never heard of you and have no idea how you got their address. Some people may delete your email or unsubscribe instead of making a complaint, but this still negatively affects your sender reputation.
Even unopened emails are bad news. In email deliverability terms, low open rates are a clear signal that your recipients are not engaged with you, your brand, or your content. Lack of engagement is a factor in the delivery of future emails, and can even lead to your messages being blocked.
High bounce rates are another side effect of spambot signups. Sending to a group corrupted with hundreds of fake email addresses results in hundreds of hard bounces. And if bounce rates are sufficiently high, email servers may reject or block your emails entirely, which means you could start to see bounces from legitimate recipients.
Spambots also increase your risk of acquiring spam trap email addresses. This is because many bots use email harvesting techniques to find addresses to add to your audience. One of these techniques is “scraping” websites for email addresses, which is a sure-fire way to collect spam traps.
While audience growth is usually something to celebrate, a sudden spike in subscribers could be a sign of trouble. Signup forms that don’t include reCaptcha — an element that verifies that the form is being submitted by a human — are vulnerable to spambots. Here are some examples of signup behavior that could indicate a bot problem:
- A daily influx of new subscribers: A spike of new signups from the same domain at the same time every day, using addresses from freemail addresses like Hotmail, Yahoo, and Gmail, should definitely be considered suspicious.
- Many signups within minutes / seconds: A large volume of email addresses signing up in an unlikely amount of time can be cause for concern.
- Invalid email addresses: It’s normal to occasionally collect invalid email addresses, but more than a couple for every 10-15 signups is a warning sign.
- Personal instead of corporate addresses: An uptick in @hotmail.com or @outlook.com subscriber addresses is normal for some audiences. But if your business model is B2B and you typically attract corporate email addresses, this could be cause for alarm.
- Corporate instead of personal addresses: The opposite of the previous example, an increase in corporate addresses when most of your subscribers are personal should definitely raise some eyebrows.
- Sudden, frequent signups from foreign domains: If your audience primarily contained .com addresses and you suddenly see, for example, an influx of .co.uk or .ru addresses, a spambot could be to blame.
How to identify suspicious email addresses and signups
As described above, there are many signs to alert you of a potential spambot attack. If you think that a spambot may be attached to your audience, you can create a segment to identify the fraudulent addresses, or the email addresses that haven’t opened your campaigns over a certain amount of time, and remove them.
In some cases, it’s easy to spot fake signups because the addresses look very spammy. Or, you might see a batch of signups that share a common characteristic, such as a consecutive number string, a random alphanumeric string, or domains that contain the same word. For example:
- skitchonline.net
- skitchstudio.co
- skitchstudios.org
- skitchdesign.net
If you can determine a pattern, the next step is to create a segment using that pattern to isolate the fake signups or suspicious email addresses. You can create a segment to isolate fake signups, based on information like “Date subscribed”, “Name”, “Email address”, “Location”, custom contact fields, or a combination of these. Similarly, if a name, phrase or set of numbers are repeated in the signup details, you can segment them by creating a rule based on name or email, then choose “contains” as the condition.
How to remove suspicious email addresses from your audience
Instead of simply deleting spambot email addresses from your audience, it’s also a good idea to change their status to Opt-out. After you’ve created a segment to isolate the fake signups, follow these instructions to change the status:
- Navigate to your Audience tab.
- Click on the Segments section in the panel on the left.
- Click on the name of the fake signups segment to open it.
- Click on the Actions button.
- Select Change status of all from the dropdown menu.
- In the pop-up window that appears, check the Opt-out box.
- Click on the Save button.
The importance of reCaptcha-enabled signup forms
Although spambots are always evolving, one of the easiest ways to help protect yourself is to have reCaptcha enabled on your signup forms. As you’ve likely seen when signing up for something online, reCaptcha is a quick prompt that requires users to verify that they’re human by asking some simple questions. Because we take email security seriously, all of our signup forms have reCaptcha built-in and it is enabled by default.
However, when reCaptcha is enabled on your form, the option to “Use a Javascript object” will not be available. This means that in order to use Javascript, you would first need to remove reCaptcha from your form.
In situations where your signup form does not have reCaptcha enabled, our system is still designed to monitor for spambot attacks on the backend. Should your signup form encounter such a security threat, our system may present a reCaptcha prompt, even if you’ve disabled reCaptcha for that form.