How to Protect My Website from Spam Bots and Fake Signups

SHARE article:

Karolina Petraškienė
Content Marketing Manager
Reading Time: 5 minutes

Are you enjoying tons of new subscribers on your online store every day? That’s great! But are they all real?

Small malignant programs – spam bots – might be attacking your website and pushing fake signups onto your contact list.

Remember, list-building is about building up and maintaining your list. If you haven’t yet, be sure to read here how to build an email list from scratch (with 9 proven tactics).

What are fake signups?

Fake signups happen due to spambots that scour the internet looking for signup forms to fill in.

They often fill up these forms with fake email addresses or real email addresses that belong to people who may not want to get emails from your store.

The reasons these spambots want to fill in your forms with spam signups are varied.

One of the possibilities is that they are looking for weaknesses in your site and hoping to exploit it for further gain. It could also be to gather your email address and send you spam.

Another important reason is that the spammers (especially when they use real email addresses) want to damage your email campaigns.

For example, if someone receives an unwanted newsletter from you, they might hit the ‘Spam’ button. If this is done on a large enough scale, GMail and other sites could put you on their spam blacklist, which means none of your subscribers will see your emails anymore.

How do fake signups hurt my email campaigns?

While it may not seem like it, having a lot of fake signups on your subscriber list can hurt your email campaigns in many ways.

#1 Your emails go to spam

The most impactful way is through the process mentioned above, when a large number of fake signups (with real addresses) send your newsletter to the spam folder. This can trigger your subscribers’ email service providers to mark all your email as spam.

Fake signups can cause your emails to go directly to the spam folder
Fake signups can cause your emails to go directly to the spam folder. Image source

This means you’ll end up in the spam folder, and virtually none of your subscribers will see your emails.

#2 Your metrics are off

Another important thing to consider is that your metrics will be way off when you have large amounts of fake signups.

These spam contacts will not open your emails or click on anything, meaning your open and click rates will seem very low.

You could interpret this as a problem on your end (either the communication, prices or products), but your real subscribers might in reality love those things.

#3 You don’t have an accurate image of your customers

Lastly, you probably won’t have a good picture of who your real audience is. What do they like or dislike? With fake signups, it’s difficult to answer that question.

For example, imagine you sell products mostly geared to a specific location, like the US or UK. But if you notice that a significant portion of those (spam) contacts are coming in from a different region, you could change up your offering.

You may adapt your marketing, language, images, and many other things to appeal to your new audience, even though that audience isn’t real.

Those spam contacts never have and never will interact with your brand, but because you don’t know they’re fake, you may try to adapt your business for them.

How Should I Protect My Website From Spam Bots?

You should consider using reCAPTCHA. Spam bots cannot access it and it is a way of protecting your contact list. However, you oblige your customers to take extra steps if they want to subscribe to your newsletter.

Another, more advantageous way to protect your contacts is to use “Honeypot captcha”. This technique, in contrast, act on spam bots, not your customers. You need to include a form input that only spam bots fill in.

This text field or a checkbox is hidden from most of the users using CSS, but the spam bots see it and fill it in. Paul Boag talks about this technique in a way that is very easy to understand.

Watch this video here:

How Should I Clean Up My Current Email List?

It might be difficult to do if you have thousands of subscribers. That is why the sooner you protect your signup forms, the better. The following tips will help you identify fake email addresses and keep your list healthy.

A piece of advice for Shopify users:

[2019 Update] Spambot Hunter was discontinued in August of 2018. We’d originally created Spambot hunter to combat the fake account and carts that Shopify users were facing. However, over time, Shopify began creating their own solutions to combat this problem so we discontinued it.

There are a few things you can do to make sure you’re not getting a lot of fake signups:

  • Use a double opt-in for your signup forms. This will send a confirmation email to your subscriber to click and confirm their sign up.
  • Keep an eye on your list and clean it up often. You can do this in Omnisend by segmenting for inactive users and then removing them.
  • Another solution for cleaning up your email list is using solutions like Neverbounce.

Tips for other ecommerce platfrom users:
1. Look through your email addresses. It is hard to explain, but you will see that some of them look strange – like fake ones. Check them out with CleanTalk. This tool has a blacklist of almost six million emails. Yours might be among them.

2. The CleanTalk black list also contains emails abused by bots. They might be normal looking emails that spam bots have pulled out from forums or online stores. When abused email owners start getting your emails, they complain about the spam and cause troubles for your, as a sender’s, reputation.

3. If the subscriber’s first name and last name contains ONLY Hexadecimal symbols, i.e. random A-F letters and 0-9 numbers, it is in most cases fake. For example: 5761729a57132 contains only letter A and all other symbols are numbers. This user will probably be fake.


4. Do you have a lot of customers that start the buying process, enter their email addresses and abandon their carts? You should double-check their addresses. You will be surprised by how many of them are spam bots.

5. First and last name fields are filled but they do not match with the email name. It also can be a case worth checking out with CleanTalk.

It is not worth panicking if you find you have several fake signups.

However, you should consider taking some action to prevent your website from massive fake signup attacks. You now know how to do it.

Try Interactive Signup Forms at Omnisend Today!
Start My Free Trial
Karolina Petraškienė

Karolina is a writer, content marketer, and email enthusiast at Omnisend. When she's not curating articles, you can find her in the woods challenging herself in hiking boots or off-roading her bike.

Further Reading:

11 Reasons Why Your Email Goes to Spam
How SMS Can Propel Your Omnichannel Marketing Strategy
The Essentials of Text Message Marketing for Small Business

Join the Conversation


  1. Thanks Karolina Petraškienė for sharing such an informative blog post. Nowadays many people who are getting tired from spam emails and fake signups. So, this blog post will help them. Keep posting such kind of articles.

Leave a comment

Your email address will not be published. Required fields are marked *