Sell more with better email & SMS

Get ecommerce-focused email & SMS marketing that makes it easier to grow your brand, get sales & build better relationships.

Start free

Drive sales on autopilot with ecommerce-focused features

See Features

How to protect your website from spam bots and fake signups

Reading Time: 7 minutes

Is your email list-building strategy paying off? Are you regularly signing up new subscribers? Fantastic—but how can you be sure that they’re all real people?

There’s a possibility that malignant programs, known as spambots, might be attacking your website. When they do, they push fake signups onto your contact list. 

Naturally, this should be a cause for concern.

In this article, we’re going to find out how to block spam. We’ll also learn how to stop spam traffic from coming to your website in the first place.

Ultimately, we’ll aim to protect your website from spam bots and the problems that they incur.

Let Omnisend’s spam-fighting features keep your email list clean so you can reach more of your customers
Start Free Today

What is a spam bot?

A spam bot is a malicious program designed to seek out and sign up for emailing lists with fake and real email addresses. Spam bot attacks can damage the sender reputation, decrease email deliverability rates, and cause other problems.

Signs of a spam bot attack include a sharp increase in unsubscribes and spam complaints, dips in delivery and open rates, and a sudden, unexpected spike in subscribers.”

What are fake signups?

First thing’s first—list-building is about building up and maintaining your list. If you haven’t yet, be sure to read our advice on how to build an email list from scratch, with nine proven tactics.

Remember, fake signups happen due to spambots that scour the internet looking for signup forms to fill in.

They fill out these forms—either with fake email addresses or real email addresses. The former might belong to people who don’t want emails from your store. This is especially detrimental, as soon you’ll find your emails being a target for referrals for spam. 

But the question remains—why do spammers register on your site?

There are various reasons these malicious spambots want to spam your signups. One is that they’re looking for weaknesses in your site to exploit them for further gain. It could also be to gather all of your email addresses and send you spam.

Another important reason is that the spammers want to damage your email campaigns and your all-important deliverability—especially when they use real email addresses. 

For example, if someone receives an unwanted newsletter from you, they might hit the ‘Spam’ button. If this happens often enough, Gmail and other sites could put you on their spam blacklist.

This means that none of your subscribers will see your emails in the future.

How do fake signups hurt my email campaigns?

Having a well-stocked email list might seem like a great thing. However, this is only true if they are real people who are interested and engaged with your brand. 

Keeping a lot of fake signups on your subscriber list can hurt your email campaigns in many ways.

1. Your emails go to spam

This is the most damaging for your sender’s reputation and is the inevitable result of fake signups using real addresses.

Receivers get emails from you that they never asked for and send them straight to the spam folder. If this is happening regularly, your subscribers’ email service providers will start to mark all your email as spam.

This way, your email marketing strategy is as good as dead.

2. Your metrics are misleading

Another important thing to consider is that your metrics will be way off when you have large amounts of fake signups.

Spam contacts don’t engage with your emails. This means you’ll likely see low figures with the likes of CTR. This might cause you to interpret this as a problem on your end. In turn, you might start making unnecessary changes, such as to your content, prices, or products.

However, real subscribers might still engage with your emails because of these elements. These changes to accommodate lower metrics might start to harm you, rather than help you. 

Without accurate ecommerce analysis, you won’t be able to make informed decisions to drive your business forward.

3. You don’t have an accurate image of your customers

Lastly, you probably won’t have a good picture of who your real audience is. With fake signups, it’s difficult to know what they like or dislike.

For example, imagine you sell products mostly geared to a specific location, like the US or UK. If you notice that a significant portion of your contacts is coming in from a different region, you could alter your email campaigns.

You might adapt your marketing to appeal to your new audience, even though that audience isn’t real.

Those spam contacts never have and never will interact with your brand. You risk mistakenly adapting your business for them because you don’t know they’re fake.

How to stop fake signups on your website

The dangers of fake signups are clear. Next comes the question of how to stop spam bots on your website. 

1. Use reCAPTCHA

Consider using reCAPTCHA to verify your sign-ups. It is free of charge and isn’t too inconvenient for the user. Best yet,

reCAPTCHA is a fraud detection tool from Google that recognizes bots automatically. It is free and convenient to use. Best yet, spambots cannot get past it. This makes it an easy way of protecting your contact list, and thus, keeping your website from fake signups.

A typical reCAPTCHA form looks like this:


Get started with reCAPTCHA

2. Add a double opt-in form

The double opt-in sends a follow-up email after signups that only asks recipients to click a link. This acts as a confirmation of whether the email actually belongs to the subscriber or not. 

Naturally, spam bots cannot answer the email, so you’ll guarantee that only real people are signing up. This reduces the chances of a hard bounce, which are undeliverable emails. This is because the double-opt-in makes sure that the visitor enters the correct email the first time, eliminating misspelled or invalid emails.

A typical confirmation email looks like this:

double opt in

Learn more:

3. Use the “Honeypot Captcha” technique

The “Honeypot Captcha” technique works by including a small, hidden (using CSS) text field or checkbox in your sign-up forms that customers cannot see or access, meaning that only the spambots will fill it in.

This allows you to easily uncover the intruders and quickly move in to block them. Paul Boag, a UX expert, gives a simple explanation of what a honeypot captcha is in this video.

4. Block traffic from specific countries

This is a bit more drastic option, but is used by many top websites to avoid spam traffic. You can simply block traffic from certain countries to avoid spam signups if they meet the following conditions:

  1. You are moderately or highly certain that spam traffic is coming from these countries
  2. You are moderately or highly confident that this traffic won’t convert to paying customers

There are a few ways to get this done. First, on a view level, you can filter out spam traffic from specific countries in Google Analytics. Simply go to your Admin tab, click Filters>New Filter and you’ll be able to block countries.

Google analytics setup for filtering out countries

You can also block countries in various ways, such as using .htaccess, with information from the country IP blocks list.

5. Use a third-party app

Sometimes, it’s better to delegate other responsibilities so that you can focus on the main activity of your business—getting more customers, more sales, and keeping those customers happy.

There are various apps or plugins you can add to your online store that will help block spam signups, and won’t require you to do any manual work (and potentially break something on your website).

If you’re on Shopify, for example, you can use apps like Shop Protector to stop spam signups and fake accounts.

If you’re using WordPress/WooCommerce, then you can use something like Wordfence, which is a larger security suite that can also block spam traffic.

How to remove spam signups

Keeping your email list clean should be an ongoing process. It can be a challenge if you have thousands of subscribers, but deleting fake signups is critical to the success of your email marketing.

To remove spam signups:

  • Find passive subscribers with segmentation. Segment users that remain inactive for six months and remove them. You can do that in Omnisend—watch the second part of the video below for step-by-step instructions.
  • Use your ESP’s email list cleaning service. Omnisend’s email List Cleaning service applies artificial intelligence for constant email validation and includes custom grammar and inactive email checks to keep your bounce rates down.
  • Manually look through email addresses. Sometimes, you’ll notice that some of them look strange. You can check them out with CleanTalk. This tool has a blacklist of almost six million spam emails and emails that have been abused by bots.
  • Double-check the addresses of cart abandoners. Spam bots can add products to carts and then leave without finishing the purchase. See if the emails of those visitors look strange or repeat many times.
  • Get your list validated by Mailgun. It’s an email verification service that runs numerous checks for every email address. Watch the video below for step-by-step instructions on how to use it.

As promised, we have a video with steps to remove fake signups.

In this one below, you’ll find out how to a) use Mailgun for verification and b) remove passive emails by segmenting users in Omnisend.

But the bottom line here is—

The sooner you start protecting your signup forms, the better. It’s one of the strongest ways to protect your website from spam bots and fake signups.

Wrap up

Unfortunately, spambots have become an everyday issue for ecommerce marketers. However, you shouldn’t panic if you do find that you are hosting several fake signups. 

To protect your website from spam bots, take the actions outlined in this article. Make regular checks on your list to ensure that it is free of fake and inactive addresses. 

Make sure that you have an ESP that is well equipped with tools to deal with spambots and other malicious actors. Start using Omnisend and do your email marketing with confidence.

Get email & SMS marketing that reaches your customers with spam-fighting features built in
Start Free Today
Bernard Meyer
Article by
Bernard Meyer

Bernard is the Director of Content at Omnisend, with a passion for good research, helping ecommerce businesses with their marketing automation needs, and beating absolutely everyone in Mario Kart 64.

related features
These are the Omnisend features that can help you get the results mentioned in the article.

related features
These are the Omnisend features that can help you get the results mentioned in the article.

Want more sales?

Omnisend has everything you need to succeed.

Start free now No Credit Card needed.