Preventing spambot signups through forms
When adding public signup forms to any website, one of the main problems you'll encounter is bot attacks.
This is when an automated script (bot) fills out your form with fraudulent emails or irrelevant information. Over time, this has the potential to degrade the integrity of your email list and deliverability. Bots don't open emails!
Why am I being targeted?
TL;DR: It probably isn't targeted at you specifically.
Just like the Google Search bot will crawl your website eventually if you are getting traffic and backlinks, it's likely that eventually, so will one of these signup bots. Especially if your website contains certain properties deemed desirable by whomever is conducting the attack.
How do I stop the fake spam email signups?
By default, most email marketing platforms (including Audienceful) will refuse signups from certain spam email addresses/IPs. However, chances are you'll need extra protection. Bot scripts are constantly evolving to evade common detection methods.
Luckily, this problem is almost as old as the internet, so there's many solutions. Here's what we recommend:
Add our honeypot field
In our default signup form code, we include an invisible honeypot field. This field is invisible to humans, so if any data is added to it, we reject the signup.
Make sure this field is included in your forms (here's a guide for adding it to custom Webflow forms). We absolutely recommend doing this even if you've never been targeted by a bot attack since it has zero effect on user experience.
Add a CAPTCHA/reCAPTCHA
The honeypot should solve the most common forms of bots. However, in the case of a particularly nasty one, the next step is to implement a CAPTCHA on your forms. This reveals if the visitor to your website is an actual human, using either passive signals or active methods like a quick puzzle.
Google offers a service called reCAPTCHA that you can integrate into your site for free, and there's also many 3rd party options that will likely integrate with whatever website platform you are using.
While this can slightly degrade user-experience (in the case of an active puzzle), you can be sure your signups are authentic this way.
Use an email list verifier
If you're already been hit by a bot attack and are now unsure how many of your email signups are legitimate, we recommend exporting your email list as a CSV and running it through an email list verification service, then re-uploading the cleaned list.