Spam attacks: How can I block fake email addresses to subscribe?

  • 3 February 2023
  • 4 replies

Badge +5

Hey fam, my client has a case I am trying to solve in multiple ways but nothing seems to work so far. 

I am a little bit discouraged to be honest. That’s why I am reaching out to you awesome fellow Klaviyo experts!


Have you ever faced spam attacks? 



In this case the situation is as follows:

  • Shopify eCommerce - integrated with Klaviyo 
  • Google reCaptcha is ON
  • Double opt-in on all lists is ON
  • Installed Blocky - Shopify plug-in blocking VPN users (recommended from the Klaviyo chat support friends)
  • Filters in segments 
  • List Clean Up - Suppress and Delete all subscribers that haven’t:
    • Checkout Started zero times over all time
    • Viewed Product zero times over all time
    • Clicked Email zero times over all time
    • Clicked Email zero times over all time
    • Opened Email zero times over all time
    • Person is not suppressed for email
    • Received Email zero times over all time

That’s what has been done and for some reason even when I removed all sign up forms both footer and pop ups = we were still getting spam attacks. 

Nothing seems to work. 

How can you keep a clean email list in this case? I am amazed how bots or whatever it is can get through the double-opt-in and reCaptcha…

I am not sure what to do


Best answer by Dov 3 February 2023, 17:24

View original

4 replies

Userlevel 7
Badge +61

Hi @Akselpd,

Sorry to hear you’re having to deal with this headache.

Perhaps the following ideas were included when you mentioned you’re using filters in segments or using list clean-up, but I’d also consider creating a segment using the fakemail criteria to gather all of the bot emails. Something like the following: email contains  > You can separate the fake email domains using “OR” to scoop up as many of the fake domains possible. Follow this up by bulk suppressing the segment. Here's an article with step-by-step instructions on How to Bulk Delete or Suppress Email Contacts in Klaviyo.
Also, to prevent fake emails from entering your flows in the future, consider adding a flow filter to each of your flows with the exclusion criteria: properties about someone: email doesn't contain Make sure you’re using an “AND” separator to separate multiple fake email domains i.e. email doesn’t contain fake domain X AND email doesn’t contain fake email Y etc. That will prevent potential deliverability issues of bounced emails from your flows for fake email addresses. 
I hope that’s a helpful start. In addition to this, I recommend continuing to work with support on strategies and solutions - they’ll be able to have a closer look at the specific emails and provide a more tailored segment definition to help mitigate the impact of these fake profiles. It would also be great to hear if anyone in the community has any alternative strategies we haven’t thought of yet!

Thanks for being a community member. 

Badge +3

Hi @Akselpd,

I’m encountering this right now and wanted to see if you were able to resolve it?



Hi - just a quick question on this solution, would it still work if the fake email addresses are all I assume it won’t catch them, but I would like to find a way to fix my issue, which is mainly with fake gmail accounts as it has plummeted our welcome series open rates. 


Also, does anyone have examples of amazing double opt in email flows, from my experience signing up, very few companies use the double opt in, and the few that do, don’t have a great appearance. 

Userlevel 5
Badge +30

Hey all! This an industry problem we talk a lot about here in the community. The more sophisticated bots get, the harder managing them becomes. Klaviyo is actively working on solutions to mitigate bot activity. In the meantime, here are other threads with solutions:


TL;DR: Enable double opt-in, clean your list often by looking for patterns in the bot addresses, set up reCAPTCHAs on your signup forms, increase your site’s security with 3rd party bot prevention tools.