Solved

Spam email addersses being add to my audience

  • 18 January 2024
  • 2 replies
  • 199 views
S
Rank
Badge

Hi,

 

I’m hoping someone can help me resolve a worrying problem.

Over the last few weeks we have been hit by spam activity which is adding a large number fake email addresses to our audience. It looks like they are using our Newsletter sign up facility as access. The format of the spam record’s name is always 0ykAAKrjU2 9Bygq83ijO. A 10 character ‘first name’ and a 10 character ‘last name’. Email domains are very varied with no clear pattern.

I’ve managed to remove lots of the spam records but approx 200 are being added per day. How do I block them?

icon

Best answer by kaila.lawrence 18 January 2024, 19:50

View original

2 replies

kaila.lawrence
Rank
Userlevel 4
Badge +24

Hey, @Stephen Mc! Totally understand the panic here. Bots are the worst! But don’t worry, it’s totally solvable. 

 

I did actually just give some advice to another member about this issue yesterday. In short:

  1. Make sure you have double opt-in enabled.
  2. If you’re still having issues, there are 3rd party mitigation tools you can try.

 

Let me know if that post is helpful!

 

M
Rank
Badge +3

Hiya, this fits the same spam activity we have on our Shopify store (so I assume you’re using Shopify).

In my research I’ve found that it is possible to send an HTTP POST request to https://shopify-store-domain.com/account to easily create a customer account, which bypasses Google reCAPTCHA (if you have it enabled on your store).

In addition, our store is configured to sync customer accounts with Klaviyo, which means that even if the spam customer is not signed up to a list, they get added to our number of active profiles. With 200-600 spam accounts added each day, it adds up to a lot of junk in our Shopify and Klaviyo that we struggle to clean with a small team.

This Shopify spam customer registration behaviour has been affecting us for over a year now (maybe even two?), and I’ve built some measures to evaluate new customers for potential spam which helps to limit it somewhat, but it is a reactive measure, one I have to constantly revise every few months as the spammers tweak their tactics.

The proactive measure would be Shopify enforcing better protection on the POST /account endpoint, maybe even putting in nonces. I’ve already submitted a request to Shopify about this, but frustrated that after 1-2 years nothing has been done about it.

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Links & Resources

Platforms

Partners

Useful Things

About

  • Terms and Privacy
    © 2024 Klaviyo All rights reserved. Klaviyo and the Klaviyo logo are trademarks or registered trademarks of Klaviyo, Inc. or its affiliates.