Solved

Suspicious SPAM adresses signing up

Nico01
Rank
Userlevel 1
Badge +4

Hello,

Recently, I've been getting these computer-generated sign-ups like:

XXXX+sdf8yf@gmail.com and their locations are like weird international places.

Screenshot from a segment I built (with some deletions for privacy)

My question is are they spammers or is this the new privacy feature that apple users. Or VPN features?

I know that the + sign is a way of redirecting your emails within Gmail, not sure if it works in other systems.

Because I have been getting a few and wither way it sucks for working out legit customers.

PS: I know I can activate double opt-in to prevent spam.

 
icon

Best answer by kaila.lawrence 18 April 2024, 20:11

View original
Nicolas Galera-Giron | e-Commerce & Klaviyo Expert | https://supergrowth.co

13 replies

bluesnapper
Rank
Userlevel 7
Badge +36

Hi @Nico01 

Are you seeing any checkout activity on any of these profiles? I ask because Google does have a ‘mystery’ shopping crawler that adds products to the basket and initiates a checkout. However it usually declares itself as John Smith somewhere in the gmail.

Regards

Andy

https://bluesnapper.com - Klaviyo Champion & Partner
Nico01
Rank
Userlevel 1
Badge +4

Hi @Nico01 

Are you seeing any checkout activity on any of these profiles? I ask because Google does have a ‘mystery’ shopping crawler that adds products to the basket and initiates a checkout. However it usually declares itself as John Smith somewhere in the gmail.

Regards

Andy

Hi @bluesnapper,

No anormal checkout activity. It’s only on the sign-up side thru the pop-up.

Nicolas Galera-Giron | e-Commerce & Klaviyo Expert | https://supergrowth.co
T
Rank

Any updates to this?, as I’ve been getting spammed in a very similar fashion, via a signup form. 
However, I hid the form on my shopify site and am still getting spammed from that form. The emails primarily are random bot generated gmail addresses & the rest of the info is random locations around the world, with a random first name, just like the OP. How can it keep doing this when the form is no longer accessible?

kaila.lawrence
Rank
Userlevel 4
Badge +24

Hiya @Nico01 @The ZOOM guy

 

This is unfortunately not an uncommon problem we talk a lot about in the community here. When bots target your Shopify site or forms, many of those events trigger a profile creation in Klaviyo. However, this doesn’t necessarily mean they become active profiles because they aren’t subscribed. 

 

Here are few threads with different cases and solutions that may help guide you to figure it out:

 

T
Rank

Kaila - Here’s the issue- These bots are breaking thru via Klaviyo. That means that they are breaching your system and then using the email and contact forms to pollute my system. 
I’ve had to disable my contact form, to hopefully stop the attacks and I may have to completely remove it altogether. 
This needs to be fixed by your tech/devel team.

R
Rank
Badge

Any updates to this? We just caught on that this is happening to us too, getting spammed via our newsletter signup form. There’s always only a random first name, an email address with combo of letters and numbers then the + and more letters and numbers @gmail.com @hotmail.com @icloud.com and @msn.com and the locations are mostly international but seen some US. I just manually deleted close to 200 from our “new subscribers” segment. Looks like this started first week of April and we get about 10 to 20 bogus ones daily and seems this week has really increased in frequency.

What can be done about this? We have recaptcha enabled on our shopify store. I tried hiding the newsletter sign up form from our website and every few hours bogus sign ups are still coming in….
 

kaila.lawrence
Rank
Userlevel 4
Badge +24

Hey there @The ZOOM guy @realnoni @Nico01 

 

I know it’s super frustrating to be attacked by bots. Unfortunately, it’s an industry-wide problem that doesn’t just affect Klaviyo. Our Product team is definitely aware and is actively working on solutions to combat bot activity. In the meantime, our Support team can take a closer look at each of your accounts and tease out exactly where the profiles are coming from if you’re really curious!

 

Regardless of what the case may be, it’s important to remember that with double opt-in enabled on your forms these bot profiles will never become confirmed subscribers and therefore do not count towards your active profile count and will not be sent campaigns. You can absolutely bulk suppress or delete them if they’re really bugging you.

 

Alternatively, you can also try beefing up the security of your website to block bot traffic at the source. A popular tool the community references a lot is SpamAssasin, but there are lots of options out there.

Hope that helps :)

T
Rank

I’m just wondering how they’re able to bypass the ReCaptcha and the mandatory fields…..Also, I have the page in question shut down and the email profile turned off, yet a couple are still slipping thru here and there.

R
Rank
Badge

Hi @kaila.lawrence 

Just curious what the benefit is to the bots or whoever is managing the bots to spamming our newsletter sign up even is? What do they have to gain? Besides being 100% annoying to us :)

Were do I turn on double opt-in for our newsletter sign up form? Do I do this in Klaviyo? Or in Shopify?

As far as bulk surpressing or deleting, I had a read through the link you shared and seems like I’ll need to upload a csv list to do this? Is there any easy way to export a list of these bogus profiles? Right now I just keep checking our “new subscriber” segment daily and deleting the bogus sign ups. All the email addresses always have a + sign so can I create a segment that pulls any email with a “+” and then easily get a list that way? 


Thanks so much for any extra insight.

kaila.lawrence
Rank
Userlevel 4
Badge +24

@realnoni There are lots of reasons bad actors create bots, but they’re typically deployed looking for security vulnerabilities or for data scraping. You’ll really never know for sure. 

 

Were do I turn on double opt-in for our newsletter sign up form? Do I do this in Klaviyo? Or in Shopify?

You should do this in Klaviyo since this is where the list lives. 

  1. Click into the list you want to edit.
  2. Select Settings.
  3. Select Consent.
  4. Select Double opt-in.

 

 

 

 

 

 

 

 

 

As far as bulk surpressing or deleting, I had a read through the link you shared and seems like I’ll need to upload a csv list to do this? Is there any easy way to export a list of these bogus profiles? Right now I just keep checking our “new subscriber” segment daily and deleting the bogus sign ups. All the email addresses always have a + sign so can I create a segment that pulls any email with a “+” and then easily get a list that way? 

Yes, use any patterns you notice to filter them out. Unfortunately Klaviyo won’t automatically know a real address from a bogus one, so this will take a little deduction on your part. 


Hope that helps! :)

D
Rank

I am new to Klaviyo and opened an account less than a month ago. I am still creating my forms, and I've published one on a hidden page in Shopify. I don’t get how spammy subscribers can bypass mandatory fields. My form asks for name, email, and phone number; all fields are mandatory. However, I am getting a bunch of spammy subscribers with email only. How is that possible?

kaila.lawrence
Rank
Userlevel 4
Badge +24

@DianaSantos They aren’t being bypassed. Bots can fill out those fields automatically. Do you have double opt-in enabled in your list?

D
Rank

Bots can fill out those field, but the field is empty in their profile. I don’t have double opt in, and I will not add to this specific form because of a marketing strategy I am using.

Reply


Most helpful members this week

Terms & ConditionsCookie settings

Links & Resources

Platforms

Partners

Useful Things

About

  • Terms and Privacy
    © 2024 Klaviyo All rights reserved. Klaviyo and the Klaviyo logo are trademarks or registered trademarks of Klaviyo, Inc. or its affiliates.