Hi, we are hitting an issue where bots are spamming our forms with duplicate firstname and lastname. (like JohnSmith JohnSmith). This is a clear pattern that I can write validation for. Although nothing in Klaviyo seems to allow us to check for this and reject it.
We cannot turn on 2 step submission. It’s already up and running/established without it and will affect metrics.
Forms are embedded.
So my question:
Can I script a new validation rule into the signup forms myself for this? Can I add any js to the form, within Klaviyo?
Or will I have to rewrite 5 forms as legacy, just for the purpose of custom validation? As it seems like Legacy > Embedded when it comes to flexibility...which is...regressive!
Any help appreciated. Thanks.
Hi
Thanks for sharing your question with us!
While the best way to prevent spam bots from signing up via your forms would be to enable double opt-in on your list, I would advise investigating setting up Google reCAPTCHA on your embed form. The setup of Google reCAPTCHA would actually not be a Klaviyo capability, but rather something that would need to be coded onto your website. You can learn more about the Google reCAPTCHA service and how to install and set it up for your website here.
Despite the fact that Klaviyo does not have a direct integration with Google reCAPTCHA and therefore cannot advise on how to how to set this up, several members of my technical team have commented that reCaptcha would still function on Klaviyo forms, so you would not need to create legacy forms to implement this. Furthermore, we have seen multiple instances of reCaptcha appearing for customers using Klaviyo forms without issues.
Additionally, another way to tackle clearing spam bots from your account to prevent negatively impacting your deliverability while still having your List set to single opt-in, would be to perform List cleaning often.
Thanks for participating in the Community!
-Taylor
It’s hilarious that Klaviyo’s first and only reply is “double opt-in.” Anybody who has worked in this industry more than 15 minutes knows that double opt-in, while admittedly the gold standard for preventing bad addresses from joining a list, will decimate list growth rates.
Klaviyo suggests that double opt-in renders list cleaning unnecessary, which is also a joke. List cleaning is always required, regardless of how pure new opt-ins are.
I think the real reason Klaviyo provides ZERO SUPPORT for abuse prevention is that they have a financial stake in the abuse. The more spammy addresses appear on clients’ lists, the higher their monthly revenue. They profit from abuse. No wonder they don’t make any effort to prevent abuse; it would impact revenues.
Hi
I must admit that
My company is investing a relative high amount of money in lead generation campaigns and aims to collect and nurture the contacts using Klaviyo.
If we’re not able to “filter” these clicks at the origin (on the landing pages), even if we implement double opt-in (which we absolutely won’t, because it’s like shooting in your own foot), we’ll end up paying the CPC also for the bots!
I don’t mean to be rude, but for a product as complete and top-notch as Klaviyo, this is beyond disappointing. Are you at least considering to implement such a thing?
Hi all,
Anyone who has been able to integrate Google reCAPTCHA V3 in a klaviyo form? Any example?
Thanks
It’s hilarious that Klaviyo’s first and only reply is “double opt-in.” Anybody who has worked in this industry more than 15 minutes knows that double opt-in, while admittedly the gold standard for preventing bad addresses from joining a list, will decimate list growth rates.
Klaviyo suggests that double opt-in renders list cleaning unnecessary, which is also a joke. List cleaning is always required, regardless of how pure new opt-ins are.
I think the real reason Klaviyo provides ZERO SUPPORT for abuse prevention is that they have a financial stake in the abuse. The more spammy addresses appear on clients’ lists, the higher their monthly revenue. They profit from abuse. No wonder they don’t make any effort to prevent abuse; it would impact revenues.
100% this. This is also in line with their shift in pricing to base it solely on “mailable” contacts in your account, not a factor of the amount of emails you send. There’s no way this wasn’t considered as part of the pricing change as well.
A year after this thread was started Klaviyo still doesn’t have any sort of captcha functionality in its forms but we have all kinds of ‘helpful’ AI features. You also can’t set up any automation to auto-suppress these known spammy addresses even though they expose complicated webhook capabilities, have agentic AI, etc.
I say all this as an agency partner and an individual investor in klaviyo. It’s the kind of thing cooked up to make quarterly earnings reports and stock value go up but grinds every one of their customers.
Log in to the Community
Use your Klaviyo credentials
Log in with Klaviyo
Use your Klaviyo credentials
Log in with KlaviyoEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.