How can I prevent spam bots signing up while keeping my List set to single opt-in?

  • 24 March 2023
  • 4 replies

Badge +3

Hi, we are hitting an issue where bots are spamming our forms with duplicate firstname and lastname. (like JohnSmith JohnSmith). This is a clear pattern that I can write validation for. Although nothing in Klaviyo seems to allow us to check for this and reject it.

We cannot turn on 2 step submission. It’s already up and running/established without it and will affect metrics. 

Forms are embedded.

So my question:
Can I script a new validation rule into the signup forms myself for this? Can I add any js to the form, within Klaviyo?

Or will I have to rewrite 5 forms as legacy, just for the purpose of custom validation? As it seems like Legacy > Embedded when it comes to flexibility...which is...regressive!

Any help appreciated. Thanks.


Best answer by Taylor Tarpley 24 March 2023, 16:28

View original

4 replies

Userlevel 7
Badge +60

Hi @tribedevs


Thanks for sharing your question with us!


While the best way to prevent spam bots from signing up via your forms would be  to enable double opt-in on your list, I would advise investigating setting up Google reCAPTCHA on your embed form. The setup of Google reCAPTCHA would actually not be a Klaviyo capability, but rather something that would need to be coded onto your website. You can learn more about the Google reCAPTCHA service and how to install and set it up for your website here.

Despite the fact that Klaviyo does not have a direct integration with Google reCAPTCHA and therefore cannot advise on how to how to set this up, several members of my technical team have commented that reCaptcha would still function on Klaviyo forms, so you would not need to create legacy forms to implement this. Furthermore, we have seen multiple instances of reCaptcha appearing for customers using Klaviyo forms without issues. 


Additionally, another way to tackle clearing spam bots from your account to prevent negatively impacting your deliverability while still having your List set to single opt-in, would be to perform List cleaning often.


Thanks for participating in the Community!


It’s hilarious that Klaviyo’s first and only reply is “double opt-in.” Anybody who has worked in this industry more than 15 minutes knows that double opt-in, while admittedly the gold standard for preventing bad addresses from joining a list, will decimate list growth rates.


Klaviyo suggests that double opt-in renders list cleaning unnecessary, which is also a joke. List cleaning is always required, regardless of how pure new opt-ins are.


I think the real reason Klaviyo provides ZERO SUPPORT for abuse prevention is that they have a financial stake in the abuse. The more spammy addresses appear on clients’ lists, the higher their monthly revenue. They profit from abuse. No wonder they don’t make any effort to prevent abuse; it would impact revenues.

Userlevel 1
Badge +1

Hi @Taylor Tarpley!

I must admit that @smbiz, for how blunt, is pretty much right!

My company is investing a relative high amount of money in lead generation campaigns and aims to collect and nurture the contacts using Klaviyo.

If we’re not able to “filter” these clicks at the origin (on the landing pages), even if we implement double opt-in (which we absolutely won’t, because it’s like shooting in your own foot), we’ll end up paying the CPC also for the bots!

I don’t mean to be rude, but for a product as complete and top-notch as Klaviyo, this is beyond disappointing. Are you at least considering to implement such a thing?

Badge +1

Hi all,

Anyone who has been able to integrate Google reCAPTCHA V3 in a klaviyo form? Any example?

@Taylor Tarpley It would be nice if klaviyo technical team provided examples and technical documentation since it does not have direct integration.