How do I prevent customers from abusing the sign-up form?

Badge +1


I found a very similar thread dated from last year on this issue, which was given a great response.

I am still not able to understand how to deal with customers who add random characters to their email address (Which gets accepted on the sign-up form as a new email) but gets directed to the recipients original email. (Gmail lets users do this).

Is there a way for me to avoid customers abusing this?


Best answer by Akers Digital 26 May 2023, 17:02

View original

4 replies

Userlevel 6
Badge +21

Hey @Sahil.M ,
I actually use that Gmail trick all the time. It’s a great tool to manage my personal inbox so I can better set up filters, managing logins, or add some extra security to login/passwords.

I don’t think the double opt-in would solve this. Someone would signup or your newsletter with the email They would then get the opt-in email sent to and be able to confirm it.

There is no real way to fully prevent coupon code abuse. What eCommerce platform are you on? You might be able to set up some rules with the promo codes themselves like one use per customer. Or if you’re on Shopify Plus you can create some workflows that could handle it too.

We had a similar conversation with one of our clients. The question is, do we really care? Although we dont love giving out promo codes, most of our clients are happy to get two sales with a 10% discount code vs just a single sale. 


Other option, use SMS for delivering promo codes. It’s a lot harder to create fake SMS numbers than it is to make fake emails. Isn’t perfect either since there are tons of apps out there that make “burner” phone numbers. 


Thanks for the shout out @Taylor Tarpley 

Userlevel 7
Badge +60

Hi there @Sahil.M


Thanks for the added clarification!


Yes, unfortunately, this is the risk run with offering discounts via signup forms. There isn’t really a setting in place to prevent a singular person from gaining multiple discounts when they use different emails as each different email registers as a different profile. However, I know one of our Champions, @Akers Digital, has a lot of experience with coupon best practices. Tim, do you have any tips for avoiding this or managing this for @Sahil.M?



Badge +1

Hi @Taylor Tarpley,

Thank you for your reply, to answer your question we are actually facing this issue with real customers.
In the past when we ran incentive based sign-up forms, we have had customers enter their same email-ID’s with extra characters (The forms accept it as new emails but gmail sends it to the original email address). This enables the customer to have 2 discount vouchers from us.

I’m just trying to understand if double opt-in is really something that would solve this particular problem we are facing.



Userlevel 7
Badge +60

Hi there @Sahil.M


Welcome to the Community! Happy to help! 


When you say you want to prevent users from adding random character to email and abusing your form, do you mean that you’re observing spam bots of purposefully wrong emails being submitted to you form? If so, it’s considered best practice to enable double opt-in for the list connected to your form to prevent abuse cases like this.


When users submit a form, they are immediately added to the connected List if it’s set to single opt-in. Changing the list setting to double opt-in, however, asks or the user to confirm their subscription a second time before they are added to your Klaviyo list. This way malignant users and list bombing can be prevented as they don’t accomplish the next step of subscription confirmation!


Thanks for partipcating in the Community!