@Wear Skinnys 

This scenario suggests that bots are exploiting your form's endpoint directly, bypassing the user interface. What that means is that bots are likely targeting the form's backend link directly. They don't need to see the form on your site; they just send data straight to the link that processes the form.

Have you looked at your server logs to see where these submissions are coming from?

You could try using a reCAPTCHA (tool that can help tell humans and bots apart) or Hidden Fields (Honeypots) which adds fields that users can’t see but bots will have to fill out. If these fields are filled out you know it’s a bot.

Klaviyo has discussed reCAPTCHA as an approach in their community, mentioning that while Klaviyo itself does not provide reCAPTCHA integration, it can be implemented on your website to work with Klaviyo forms. You can find more details in the Klaviyo Community.

Hidden fields might be difficult to setup, as it requires a bit of custom code in the HTML.

I would also consider contacting Klaviyo support, if the issue persists.

Hope this helps:)

All over the world, back to back.

You could try using a reCAPTCHA (tool that can help tell humans and bots apart) or Hidden Fields (Honeypots) which adds fields that users can’t see but bots will have to fill out. If these fields are filled out you know it’s a bot.

I can tell which are bots simply because they’re using a form that doesn’t actually capture user data. I can isolate them so they don’t go into an email flow, but they still litter my profile list and get pulled into Shopify.

It’s wild that Klaviyo is allowing this to happen. There’s no reason they should be accepting form submissions from a form that doesn’t capture data.

I wish I could just set up a filter that automatically deletes any profile (or stops a profile from being created) under some condition (such as this particular form being the source).

@Wear Skinnys 

Thanks for the explanation on the thread.

Are you using a single opt in on the form? You could try using a double opt in. This should help in preventing bots from signing up. It’s a process through which a new subscriber must confirm their subscription before being subscribed to a given list. 

Here is a helpful Klaviyo article that could assist you:
https://help.klaviyo.com/hc/en-us/articles/115005251108

I would also contact Klaviyo support, if the issue persists.

Hope this helps :)

Hi there @Wear Skinnys, 

So sorry to hear about the frustration you’re facing due to these bots! We have seen an uptick in bots and are working on a more native solution to combat this. 

@eCom2Win_Marketing is right that all forms have an endpoint that these bots are accessing, regardless of whether there is an email button or not. 

Please let me know if you’re still facing rampant bot signups after implementing these recaptcha or honey pot features! Here’s a helpful thread relating to it!!

-Taylor

I don’t need to implement those, and they’re not even relevant to me.

I don’t need a recaptcha on a form that doesn’t collect information because it doesn’t really act as a form. And I don’t need the honeypot technique because the bots are only targeting one form that I can easily separate out.

But nonethless it’s filling up junk data that then makes its way into Shopify and requires a manual removal.

It’s wild that Klaviyo is leaving these endpoints susceptible to submission where inputs and submit buttons haven’t even been used.

I’m tempted just to duplicate the “form” (which is really just a pop-up not a form) and disable the old one.

But then the bots might try targeting some other form of mine.

Lol. It’s not even really a form!

I don’t want to implement double opt-in sitewide for all the obvious reasons no one wants to do it, so I hate that recommendation in general.

But are you saying there’s a way to implement a double opt-in on JUST this form-that’s-not-a-form?

Why does Klaviyo allow this to happen?

Agreed this is an infinite loop. It does mean more subscribers. (Sorry being cynical) Wasn’t a Klaviyo hosted form considered best practice? The cost appears to be more spam signups. I don’t think this should be a trade off you have to make. Why can’t we have re-captcha support? At least on the roadmap?

Klaviyo Sign Up-Form vs Shopify Sign-Up Form | Klaviyo Community

Here are some other threads that would be insightful for Klaviyo form best practices

• Signup Form Best PracticesTUTORIAL

• Summer AMA: Signup Forms and Building RelationshipsINTERVIEW

Derek Giles