Deterring Spam Bots


This article applies to:

What is a Spam Bot?

A Spam Bot is any submission to a database that is created autonomously from a third party. The more sophisticated the spam bot, the more difficult it is to identify. Typically,  spam bots occur in two varieties:

  1. The name of the contact is a string of numbers and letters, such as 58faf52f9e0f1
  2. The name of the contact doesn’t match the email address, such as Bob Smith with and email address of [email protected]

Spam bots ultimately serve to increase spam complaints and can damage sender reputation, as well as trigger Email Compliance flags, shutting down the ability to email.

How do you identify and remove Spam Bots from the database?

1.     A quick way to get rid of the 58faf52f9e0f1 spam bot is to do a simple CRM > Contact search for all contacts who have a first name beginning with 5.  Note: You may need to spot check the results for any valid contacts who could be included in this list whose email may legitimately start with a 5.

2.     The spam bots who have valid names and email addresses have to be identified other ways. 

  • Check for any identifying information on “real” contacts that spam bots would not have. This can include tags, opportunities, orders, or specific field data.
  • Try locating the invalid customers using the following methods: 
    • If you have set up double opt-in, the spam bots will be among the group of unconfirmed email addresses
    • Using the Email Status Search, identify contacts who have never engaged, this will often include the spam bots and contacts who are not interested (both are good to remove for list hygiene).
    • If the Spam Bots came from a web form that is no longer in use, you can use the web form tracking report to identify every contact who recently came through that form
    • You can send a broadcast email to your database with a specific call-to-action to click a link or fill out a form. Return to the list at a later date and remove all contacts who have not completed the call-to-action
    • Following the steps in the List Hygiene documentation to clean out un-engaged, uninterested, and spam contacts:

If these methods aren’t sufficient, you may need to manually sort through your contacts and remove invalid contacts, or wait until one of the above methods become feasible.

How do you prevent more Spam Bots from coming through?

Essentially, Spam Bots are pieces of software that scrape the code from web forms, save it externally, and submit data to it via HTTP Post. Luckily, because we can anticipate how the bot is working, you can deter current bots and prevent future bots using a few simple methods.

  1. If the web form is already being targeted by Spam Bots, 
    • You can make a copy of the form in Infusionsoft, delete the original, and replace it with the copy. 
    • This will prevent the Spam Bot from resubmitting to same form until it collects the new code from wherever the customer has posted it to. Note: This is a temporary fix until you deter Spam Bots using the following methods.
  2. Options for deterring Spam Bots:
    • In Infusionsoft, use the double opt-in or email confirmation process for all new contacts. Remove all contacts who do not double opt-in after filling out a form.
    • On all active web forms, from the Settings tab, ensure the box to opt-out of Google reCaptcha is unchecked
    • On active web forms, you could include a question that only a human could get correct, such as “What is the third word of this sentence”. This would allow them to identify everyone with the word “the” as a valid contact. 
    • A quick note on Google reCaptcha:

      Google doesn’t publicize what specifically triggers the reCaptcha, in an effort to make it difficult for bots to work around. However, customers who submit the same form multiple times from the same device will often get the reCaptcha on each submission. This does not mean the contacts of our customer will see the reCaptcha every time. Google has designed the reCaptcha to be very easy on humans.