Support » Fixing WordPress » Block unwanted spam Mailchimp subscribers

  • I am being plagued with unwanted spam subscribers to Mailchimp: around 50-100 a day.

    Is there a way of blocking these, or introducing a captcha?

    It is frustrating and time-consuming having to delete these subscribers manually (mainly yahoo.com and nokia). I am considering removing the Mailchimp form and simply asking would-be subscribers to contact me privately.

Viewing 15 replies - 1 through 15 (of 24 total)
  • We have been too! I’ve been in touch with Mailchimp and they are aware of the issue and are trying to resolve it but saying that, I reported it near the beginning of December. Do get in touch with them though as the more people that say they’re going to look elsewhere for a newsletter subscription service then the more they might actually attempt to do something about it.

    I’m looking into the CAPTCHA / Mailchimp solution today so I’ll report back if I find anything out.

    Yes, adding a Captcha would be the right to do. You may also want to go through this Codex Page to avoid spamming on your WordPress site. And there are no captcha plugins too, if you wanna try one of those.

    Here is what Mailchimp says. I am using the plugin Genesis eNews Extended, but replaced this on one site with direct Mailchimp embed forms. I cannot see any difference at all, and certainly no honeypot field.

    I have not used Wufoo, which I strongly think is something Mailchimp itself should provide. My sites are http://www.leaseholdknowledge.com and http://www.carlex.org.uk

    Mailchimp’s response:

    Thanks for contacting MailChimp support. I totally understand the concern with those spam signups in your list, and I apologize for any inconvenience that you’re experiencing with this. I am willing to help in any way that I can.

    I took a look at the webpages that you sent over, however, it appears that a third-party signup form widget is being used rather than a MailChimp Embed Form. And, as you mentioned, I can see that the widget is not using any type of CAPTCHA field or preventative measure. In cases like these, one way to prevent spam signups may be to use an embed form rather than a widget form since all MailChimp embed forms include a Honeypot field that is designed to prevent spam bots from completing the form. For more information on how to include the MailChimp embed form, here’s a guide that will walk you through that: http://eepurl.com/gOGN#Embedded-Form-Options

    The best way to prevent those signups moving forward would be to use a CAPTCHA field. Though MailChimp forms do not come with a CAPTCHA field by default, this can be added using one of our integrations. One that I recommend would be Wufoo. Here’s an article that talks more about that integration: Integrate Wufoo with MailChimp: http://eepurl.com/ia25. A CAPTCHA field prevents spam bots from signing up by requiring that a random set of text is entered to confirm that it is indeed a human that is trying to sign up.

    If you still continue to experience trouble with spam signups after you’ve put these measures in place, please let us know immediately, and we’ll glad to look into this issue further. I completely understand how much of an inconvenience this situation can be, and I appreciate your understanding.

    Thank you,

    Basically it’s the same rubbish they told me. You should not need to add a CAPTCHA field with a double-optin form – that’s the whole point of having double optin.

    What I did yesterday, which is not an ideal solution at all is to use the Mailchimp plugin https://wordpress.org/plugins/mailchimp-for-wp/ along with Contact Form 7 and create a form with a CAPTCHA field.

    I”ll let you know over the next few days whether this has been successful.

    I have sent this to Mailchimp.

    There should be a simple way of blocking blatant spam subscribers, from which Mailchimp potentially makes financial gain.

    I find it astonishing that Mailchimp does not take spam subscribers seriously and expects paying customers to sign up to a third party provider to deal with this well attested problem.

    You will see on WordPress that other customers feel the same way.

    https://wordpress.org/support/topic/block-unwanted-spam-mailchimp-subscribers?replies=5#post-6402346

    The worst aspect of this is that the more bogus subscribers you attract the more you pay Mailchimp.

    Is this why Mailchimp is not taking basic steps to address this issue?

    This is annoying enough to make me research alternatives.

    I have replied to this from Mailchimp.

    The key issue here is that Mailchimp gains financially from bogus subscribers and should do something to prevent them. (I am a paying customer of Mailchimp.)

    On one site, http://www.carlex.org.uk, I adopted the embed Mailchimp sign-up form.

    On http://www.leaseholdknowledge.com I use the plugin Genesis eNews Extended form. I am unable to see any difference in either process: ie the “honeypot” field on both appears to be the same.

    All my sites use double opt-in Mailchimp forms.

    I am disappointed that you suggest I repeat my complaint in another department of Mailchimp rather than address it.

    My key concern is that Mailchimp makes financial gain by additional subscribers to the sites, whether bogus or not.

    That should be addressed. Suggesting that I try out a third party captcha service such as Wufoo is an inadequate response to this important issue, which is being discussed on WordPress.org.

    That was my response to this:

    Thanks for writing back to us. I’m happy to offer my assistance here.

    MailChimp uses the double opt-in process so that subscribers’ identities can be verified to reduce the possibility that a spambot can automatically subscribe to your form. The MailChimp-generated embedded form code also includes a “honeypot” field that is used to prevent spambots from autofilling forms to be added to a mailing list. It is also possible to use the Wufoo integration to create a custom form with a CAPTCHA that would further prevent spammy signups.

    Switching from a single opt-in signup form to a double opt-in MailChimp form with the “honeypot” field, or switching to a Wufoo form with additional confirmation steps, can prevent spammy signups. Despite this, however, spammers are innovating every day and have been able to circumvent these measures as well. We are always monitoring these situations and looking for ways to stay a step ahead.

    One way that users can assist with this situation is to submit requests for features to our development team, as user feedback is one of the main drivers of future versions of the application. Here’s the link to our Feedback form where you can request that feature if you’d like to check that out:

    http://mailchimp.com/contact/feedback/

    I hope this was of assistance to you. Please let us know if you have any further questions, concerns, or feedback with this issue, we’re always happy to offer our assistance. We look forward to hearing back from you soon. Take care!

    Well, I’ve successfully stopped spam subscribers by using the combination of Contact Form 7, Really Simple Captcha and the Mailchimp WordPress plugin but this really has to be a very short term solution.

    The whole point of a newsletter signup is that it’s very very simple i.e. an email field and submit button. Having to make users also complete a CAPTCHA field should not be necessary.

    I am being plagued with unwanted spam subscribers to Mailchimp: around 50-100 a day.
    Is there a way of blocking these, or introducing a captcha?
    It is frustrating and time-consuming having to delete these subscribers manually (mainly yahoo.com and nokia). I am considering removing the Mailchimp form and simply asking would-be subscribers to contact me privately.

    Since I have not used Mailchimp’s paid service, I am not sure what exactly is the issue. Where are you getting the spam subscriptions? Are you using their subscription forms as a widget or as pop-ups?

    Despite this, however, spammers are innovating every day and have been able to circumvent these measures as well. We are always monitoring these situations and looking for ways to stay a step ahead.

    Brilliant. So, what is Mailchimp’s job, praising them?!

    The key issue here is that Mailchimp gains financially from bogus subscribers and should do something to prevent them. (I am a paying customer of Mailchimp.)

    Maybe you should shift to some other newsletter subscription solution. Don’t give them your hard-earned money if you aren’t cared for.

    BFR:

    I am on the case looking at other newsletter subscription solutions.

    The problem arises from the Mailchimp sign-up forms, which do not make (much) effort to prevent spam subscribers. There isn’t a captcha process, for example.

    Worse, the more who sign up, the more you pay. So why bother to control spam subscribers?

    Here’s what Mailchimp had to say (let’s just say it doesn’t look there’s going to be a solution anytime soon and so I shall be looking at Campaign Monitor and Aweber as alternative solutions).

    I know it sucks to have deal with the fact that a bot has targeted you and your client’s website. What we’re seeing with your case specifically though is a bot that has been designed to leverage the fundamental way that forms work. This makes implementing any potential long term solutions complicated at best.

    While we’re definitely concerned about these bot signups, any sustainable long term solution would involve changes to the entirety of our signup process which is going to take both time and careful consideration.

    I understand the urgency in this situation, and I can assure you that myself and MailChimp are concerned about these signups, and we’re working to come up with a reliable and sustainable resolution that’s easy to use.

    Another Mailchimp reply, this one suggesting an alternative spam subscriber procedure.

    Anyone got a view on this?

    Thanks so much for getting back to us. We can definitely understand your frustration with these recent spam signups that have been occurring. While they can indeed increase the number of subscribers on your lists, they can definitely have a negative effect on the health of a user’s list. So, our developers are definitely working as best they can to stop these signups from coming in.

    With our most recent update, our developers were able to add an option to our hosted signup forms to allow users to enable a CAPTCHA using Google’s new one-click recaptcha system in order to help separate bots from real humans. You can find more about that in the following article, under the section titled ‘Tips for customizing your forms and response emails’:

    Create Signup Forms and Response Emails: http://eepurl.com/BQS3r
    Because the Google’s recaptcha can only be enabled based on the domain, the built in recaptcha system is currently only able to be enabled for the hosted forms for each list and not for embedded forms. However, you may be able to manually add a recaptcha to your embedded signup form by following the steps on their site to add the generated code to your webpage. You can find that page here:

    https://www.google.com/recaptcha/intro/index.html
    In addition, another option that may help would be to add a required radio button field to the list. Many of the signups appear to only be submitting information to basic fields, so adding a radio field with options such as ‘Yes I’m human’ and ‘No, I’m not human’ can help to prevent them from joining the list. However, we’re also definitely continuing to investigate other avenues as well.

    Let us know if you have any other questions or concerns. We’re always happy to help! Have a great day!

    Adding the radio button does not work. I tried this and explained to them that this does not work!

    Think I’m going to look elsewhere i.e. Campaign Monitor or Aweber.

    Caprilli

    Worse, the more who sign up, the more you pay. So why bother to control spam subscribers?

    Very true.

    greencode + Caprilli

    Here’s what Mailchimp had to say…

    Another Mailchimp reply, this one suggesting an alternative spam subscriber procedure. Anyone got a view on this…

    So, they don’t talk about the money part at all? That you pay extra money – which isn’t right…?!

    Hello Caprilli,

    The fake emails get a hard bounce when you send out the newsletter and automatically removed from your list, therefore you don’t need to delete those manually. You can read about this on the following link: http://kb.mailchimp.com/delivery/deliverability-research/soft-vs-hard-bounces

    By the way, I recently developed a MailChimp supported Premium WordPress Subscription Plugin that works with AJAX and has an email validation. With this way the form can’t be submitted easily by robots. Of course it is impossible to prevent user mistakes. You can check the plugin here: http://sympies.com/simple-signup-form/

    Best regards,
    Pantherius

    As a short-term measure, I have removed the newsletter sign-up forms and replaced them with static images that are linked to the Mailchimp hosted sign-up, which has reCaptcha.

    This is only on the opening page; embed sign-up forms are present if you open up “news” or other categories.

    I am curious to see whether this limits the bogus sign-ups.

    I am not convinced the spam sign-ups are deleted after a newsletter is sent. I have found some spam email addresses present that subscribed some time back.

    In will report back.

Viewing 15 replies - 1 through 15 (of 24 total)
  • The topic ‘Block unwanted spam Mailchimp subscribers’ is closed to new replies.