A robot has won my iPad competition

megatron

If you run a competition and ask people to enter it by providing you with an email address, as well as other details, you run the risk of a having that form filled out by an Automated Competition Bot.

Basically there are services which trawl the web looking for competition entry forms so they can fill them out. Some of them are just trying to ruin a competition, some of them are one person trying to win as much free stuff as they can and some of them are offering a service where someone else can put their details into a tool and that tool will enter them into as many competitions as it can.

Either way, this means that some of the entrants to your competition have not seen your site or your brand and just want something for nothing.
Presumably this defeats the object of your competition which, in this and many cases, is to provide brand awareness, build a list of at least intrigued people and offer at least one of them a prize in reward.

You will always get some people who just want the prize, especially if it is a good prize; but if you offer too good a prize the bots will find you. If for instance you create a lovely landing page for your prize draw for a free iPad, the bots will find you!

If you’ve been got, you might see that you have a lot more entrants than you expected and when you see the list you might find a high volumes of a few domains which you don’t recognise as a commonly used consumer domain like the hotmails and gmails most of you would expect to see.

Here’s a list of some of the ones I’ve seen or have found during our research:


2rainmail.org.uk, barchor.org.uk, bestmailforyou.co.uk, cannotmail.org.uk, course-manager.co.uk, crymet.org.uk, darklin.info, drecom01.co.uk, easybusinessemail.info, freemailstore.com, freggnet.co.uk, hoodmail.co.uk, indigoable.net, kreahnet.org.uk, laurelbaker.net, lonynet.oeg.uk, mailbreaker.co.uk, meandmine.info, mobiledatamail.com, moussenetmail.co.uk, movenextweb.com, mywheelbox.org.uk, navyngrey.com, pluntermail.org.uk, prainnet.org.uk, purpleweb.info, rackernet.org.uk, railosnet.co.uk, rottmail.co.uk, runracemail.org.uk, runwaynet.org.uk, satinmaker.info, sherrymail.co.uk, shortsmail.co.uk, stickique.com, stonetimenet.co.uk, tangerineinternet.com, telph1line.org.uk, threemailnet.co.uk, tigerweb.org.uk, tyermail.org.uk, wonandron.co.uk, wormail.co.uk, yourmail4you.com

If you do not want them entering, you will have to put some extra security into your competition form.

Common solutions include:

  • Captcha methods: A form widget which offers a picture of numbers and letters for the user to enter as they submit the form.
  • Hidden field entry: Have a hidden field which a human user cannot enter details for but the bot might as it blindly provides values for every field in pages HTML. You can then simply reject all entrants with a value in that hidden field.
  • Domain rejection: Hold a list of known bot domains and reject any entrants using email addresses in those domains.
  • Double Opt-in: Send an email directly back to the entrant containing a link for them to click in order to complete their entry; this confirms their interest and the fact they own the address.
  • Server side processing: (this is a bit techy) often the easiest way to perform this kind of validation client side using javascript. It is very easy for bots to bypass client-side javascript, so it helps if the validation can be done server-side.

Google and much of my research suggests that Loquax has a great resource for more information, whether that was deliberate or not?

 

2 responses to “A robot has won my iPad competition

  1. Good shout Bill!
    A solid solution to this problem is to do everything you can to fully validate each address at the point of collection. Validation services, of which FreshAddress are a market leader, offer an instant solution to potentially problematic data collection points. If you’ve ever had this problem, you should definitely explore this option.

    Like

Comments are closed.