How to avoid signup form subscription bombing


As I’m sure you know, subscription bombing is not pretty and expensive. Having your form signed up to thousands of times in an hour by what is essentially a virus in a ddos attack is the worst. So here’s how to avoid signup form subscription bombing.

1. Double Opt-in

Also known as Confirmed Opt-in (COI): Someone signs up, send them an email with a link in it. If they click it they get in; if they don’t, they don’t, it’s as simple as that.

Well before subscription bombing was a thing, this was ‘best practice’. Listed in every ISP’s bulk sender guidelines; cited by every spam blocklist as proof of unsolicited email; often named the list killer by most B2B email marketers, the needless added barrier to that all so valuable foot in the door.

For the most part, only people who want to be on the list will click that link in the confirmation email they get after signing up. If you get unlucky, lazy or stupid and hit a trap with a COI, it’ll get you notified before blocklisted.  Senders who are scared they’ll lose those people aren’t confident in their own brand and the exclusivity of their list.

2. reCaptcha

Google’s completely free and far prettier version of the captcha, where you have to tick a box and Google and will decide if you are a human or not. If it can’t decide it’ll ask you to click some pictures, just the ones with road signs in or house numbers etc.

Only a human would be able to get to those and match those images, like the original captcha but google does a little bit of checking first.

Also there is now an invisible version, so you don’t even have to tick a box. Its very new and the UX of it is yet to be accepted.

Just login with a google account, get the code and follow the instructions.


One thought on “How to avoid signup form subscription bombing

Comments are closed.