Thwart bots from spamming your newsletter with double opt-ins

Written on June 27, 2021

It is exciting to set up a newsletter and see people sign up. It feels like validation that what you’re putting out there is resonating with folks and they want to keep hearing what you had to share.

But what if the thing you wanted to share was something you didn’t share at all in the first place?

That’s what happened to me recently.

I had set up a newsletter for a project I’ve been playing around with. I had embedded a form on a landing page. But things got a little busy and I wasn’t ready to share with the world my new project.

But to my surprise a couple of weeks after pushing the landing page live, I got a notification in my email that I had a sign up. I was happy and excited. But also curious how this person found my newsletter form.

I hadn’t shared it with anyone and while it had a couple of lines of copy, I don’t think it was enough for search engines to really give much of a lift in their ranking.

Digging into the issue more, I noticed something strange. Aside from the email being an account was name for the entry I had received was garbled—pytVKfwWuMrSk. What this indicates usually is that there is a bot that has found my site and it was filling in predetermined fields and hitting submit.

Entry of a bot with a garbled name

Aside from a person’s email, I alway try to capture their name as well.

Not sure my reasoning behind this other than I think it helps someone build rapport with who they are trying to reach.

I quickly deleted the entry, was a little bummed it wasn’t a real person and moved on.

But then a few days later I got another email notification saying that I had another sign up.

Few days after that, three sign ups in a single day.

My landing page with newsletter sign up was being spammed by a bot.

Ways to thwart bots

To my knowledge there are a couple of technical solutions to thwart bots from spamming your newsletter sign up.

  1. Add a honeypot
  2. Add a captcha

A honeypot is a technique in which you add fields to a web form that deceives bots into thinking it is filling out a regular form. But there are fields that are forward-facing to a user which also are able to record their information.

When the fields that were intended for bots are filled, the form fails to submit, while those designated for humans, would allow for the form to be successfully submitted.

A captcha is a technique to also thwart bots by using a question and answer technique. So for example posing a question that a human might be able to answer correctly but not so easy for bots.

You might be familiar with Google’s reCaptcha which often asks you to select the traffic light in the photo.

Third technique, the double opt-in

The third technique and this is the technique I ended up going with is called the double opt-in.

When a reader signs up to your newsletter, the software for the newsletter will send the reader an email to the designated email. The content of the email should include a link to confirm that you did indeed sign up for the newsletter.

Opt-in link example

Once a reader clicks the link to confirm, then they are fully opted into your newsletter.

I ended up going with using the double opt-in because the effort in order to implement was super low—just had to click a checkbox to turn it on in Buttondown.

UI of Buttondown option to turn on opt-in

Initially when I was going to take action on this spam bot issue, I was thinking to implement a honey pot as from a UX standpoint, it was the least intrusive to an actual reader.

But I didn’t want to spend that much effort for a project I had yet to publicly share.

So instead, reading over Buttondown’s documentation (which is excellent by the way) for any built in solutions, I came across their recommendation of using the double opt-in by making subscribers confirm their email.

Since turning it on I haven’t had any more accounts showing up on my newsletter.

If you manage an email newsletter and are experiencing issues with bots spamming it. Check to see if your provider also has a solution for implementing a double opt-in. It may greatly reduce or eliminate bots from spamming your newsletter.

Stay in touch

Thanks for reading this article. I'd love to stay in touch and share more tips on programming and side projects with you. Sign up and I'll send you my articles straight to your email, you'll also get a free copy of the light themed version of my Git cheat sheet.
Git cheat sheet preview image