Skip to main content

Are your forms subject to automatic subscriptions?

· 3 min read

How many times have you filled in a registration form like the one below? The data collection, the acceptance of privacy and… I’m not a robot.

What a CAPTCHA is

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a fully automated test to distinguish computers from humans.

Usually a CAPTCHA looks like a quiz, a quick game in which you are asked to solve a question. It can be recognising or deciphering text superimposed on an image, or doing a quick calculation, or identifying details in an image. The famous: select pictures where you see a zebra crossing or a traffic light…

It is not something time-consuming or invasive for the customer and does not impact on the graphic quality of the form.

It serves to ensure that the form is filled out by a person and not by a robot.

In this way, the results of the campaigns are preserved and the brand continues to be recognised as trustworthy by the main email account providers, also helping to prevent listbombing, particularly subscription bombing.

Captcha

The Subscription bombing

Subscription bombing is an attack by spambots, i.e. programs that perform automatic operations, which fraudulently fill in subscription forms or registration forms on various websites.

The purposes of this activity can be manifold, affecting both the recipient of the emails:

  • Disturbing the recipient.
  • Blocking the inbox for some time.
  • Distract from important emails that are lost among those received. Think of the problems that losing a card payment notification or a security alert can cause.

Both on the sender’s side:

  • Damaging the owner of the form by sending bogus contact requests that impact the hygiene of the list and consequently the reputation of the sender.
  • Compromising reputation even in the case of real contacts as unsolicited emails can be flagged as abuse and result in the sender’s IP being blacklisted.
  • Carry out a DoS – denial of service – type attack to drain the resources of the site on which the module is hosted and thus make it unusable.

And what about the double opt-in?

Beware, even if you have activated the so-called double opt-in during registration, the threat is only mitigated. Why?

Abuse reports and subsequent IP blacklisting can also occur as a result of receiving emails requesting confirmation of subscription to a service. Reputational damage can also occur if newsletter senders do not exclude unconfirmed email addresses from being sent. How then to design safe forms?

Don’t stop at double opt-in but make sure that forms always have a CAPTCHA. All of these have been topics of attention for several years, but the increased use of the email channel following the pandemic and the many recent listbombing phenomena with significant impact on various brands have brought the issue to the fore.

The Contactlab platform has long since tested the possibility of inserting a CAPTCHA for subscriptions. This functionality is always active and available when creating a form in Send.