Log In

Don’t let spambots become the enemy of your company! Get prepared and get protected with these helpful steps.

What exactly is a “spambot”? A spambot is a malicious program designed to collect email addresses and information from online forms, chat rooms, comment sections, and websites. This information is usually collected to build lists for sending an unsolicited email, or spam.

While you may have a polished webform (often a sign-up or registration form) ready for prospective and existing subscribers, your good work with words won’t necessarily stop a spambot from joining in for the ride. Spammers use spambots, or computer programs, to target unprotected webforms.

These spambots are designed to complete a task over and over again. This may be to enter an email address in your form to create a mass influx of bounces or spam complaints, or they may use your form’s automated responses and edit their content. Weird, irrelevant or even inappropriate messaging could appear to be coming from your company account, sending you into a tailspin!

If a spambot turns into a barrage of spam complaints, that’s your sending reputation on the line – meaning your emails will have a hard time making it to the right place in your customers’ inboxes in the future. This can turn into “subscription bombing”, where an attacker relies on YOUR email campaigns to send a barrage of unwanted emails at their targets, all without you knowing or playing a part. This overload of emails renders your customers’ inboxes useless, leaving your company looking like a pest.

Often these spammers aren’t attacking you personally, they don’t have anything against your company in particular, they just happened to discover an unprotected form – and then they set to work. We’re here to help you lock the door, close the gate and take that opportunity away.

We’ve put together a list of protective tips to reduce the possibility of spambots getting to you. While there’s no one perfect solution, there is a combination of actions you can take, and we recommend you keep an eye out for new actions to come.

Make things hard for the spammer

Finding the balance between making things easy for a customer but too hard for a spambot is a tough one. Too hard and you lose subscribers, too easy and you gain spammers – yikes! One easy place to start is by never sending emails that include content from a comments section or message board – this is how a simple webform becomes a treasure trove for a spambot.

For example, if you have a comment section on your webform, don’t then send the commenter an automated response. If the webform sends a copy to the submitter, a spambot can add an unsuspecting victim’s email address as the submitter. Your form can then send spam to hundreds of people. A spambot can also fill a comment section with something unsavory that a lot of your customers will then receive. That’s a hit to your reputation you want to avoid!

Blacklist suspicious IP addresses

If you see suspicious activity all coming from a single IP address, you can choose to blacklist it to avoid spammer behavior. This may take some trial and error, as well as some serious monitoring.

Perhaps set up a limit of available forms so you can block ones that exceed that limit in a short period of time.

Use a double opt-in on your webforms

To protect your form, add an extra sign-up step. When someone adds an email address to your form, send a confirmation link to that email address. This requires the user to access their inbox, open the email and click the link. This can verify that the email address is real and so is the user. A spambot is more unlikely to do this double opt-in process, and any users who don’t complete this shouldn’t be added to your list.


CAPTCHA is a plugin that generates randomly selected text that is displayed in a way that makes it hard for a spambot to decipher. Your user can enter it correctly to move forward, and you can avoid spam – win win! Just make sure it’s not overused so visitors don’t become too frustrated. CAPTCHA is an excellent option for your more significant webforms.

Add fields that only spambots can see and fill in

Use CSS or JavaScript to create a field that is hidden from customers but is seen by spambots that only read HTML. Any of your webforms that have this field filled in have clearly been completed by a bot, so can immediately be discarded as spam. These fields are also known as “honeypot fields”, used to trap spambots. But be aware that some bots are becoming more and more advanced, meaning that a 100% effective solution is a little more elusive than a single tool or trick.

Use filtering on your webforms

Put together those unmistakably “spammy” keywords and set up your webform to reject them. Submissions you may want to think about denying will feature words or symbols you know aren’t relevant to your company or form, like: ‘$$$’, ‘Meet Singles’, ‘Earn Extra Cash’, ‘Eliminate Bad Credit’, ‘Click Here’, ‘Join Millions’ and many more.

You don’t have to stop at keywords either. Think of URLs or email addresses you wouldn’t expect to join, like a Russian address (mail.ru) entered for a New Zealand company, or keep an eye out for top-level abused domains like .buzz, .ryukyu or .tk.

Use test questions

Just like a honeypot is impossible for people but easy for a bot, a test question is simple for a human but can cause some real issues for a bot. Go for an easy math equation or a super simple question, such as: “What is the day after Monday?” or “What color is a lemon?”. A spambot is likely to answer incorrectly so you can take control and reject their submission.

Get started on beating the bots before they even get a foot in your door! These handy tips are a great way to get started on protecting your webforms and creating top-quality lists for your site.

Leave a Reply

Your email address will not be published. Required fields are marked *

Ready for better email delivery?

Try SMTP2GO free for as long as you like:

Try SMTP2GO Free → Paid plans available for over 1,000 emails/month.

Ready for better email delivery?
Try SMTP2GO free for as long as you like:

Try SMTP2GO Free See Pricing