Simple Email Marketing
Home > Have a question? We're here to help. > Account how-to > Bot signup identification and removal

Bot signup identification and removal

While audience growth is usually something to celebrate, a sudden spike in subscribers could be a sign of trouble. Signup forms that don't include ReCAPTCHA — to verify that the signup is being submitted by a human — are vulnerable to spambots.

A spambot is an abusive computer program that signs up a large number of real or fake email addresses to thousands of mailing lists. They can cause issues with your reporting, sender reputation, and deliverability.

This article explains how to identify and remove spambot signups from your audience, and how to protect yourself against future attacks.

Symptoms of a spambot attack

Spambot attacks can significantly damage your sender reputation, and reduce your delivery rates. Typically, victims see an increase in spam complaints, bounces and unsubscribes, as well as decreased open rates.

Spam complaints increase when real email addresses are added by spambots without the owner's permission, or knowledge. Imagine your email landing in hundreds of inboxes of people who have never heard of you, or have no idea how you got their address. Some people may delete your email or unsubscribe instead of making a complaint, but this still negatively affects your sender reputation.

Even unopened emails are bad news. In email deliverability terms, low open rates are a clear signal that your recipients are not engaged with you, your brand, or your content. Lack of engagement is a factor in the delivery of future emails, and can even lead to your messages being blocked.

High bounce rates are another side effect of spambot signups. Sending to a group corrupted with hundreds of fake email addresses results in hundreds of hard bounces. If bounce rates are sufficiently high, email servers may reject or block your emails entirely, and you could start to see bounces from legitimate recipients.

Spambots also increase your risk of acquiring spam trap email addresses, because some use email harvesting techniques to find addresses to add to your audience. One of these techniques is "scraping" websites for email addresses, which is a sure fire way to collect pure spam traps.

Identify and remove fake signups

As explained above, there are many signs to alert you of a potential spambot attack. If you think a spambot may be attached to your audience, you should identify the fraudulent addresses and remove them.

Identify fake signups

In some cases it's easy to spot fake signups because the addresses look very spammy. Or, you might see a batch of signups that share a common characteristic, such as a consecutive number string, a random alphanumeric string, or domains that contain the same word, for example:





Start by exporting your audience, including all contact fields so you can look for oddities. Here are some other things to look out for:

  • A daily influx of new subscribers — A spike of new signups from the same domain at the same time every day, using addresses from free webmail hosts like Hotmail, Yahoo, and Gmail.

  • Many signups within minutes/seconds — A large volume of email addresses added in an unlikely amount of time can be cause for concern.

  • Invalid email addresses — It's normal to occasionally collect invalid email addresses, but more than a couple for every 10-15 signups is a warning sign.

  • Personal instead of corporate addresses — An uptick in or subscriber addresses is normal for some audiences. But if your business model is B2B and you typically attract corporate email addresses, this could be cause for alarm.

  • Corporate instead of personal addresses — The opposite of the aforementioned; an increase in corporate addresses when most of your subscribers are personal.

  • Sudden, frequent signups from foreign domains — If your audience primarily contained .com addresses and you suddenly see, for example, an influx of or .ru addresses, a spambot could be to blame.

If you can determine a pattern, the next step is to create a segment using that pattern to isolate the fake signups. See the instructions below.

Isolate the fake signups in your audience

You can build segments to isolate fake signups, based on information like "Date subscribed", "Name", "Email address", "Location", custom contact fields, or a combination of these.

For example, if a name, phrase or set of numbers are repeated in the signup details, you can segment them by creating a rule based on name or email, then choose "contains" as the condition.

Remove fake signups from your audience

Instead of simply deleting spambot email addresses from your audience, it's a good idea to change their status to opt-out. After you've created a segment to isolate the fake signups, follow these instructions to change the status:

  1. Click Audience, then select Segments in the left sidebar.

  2. On the "Segments" page, click the segment you created for fake signups.

  3. From there, click the Actions drop down and select Change status of all.

  4. Select Opt-out and click Save.

ReCAPTCHA-enabled signup forms

While spambots are always evolving, you can help protect yourself by using a signup form with ReCAPTCHA, which requires signups to verify that they're human. Our signup forms have ReCAPTCHA built in and is enabled by default.

If reCAPTCHA is enabled for your form, the option to "Use a Javascript object" will not be available. To use Javascript, deselect the "Enable reCAPTCHA" checkbox in the "About this signup form" section at the top of the form customization page.

Screen Shot on 2019-02-12 at 12:43:10.png

Last modified



This page has no classifications.


Emma phone support will be unavailable on November XX, between the hours of XX:XX and XX:XX. You can still contact support using the link above and we will respond as soon as we can.

App status