fake subscriber issue

Hi @fneumeier!

We actually have some recommendations you can follow when you’re going through a Fake signups attack on your site. Please take a look at this document:

– https://kb.mailpoet.com/article/219-fake-signups-what-to-do

Please let us know if this behavior improves or stops after following the suggestions there.

Cheers!

Thanks. Of course I’ve read the above document before raising the issue here. The recommended steps there do not improve or solve the issue.

Hi!

If you’re using a reCaptcha from Google, we think it must be a normal human doing those signups, as it’s very improbable that a bot would bypass Google’s reCaptcha.

If the signups come from a real human, there’s not a lot we could suggest in this case. You could install a security plugin that tracks the IP of the new signups and then block them or you could install a profile or membership plugin (like https://profilepress.net ) to add a second step of admin approval to each new signup, but we can’t guarantee that would stop the attack.

Thanks.

I switched to Mailpoet and sending from my own server because of privacy issues, so counteracting this by using Google reCaptcha would be totally pointless, unfortunately.

Isn’t there at least a way to prevent Mailpoet from sending subscription confirmation emails to users that are already existing in the database? Because, if this spammer signs up with the same email address (supposedly one that belongs to a real person not related to the spammer) and does that on a daily basis, then this real person gets a confirmation email on a daily basis as well even though he/she never signed up for the newsletter.

Hence, this also is a legal issue concerning GDPR as these emails are to be considered illegitimate.

Simply blocking email addresses that are in the database already from subscribing again would help a lot. Is there a way to do this? Is there maybe a hook in the Mailpoet’s code I can use to write an add-on plugin that checks new subscriptions against the database for existing email addresses and only sends the confirmation email if the address doesn’t already exist?

Thanks and kind regards
Franz

Hi!

Simply blocking email addresses that are in the database already from subscribing again would help a lot. Is there a way to do this?

Actually, this isn’t possible with MailPoet – if someone subscribes to a form several times by using a given email address, the confirmation email is always going to be sent all those times. This is because if we say “this email is registered” or we block the send of that confirmation email then that’s the real violation of the privacy – you’re telling the abuser that the email is already subscribed to that list.

Having said that, the question here would be identifying what’s triggering those emails. I saw you’re already communicating with us via email, so we can continue from there.

Thanks!

Thanks!

Well, you could just pretend that everything is okay without giving the spammer any kind of information; just not send the confirmation email ??

The point is: sending the confirmation email again and again because the spammer subscribes again and again is violating GDPR rules because it is sending unsolicitated emails.

I just wanted to mention that here in case others are running into similar issues.

Let’s continue by email support as you’ve suggested from here …

Hi there @fneumeier,

Thank you! I’m going to mark this as resolved as we’re communicating via email now.

Cheers!