Web Security - Fake Form Submission (Signup,..)


Spam or fake form submissions can be made by:

Example of form:

Fake form submission happen due to bots that scour the internet looking for signup forms to fill in.

Most fake account/sign up are created by two bots:

  • One bot that finds forms and sign up
  • An other one that open the emails and click on every single link

Why ?

  • They want to spam via functionality such as Tell a Friend
  • They are looking for weaknesses in the site and hoping to exploit it for further gain.
  • It could also be to gather your email address and send you spam.
  • Damage your email campaigns. Wen a large number of fake signups (with real addresses) send your newsletter to the spam folder. This can trigger your subscribers’ email service providers to mark all your email as spam.

Fake accounts:

  • for spamming
    • you,
    • or others via tell-a-friend, messaging, etc.

The newsletter signup can be hijacked by bots to send emails en mass to apparently valid email addresses causing:

  • a huge bounce list,
  • unhappy email server host,
  • and possible contribution to ddos attacks.

causing the server to be Email - Mille and one way to send an email (professional and user)



Protection may be used due to the specific behavior of this bot. See bad bot protection

CSRF Token

Data Validation

Spambot are not really good at data generation and a simple data validation is another layer of protection.

Name Validation

To block the creation of fake account, there may be ruled on the name.

  • name length validation

For instance, Facebook

Email Address validation

Documentation / Reference

Powered by ComboStrap