Web Security - Fake Form Submission (Signup,..)

Spam or fake form submissions can be made by:

• a bot (spambot)
• and a human

Example of form:

• newsletter Sign-up
• Account Sign-up
• Comments
• …

Fake form submission happen due to bots that scour the internet looking for signup forms to fill in.

Most fake account/sign up are created by two bots:

• One bot that finds forms and sign up
• An other one that open the emails and click on every single link

• They want to spam via functionality such as Tell a Friend
• They are looking for weaknesses in the site and hoping to exploit it for further gain.
• It could also be to gather your email address and send you spam.
• Damage your email campaigns. Wen a large number of fake signups (with real addresses) send your newsletter to the spam folder. This can trigger your subscribers’ email service providers to mark all your email as spam.

Fake accounts:

• for spamming
  • you,
  • or others via tell-a-friend, messaging, etc.

The newsletter signup can be hijacked by bots to send emails en mass to apparently valid email addresses causing:

• a huge bounce list,
• unhappy email server host,
• and possible contribution to ddos attacks.

causing the server to be Email - Mille and one way to send an email (professional and user)

Protection may be used due to the specific behavior of this bot. See bad bot protection

CSRF token

Spambot are not really good at data generation and a simple data validation is another layer of protection.

To block the creation of fake account, there may be ruled on the name.

• name length validation

For instance, Facebook

See Email - Address Validation

• https://www.convertingcopy.com/5-proven-tips-protect-email-bot-signups-email-list/
• https://mailchimp.com/help/about-fake-signups/
• https://mailchimp.com/resources/how-to-protect-your-email-list-from-bots/
• https://mywifequitherjob.com/how-to-prevent-email-bot-signup-spam/