Web Security - Fake Form Submission (Signup,..)


Spam or fake form submissions can be made by:

Example of form:

Fake form submission happen due to bots that scour the internet looking for signup forms to fill in.

Most fake account/sign up are created by two bots:

  • One bot that finds forms and sign up
  • An other one that open the emails and click on every single link

Why ?

  • They want to spam via functionality such as Tell a Friend
  • They are looking for weaknesses in the site and hoping to exploit it for further gain.
  • It could also be to gather your email address and send you spam.
  • Damage your email campaigns. Wen a large number of fake signups (with real addresses) send your newsletter to the spam folder. This can trigger your subscribers’ email service providers to mark all your email as spam.

Fake accounts:

  • for spamming
    • you,
    • or others via tell-a-friend, messaging, etc.

The newsletter signup can be hijacked by bots to send emails en mass to apparently valid email addresses causing:

  • a huge bounce list,
  • unhappy email server host,
  • and possible contribution to ddos attacks.

causing the server to be Email - Mille and one way to send an email (professional and user)



Protection may be used due to the specific behavior of this bot. See bad bot protection

CSRF Token

CSRF token

Data Validation

Spambot are not really good at data generation and a simple data validation is another layer of protection.

Name Validation

To block the creation of fake account, there may be ruled on the name.

  • name length validation

For instance, Facebook

Email Address validation

See Email - Address Validation

Documentation / Reference

Discover More
Card Puncher Data Processing
Data Validation (Schema Validation)

Data Validation is: the first step in a data processing lifecycle but is also helpful in spam bot protection. To be able to validate, a schema must be available for the data been validated. The...
Email - Address Validation

Email validation : address and reputation See the section-3.4 - Address specification of the 5322Internet Message Format specification Most...
How can I protect myself from Bad Bot (Spambot, Attacker )?

Bad Bots are robots with bad intentions. They are also known as attackers. They walk through: web pages trying to find a form and to fill them trying: to send email in mass to create a fake...
Double Opt In Validation
Newsletter (mailing list, subscription form)

A newsletter signup is a guided navigation that aimed to subscribe a user to a newsletter. There is actually two kinds of process: - no email is send - an email is send known also as unverified...
What is an HTML Form?

form is an element that represents a user-submittable form. When parsed as HTML, a form element's start tag will imply a p element's end tag just before. The pizza order form (taken from the...

Share this page:
Follow us:
Task Runner