How to deal with junky spammish email signups from Russia

Sydney Moyer

Hi all,


I recently noticed an odd spike in email signups over the past month as I was going over some reports, and as I looked through the list of new names, I noticed a lot of junky email signups with gibberish first and last names, and many with Russian email addresses. My organization works only regionally in New England, so there's no logical reason anyone from Russia should be signing up, much less a bunch of spammy looking emails with jumbled names.

I'm wondering a) if this will affect my email deliverability, and b) what I can do to get these folks off my list en masse, for good. I currently don't have a list hygiene mechanism in place, but wondering if there's a short term solution that I can implement now aside from that. 


It looks like many of the signups originated from the "Forward" link in our emails, which links to this forward/signup page, if that makes any difference: http://action.clf.org/site/TellAFriend?msgId=18129.0&devId=53713


Would love anyone's insight – has this happened to you before? How did you handle it? Is there anything I should be aware of as I tackle this?


Thank you!


- Sydney Moyer

Conservation Law Foundation

Ami Defesche

Sydney Moyer:

Hi all,


I recently noticed an odd spike in email signups over the past month as I was going over some reports, and as I looked through the list of new names, I noticed a lot of junky email signups with gibberish first and last names, and many with Russian email addresses. My organization works only regionally in New England, so there's no logical reason anyone from Russia should be signing up, much less a bunch of spammy looking emails with jumbled names.

I'm wondering a) if this will affect my email deliverability, and b) what I can do to get these folks off my list en masse, for good. I currently don't have a list hygiene mechanism in place, but wondering if there's a short term solution that I can implement now aside from that. 


It looks like many of the signups originated from the "Forward" link in our emails, which links to this forward/signup page, if that makes any difference: http://action.clf.org/site/TellAFriend?msgId=18129.0&devId=53713


Would love anyone's insight – has this happened to you before? How did you handle it? Is there anything I should be aware of as I tackle this?


Thank you!


- Sydney Moyer

Conservation Law Foundation

Hey Sydney. So sorry that you're having to deal with this. Fake e-mail sign-ups are truly the worst and it's so difficult to diagnose where they're coming from. It looks like you have a captcha on that forward page, which would have been my first recommendation. It might be worth trying a stronger captcha if that's an option for you. Otherwise, this KB article may help you clean out the bunk e-mails: https://kb.blackbaud.com/articles/Article/94767


I will definitely leave this open for any other to offer feedback. I'm certain you aren't the only one who's tackled this particular issue. 

Sydney Moyer

Thanks Ami, those are really helpful suggestions! I will try both.

Kim Ethridge

Ami -

I don't believe LO provides any options for strengthening captcha. It just provides the one. If that isn't accurate I'd love info on how to make such a change.

Kim

Sara Johansen

I have been dealing with this issue as well - receiving junk email sign-ups in the hundreds each week. We haven't come up with a solution for stopping the sign-ups, but I have used query and groups to isolate the junk records into a group so we can exclude the group from any emails we send. I also log a case with Luminate Support every week or so to have them remove those records.

Sara

Alicia Searfoss

Sara, what do you query on for these?  I haven't figured out the best one to zero in just on these.

Sara Johansen

Alicia Searfoss:

Sara, what do you query on for these?  I haven't figured out the best one to zero in just on these.

Ours seem to be coming through a sign-up that doesn't require the first and last name (which is one thing we are in the process of changing) and from a specific origin subsource code so I query on the name being blank and the origin subsource code. I am sure I am missing a few real sign-ups with this process but it was the best I could come up with.

Erik Leaver

You might also want to change the default for the opt-in language on this particular page. Making this an opt-in instead of an opt-out may decrease some of the spammy email addresses. 

Brian Mucha

Kim Ethridge:

Ami -

I don't believe LO provides any options for strengthening captcha. It just provides the one. If that isn't accurate I'd love info on how to make such a change.

Kim

I agree. I think your only option is building your own form with the Survey API. If you were doing that, you could use the actual Google CAPTCHA service or any other alternative.

Brian Mucha

Sara Johansen:

I have been dealing with this issue as well - receiving junk email sign-ups in the hundreds each week. We haven't come up with a solution for stopping the sign-ups, but I have used query and groups to isolate the junk records into a group so we can exclude the group from any emails we send. I also log a case with Luminate Support every week or so to have them remove those records.

Sara

As part of that support ticket did they really look at the bad records? These could very well be originating from the same IP block that support could blacklist. They push back on this a bit, but how many real Russian sign-ups will you miss? Hundreds a week sounds like it would be worth trying.

Sydney Moyer

Sydney Moyer:

Hi all,


I recently noticed an odd spike in email signups over the past month as I was going over some reports, and as I looked through the list of new names, I noticed a lot of junky email signups with gibberish first and last names, and many with Russian email addresses. My organization works only regionally in New England, so there's no logical reason anyone from Russia should be signing up, much less a bunch of spammy looking emails with jumbled names.

I'm wondering a) if this will affect my email deliverability, and b) what I can do to get these folks off my list en masse, for good. I currently don't have a list hygiene mechanism in place, but wondering if there's a short term solution that I can implement now aside from that. 


It looks like many of the signups originated from the "Forward" link in our emails, which links to this forward/signup page, if that makes any difference: http://action.clf.org/site/TellAFriend?msgId=18129.0&devId=53713


Would love anyone's insight – has this happened to you before? How did you handle it? Is there anything I should be aware of as I tackle this?


Thank you!


- Sydney Moyer

Conservation Law Foundation

Thanks all for the feedback and helpful suggestions. It's true, Luminate won't let you customize the form to strengthen the CAPTCHA, so I just disabled it. I suppose I shouldn't be surprised that Luminate is behind the times on this and leaving us open to vulnerabilities, but it is a little disappointing that this functionality is so limited and ultimately unhelpful.

Sydney Moyer

Brian Mucha:

Sara Johansen:

I have been dealing with this issue as well - receiving junk email sign-ups in the hundreds each week. We haven't come up with a solution for stopping the sign-ups, but I have used query and groups to isolate the junk records into a group so we can exclude the group from any emails we send. I also log a case with Luminate Support every week or so to have them remove those records.

Sara

As part of that support ticket did they really look at the bad records? These could very well be originating from the same IP block that support could blacklist. They push back on this a bit, but how many real Russian sign-ups will you miss? Hundreds a week sounds like it would be worth trying.

 

How would you be able to tell what IP block they're coming from? Is it possible to query on that?

Brian Mucha

It looks like many of the signups originated from the "Forward" link in our emails, which links to this forward/signup page, if that makes any difference: http://action.clf.org/site/TellAFriend?msgId=18129.0&devId=53713

Do these sign-ups coincide with emails using the TAF link? Add a s_src or s_subsrc to that link with the recipient's consid. Maybe you can identify a common source in your list for all these.

Brian Mucha

How would you be able to tell what IP block they're coming from? Is it possible to query on that?

I don't think we can, but support can certainly see them.

Sydney Moyer

Brian Mucha:

How would you be able to tell what IP block they're coming from? Is it possible to query on that?

I don't think we can, but support can certainly see them.

 

Good to know, thanks!

Sydney Moyer

Brian Mucha:

It looks like many of the signups originated from the "Forward" link in our emails, which links to this forward/signup page, if that makes any difference: http://action.clf.org/site/TellAFriend?msgId=18129.0&devId=53713

Do these sign-ups coincide with emails using the TAF link? Add a s_src or s_subsrc to that link with the recipient's consid. Maybe you can identify a common source in your list for all these.

 

They do correspond to the TAF link, so we ended up just removing the page altogether.

Jeanne McCabe

Sydney Moyer:

Brian Mucha:

It looks like many of the signups originated from the "Forward" link in our emails, which links to this forward/signup page, if that makes any difference: http://action.clf.org/site/TellAFriend?msgId=18129.0&devId=53713

Do these sign-ups coincide with emails using the TAF link? Add a s_src or s_subsrc to that link with the recipient's consid. Maybe you can identify a common source in your list for all these.

 

They do correspond to the TAF link, so we ended up just removing the page altogether.

 

How can one search the Constituents list in Luminate to find @*.ru email addresses? The wildcard character search doesn't seem to work in Constituent360. 


Thanks

Jeanne



 

Jeremy Reynolds

Jeanne McCabe:


How can one search the Constituents list in Luminate to find @*.ru email addresses? The wildcard character search doesn't seem to work in Constituent360. 


Thanks

Jeanne

 

Percent sign is LO's wildcard (probably because that's what SQL uses). Try searching for %.ru instead.

Sydney Moyer

Jeanne McCabe:

Sydney Moyer:

Brian Mucha:

It looks like many of the signups originated from the "Forward" link in our emails, which links to this forward/signup page, if that makes any difference: http://action.clf.org/site/TellAFriend?msgId=18129.0&devId=53713

Do these sign-ups coincide with emails using the TAF link? Add a s_src or s_subsrc to that link with the recipient's consid. Maybe you can identify a common source in your list for all these.

 

They do correspond to the TAF link, so we ended up just removing the page altogether.

 

How can one search the Constituents list in Luminate to find @*.ru email addresses? The wildcard character search doesn't seem to work in Constituent360. 


Thanks

Jeanne



 

 

I also took a look at some of the individual records and noticed that in our case, all of the junky signups seemed to be coming from the Tell-a-friend page, so I set up my query based on that, because we also had some junky addresses from Gmail and other clients besides Russia.

Philip Nawrocki

This is life-changing Jeremy!!!