Lightbox form versus regular sign up form for Spam prevention

  • 0
  • 1
  • Question
  • Updated 2 years ago
Our Emma account has a lightbox form with reCAPTCHA enabled, however Emma won't let this be our only sign up form. When we try to send out emails to our group it says we must select a sign up form and it won't acknowledge the lightbox one as existing. We are then forced to create another signup without reCAPTCHA and we are getting spam bot signups, at least 20 of them every single week. Is there a fix for this? Is it possible to use the lightbox form as the default form when sending out group emails?
Photo of First Unitarian Portland

First Unitarian Portland

  • 10 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 0
  • 1
Photo of Heather Sturm

Heather Sturm, Integrations Support Specialist

  • 99 Posts
  • 3 Reply Likes

Thank you for reaching out! Recently, there has been an internet-wide uptick in the abuse of open email signup forms. This type of abuse results in email addresses being added to a sender’s list without either the sender’s or the recipient’s knowledge. Forms that are not secured are vulnerable to this type of attack and, if left unaltered, can damage a sender’s reputation.

After taking a look at your account, I'm able to provide some helpful information.

First, Emma does indeed require that you have a classic sign-up form attached to your mailing. We are unable to utilize the Lightbox for this. Rest assured though, our classic forms have security embedded into them to prevent bot signups.

That being said, I looked closer at your account and your website and I have determined that your bot signups are not a result of the Emma Classic Signup form. I created a segment called "00 Classic Form Signups" to try and locate those that had used the classic signup, and that segment turned out zero members. Similarly, I created a segment called "00 Bot Signups" to uncover the bot emails, and this one turned up about 250 members.

I've identified a WordPress form on your website that is being used to collect addresses. Our engineering team has identified a vulnerability in that form, and has reached out to WordPress developers with solutions to fix the vulnerabilities. WordPress is working on making these changes and we will be sure to update you once they are finished. In the meantime, we highly recommend removing the WordPress signup from to stop bots from entering your account. 

I can see that you have an Emma Lightbox form created in your account, but it does not appear to be active on your site. The Lightbox is the most secure option for you at this time, so I'd suggest activating that on your site and removing the WordPress sign up. This should alleviate the bot signups moving forward!

Please let us know if there's anything else we can do to help along the way!