How to protect your mailing list from spam bots

You finally set up your reader newsletter, and people start signing up. Yay!

But then you notice that you’re getting a ton of subscribers with email addresses like abcde12345@gmail.com or ch.a.r.l.o.t.t.e.w.a.t.k.i.n.s@gmail.com.

You might have fallen victim to spam bots.

Why spam signups are a problem

You might wonder, “What’s the harm? It’s just a few fake email addresses.”

But unfortunately, spam signups aren’t just annoying. They can hurt your newsletter over time in three major ways:

• They cost you money: Most newsletter providers charge you by the number of subscribers or number of emails you send out, which means you pay for each fake email instead of paying for actual readers who are buying your books.
• They hurt your sender reputation and deliverability: If you send your newsletter to a lot of fake email addresses, your emails will bounce. Email providers see high bounce rates as a sign that you are a spammer, so they’ll redirect your emails to the spam folder instead of your readers’ inboxes.
• They mess up your stats: If you have a lot of bot subscribers, they distort your open rate and your click-through rate and make it impossible to tell if your email campaigns are actually working.

How to spot spam signups

Spam signups rarely show up as one obviously fake email address. Pay attention to strange patterns and surges that appear unusual.

Common red flags include:

• You get a surge of subscribers with heavily dotted email addresses like j.a.n.e.d.o.e@gmail.com, j.o.h.n.s.m.i.t.h.3.6.1@gmail.com, etc.
• You get several subscribers with similar addresses within a very short time span, e.g., j.a.n.e.d.o.e@gmail.com, j.ane.d.o.e@gmail.com, j.a.n.e.doe@gmail.com.
• You suddenly get a lot of signups from corporate email addresses instead of personal ones, e.g., info@transportationsystems.com or contact@zero-degree.com.
• You suddenly get a lot of signups from domains that you don’t usually get a lot of subscribers from, e.g., 20 new subscribers with a .ru email address.
• You get several signups from email addresses consisting of random numbers or letters, e.g., igpuxvjp@gmail.com or 1796471964@qq.com.

Important caveat: None of these potential red flags by themselves means an email address is for sure a bot. For example, dotted emails can belong to real subscribers. Some people use them to track if someone sold their email to spammers or to filter their emails. And, of course, it’s completely normal to get a few subscribers signing up with company email addresses or foreign domain emails.

So do not judge a single email in isolation. What you need to keep an eye on isn’t individual addresses; it’s unusual patterns and sudden surges that occur within hours or even minutes. They are usually a sign of automated bot activity rather than genuine subscribers.

How to protect your mailing list from spam bots without scaring off real readers

Luckily, there are relatively easy steps to protect your newsletter from spam signups:

• Turn on double opt-in. That means that everyone signing up for your newsletter gets an email with a confirmation link. Only if they click that link are they actually subscribed to your newsletter. Some advanced spam bots will click the confirmation link, but most bots don’t, so having double opt-in will drastically reduce the number of bot subscribers. Yes, turning on double opt-in might slightly reduce the number of readers who sign up to your newsletter, but it will be a higher-quality list. If a reader doesn’t click the link in your confirmation email, they aren’t very likely to click any other link either.
• Use honeypots on the signup forms on your websites. These are fields that are invisible to human subscribers, so they won’t fill them out. But bots will detect and automatically fill them out. If those fields are filled out, the form will know it’s a bot and will reject them.
• Use reCAPTCHA on your sign-up forms. It’s an effective way to avoid spam signups, but personally, I find them annoying, so I don’t use them. There are, however, less annoying versions such as a simple “I’m not a robot” checkbox or an invisible reCAPTCHA. If you are still struggling with potential spam signups after turning on double opt-in, it might be worth checking out these options.
• Clean your mailing list: Regularly clean your list and remove inactive subscribers (after sending them a reengagement email).
• Monitor your subscribers for patterns like the ones I described above.

Spam bots are frustrating, especially for authors who just want to focus on writing their next book, but with a few simple steps, you should be able to keep your mailing list healthy and bot-free.