Just a few days ago there was a post in the Nothing Held Back Facebook group about bots attacking someones forms...
"Have massive bot attacks hitting our forms and costing us money with GHL"
Some of the solutions I was posting they had already tried. Those solutions were:
Honeypots - hidden fields on optin forms
Captchas
Using Cloudflare bot protection features
But apparently, they had tried these and they failed. I'm a little suspicious of that, but I wanted to know more. So I did what every other curious person would do...created my own bots to overwhelm my optin forms to see what would happen.
Well, holy shit...
Much to my surprise, there was a particular form that was vulnerable. It allowed any address to be filled in even though there was a third party checking the validity of that address. Those addresses were definitely fictitious, but the service still allowed them to come through. There was no captcha on the page, no rate limiting of any sort, but did have Cloudflare's bot fight mode enabled.
Worst yet it increased my hard bounce rate to a whopping 9.9%. That's definitely bad, but the domains were not real domains in my case, so I'm safe.
While Bot fight mode does prevent a lot of activity...see screenshot below
It doesn't always catch them in every situation, as in my case. I was doing the attack from my local machine using several different Python scripts. One of those in action looks like this...
I used 2captcha to bypass the captcha on the page. So let this be a lesson that while captchas help it doesn't always prevent the bot from submitting the data.
So what can you do? Here's the multistep approach:
- Move your domain to Cloudflare and turn on bot fight mode.
- Enable Rate Limiting Rules.
- Enable Captchas
- Consider implementing Turnstile.
- Use Honeypots on your forms coupled with conditional logic to disqualify leads. I use two different ones.
So be aware that you should do something about it as soon as possible.
If you don't have these in place then you are at risk for your email domain being ruined. At the very least it would cause some major stress for the business while they worked with the ESP to identify what caused it as proof to allow emails to be sent again.
***
Let’s Work Together
If you're dealing with email deliverability issues, losing sales due to emails not reaching customers, or just want to improve your engagement, fill out this quick form. It takes less than 2 minutes, and I’ll get back to you with the best next steps.
➡️ Start Here: Get My Email Fix Started
Email me: [email protected]
Join my newsletter: https://inboxready.funneltechie.com
Book a Discovery Call: funneltechie.com/schedule
Let’s get your emails reaching the right people - because if they don’t see it, they can’t act on it.
