Have you found invalid email addresses creeping into your list via the subscription page? It could be a sign that malicious bots are attempting to access your site.
Here are some tips for preventing bots from exploiting your subscription form:
Add Captcha to your subscription page. Although not the most elegant solution from a usability perspective, Captcha is effective at blocking most bots.
In many cases, bots will originate from just a few IP addresses located in Russia or China. Track IPs used for adding invalid data, identify those from common IPs and block them at the firewall.
Block Repeat IPs
Bots will often attack a form repeatedly over a short period of time. Block frequent submissions from the same IP address.
Block Email Addresses
Bots sometimes enter the same email address over and over. Block email address that are submitted repeatedly. Don’t include a submission failure message to ensure the bot doesn’t know it is being blocked.
Include a CSS hidden form field with a preset value. Real users won’t see the field or enter any data, where as a bot will. Validate the preset value to block bots.
Sometimes bots insert profane language into forms. Use a third-party profanity filter such as WebPurify (//webpurify.com) to check submissions before they are added to your database.
Take advantage of a third party verification service such as BriteVerify or LeadSpend to verify email addresses in real time.