How our new CAPTCHA will help you
In September 2016 we released several new industry-leading form security measures, including an after-opt-in CAPTCHA feature. Most of you won’t notice this at all, but you might come across this when you test forms on your website. In this case, you will see the ‘I’m not a Robot’ screen after hitting subscribe. This might look alarming at first, but this is our new CAPTCHA feature doing its magic.
What is a CAPTCHA?
A CAPTCHA is basically a way for us to verify that people subscribing to your list are actual humans - and not bots crawling the internet trying to add real (and fake!) people to your list. It’s a system designed to keep your lists full of actual subscribers who want to hear what you have to teach.
To dive into this more we first need to explain why we’re using CAPTCHA:
A few weeks back, there was a dramatic increase in a specific type of spam attack called "subscription bombing". In brief, it works like this:
A bot grabs hold of an email address (an innocent one like firstname.lastname@example.org) and launches an attack on it specifically by subscribing it to as many subscription lists as possible. The victims here are then plagued by an onslaught of hundreds or thousands of emails into their inbox at a rate they can’t unsubscribe from fast enough.
The kicker here is that since the mailing lists are legitimate with good open rates and user engagement, these messages won’t get routed to the spam folder. Like other kinds of mail, they get dropped right where you’d want them if you’d intentionally signed up for that list.
This practice has unfortunately gone on for some time, across all email providers. Spamhaus, an international non-profit that is considered the authority in spam issues, recently cracked down on this. They strongly encouraged all email marketing providers put measures in place to stop subscription bombing.
Cue the CAPTCHA. This will help us make sure that only humans can subscribe to your list.
For your subscribers, the effects are pretty minimal. Based on the algorithms we use to determine when to display it, most of them will never see the CAPTCHA at all. They’ll go through the process just like they always have, with no inhibitions. A normal subscriber looks nothing like a robot to our system.
In short, what can CAPTCHA do for you?
- Improve the deliverability of your broadcasts
- Lowers your spam complaints
- Improves your open and click rate - the actual people on your list want to read what you have to say.
- Improve the interaction with your list - people want to be on your list and remember opting in
- Ensures the people on your list opted in themselves - and not are forced on your list by a bot
What the CAPTCHA does for ConvertKit
- It helps us to keep our deliverability excellent across all customers
- Keeps our sending IPs from being blocked by Spamhaus and other blacklists
CAPTCHA is just one small piece of the puzzle.
Of course, being ConvertKit, we couldn't do anything halfway. CAPTCHA is one of several form security measures we've put in place to address subscription bombing. We've gone above and beyond what Spamhaus has asked us to do, and what our competitors are doing because we are committed to providing you with the best deliverability in the industry. To do that, we are doing everything in our power to stop spammers.
Why am I seeing the ‘I’m not a robot screen’?
This is likely because you’re testing your forms and tried to subscribe to a ConvertKit form several times. Our system is trying to make sure you’re human and a regular subscriber, as subscribing multiple times is abnormal behavior. It’s just to make sure your list is still safe and filled with real people.
Do all my subscribers see this?
No! A lot of your subscribers won’t notice this at all. It’s only when they try to subscribe to your form several times within a short period of time that this will show up for them.
Why do I need a CAPTCHA?
We want to make sure you email people who want to be on your list. And we want to make sure all the emails you send are landing in your subscribers’ inboxes. In order to do this, we need to use the CAPTCHA to prevent cases of list bombing.
Can you turn the CAPTCHA off for me?
No sorry, we can’t do this. It’s an important and one of several industry-leading security measures in place. We need to keep this active for everyone to ensure our deliverability (and yours!) stays high.
Does this have any impact on my integrations?
It might do in some cases, though there is generally a fix. We currently have known connection issues with PopupAlly Pro, Contact Form 7, and the Leadpages Standard Builder.
- If you are using LeadPages Standard Builder, make sure you have reconnected your page with ConvertKit, as the process has changed.
- If you are using PopupAlly Pro or Contact Form 7, please send in a ticket. We are working with their teams to resolve this, and we can keep you updated as this is resolved!