How our new CAPTCHA will help you

Our CAPTCHA feature for Form Security

Updated over a week ago

In September 2016 we released several new industry-leading Form security measures, including an after-opt-in CAPTCHA feature. Most of you won’t notice this at all, but you might come across it when you test Forms on your website. 

In this case, you will see the ‘I’m not a Robot’ screen after hitting Subscribe. This might look alarming at first, but just know that this is our new CAPTCHA feature working its magic! 

What is a CAPTCHA?

A CAPTCHA is basically a way for us to verify that people subscribing to your list are actual humans - and not bots crawling the internet trying to add real (and fake!) people to your list. It’s a system designed to keep your lists full of actual Subscribers who want to hear what you have to teach! 

To dive into this more we first need to explain why we’re using CAPTCHA:

Recently, there was a dramatic increase in a specific type of spam attack, called "listbombing". In brief, it works like this:

A bot grabs ahold of an email address (an innocent one like [email protected]) and launches an attack on it specifically by subscribing it to as many subscription lists as possible. The victims here are then plagued by an onslaught of hundreds or even thousands of emails to their inbox at a rate they can’t unsubscribe from fast enough.

The kicker here is that since the mailing lists are legitimate with good open rates and user engagement, these messages won’t get routed to the spam folder. Like other kinds of mail, they get dropped right where you’d want them if you’d intentionally signed up for that list.

This practice has unfortunately gone on for some time, across all email providers. Spamhaus, an international non-profit that is considered the authority in spam issues, recently cracked down on this behavior. They strongly encouraged all email marketing providers to put measures in place to stop subscription bombing.

Cue the CAPTCHA. 

This will help us make sure that only humans can subscribe to your list. 

For your Subscribers, the effects are pretty minimal. Based on the algorithms we use to determine when to display it, most of them will never see the CAPTCHA at all. They’ll go through the process just like they always have, with no interruptions. A normal Subscriber looks nothing like a robot to our system.

In short, what can CAPTCHA do for you?

  • Improve the deliverability of your broadcasts

  • Lower your spam complaints

  • Improve your open and click rate—because your list includes only actual people who want to read what you have to say

  • Ensure that the Subscribers on your list opted in themselves, and were not forced onto your list by a bot

What the CAPTCHA does for ConvertKit

  • Helps keep our deliverability excellent across the platform

  • Keeps our sending IPs from being blocked by Spamhaus and other blocklists

CAPTCHA is just one small piece of the puzzle. 

Of course, being ConvertKit, we couldn't do anything halfway. CAPTCHA is one of several Form security measures we've put in place to address subscription bombing. We've gone above and beyond what Spamhaus has asked us to do (and what our competitors are doing) because we are committed to providing you with the best deliverability in the industry. To do that, we are doing everything in our power to stop spammers.


Why am I seeing the "I'm not a robot" screen?

This is likely because you’re testing your Forms and tried to subscribe to a ConvertKit Form several times. Our system is trying to make sure you’re human, because subscribing multiple times is abnormal behavior.

Do all my Subscribers see this?

No! A lot of your Subscribers won’t notice this at all. It’s only when they try to subscribe to your Form several times, within a short period of time, that this will then show up for them.

Why do I need a CAPTCHA?

We want to make sure you email people who want to be on your list. (Not to mention landing in your Subscribers’ inboxes!) In order to do this, we need to use the CAPTCHA to prevent cases of listbombing.

Can you turn the CAPTCHA off for me?

This is not something we can do. It’s very important, and one of several industry-leading security measures in place. We need to keep this active for everyone to ensure our deliverability (and yours!) stays high.

Does this have any impact on my integrations?

In some cases this is a possibility, though there is generally a fix. We currently have known connection issues with PopupAlly Pro, Contact Form 7, and the Leadpages Standard Builder.

  • This is uncommon because LeadPages updated their builder long ago, but if you are using LeadPages Standard Builder, make sure you reconnect your page with ConvertKit, as the process has changed.

  • If you are using PopupAlly Pro or Contact Form 7, please send in a ticket. We are working with their teams to resolve this, and we can keep you updated as this is resolved!

Did this answer your question?