Have you noticed a surge in suspicious email addresses? 

This could look like gibberish, or maybe just a surge in sign-ups with no explanation. Or perhaps you’re seeing an unusual amount of unconfirmed or complaining Subscribers, or even a drop in open rates. These things might mean that you're experiencing a Listbomb. 

But don’t worry! We’re here to help and you can fix this. 

What is a Listbomb?

But first, what is a listbomb anyway? Well it’s pretty simple. A listbomb is when a bot (or a person!) signs up email addresses to Forms or Landing Pages without the Subscribers' permission. (It’s actually really common.)

There are bots crawling all over the internet looking for Forms to fill out. When they find one, they fill it in with whatever list or information they’ve been programmed to use. It could be a lot of unexplainable email addresses, or legitimate ones scraped from elsewhere on the internet, or even purchased as a list. 

So why is it a problem? 

Sending to a lot of email addresses that didn’t request your content is a recipe for deliverability problems. Open rates will plummet, complaint rates will spike, and this can hurt your overall reputation and deliverability with email providers. That means those folks who want to read your emails, may have a harder time doing so. 

How do I know if I’m being listbombed?

So how do you know if you’re being listbombed? There are a couple of indicators. First, we might tell you! 

We monitor things like bounce rates, complaint rates, and unsubscribe rates. When we see something spike in the wrong direction, we can investigate,  and if we see signs that you’re being or have been listbombed, we’ll reach out. Together we'll mitigate any damage and protect your account! 

Another easy way to spot a listbomb is by looking at recent sign-ups. If you see a surge in sign-ups from the same domain, pay attention. This doesn't mean a new group of 10 new Subscribers. We're talking about domains you may have never seen on your list before, or those that appear to be gibberish. 

What does a false opt-in look like? 

First, addresses like 12345@gmail.com or sdkoren85459842@yahoo.com are red flags. 

If you collect the names of your Subscribers on your Form, the information that’s submitted into that field can also be a good indicator if bots are present. Watch out for names that are just a string of letters and/or numbers, part of the email address itself (like a copy/paste of everything before the @ symbol), or the same name being used for multiple email addresses.

What do I do if this happens to me? 

If you’re being listbombed, the first thing to do is prevent more bot signups. Immediately turn on Double Opt-in on all of your Forms and Landing Pages, and make sure that ‘Auto-confirm Subscribers’ is unchecked. 

Your next step is to get those bad addresses off your list before they cause more damage. If the addresses all look the same, (like those gibberish or strange domains we talked about), you may be able to just select them and use a Bulk Action to delete them. 

If you can’t identify all the bad addresses on sight (or even if you can!) you should run a re-engagment campaign that asks Subscribers to confirm if they want to be on your list. Then, at the end of the campaign, delete anyone who doesn’t re-opt in. 

If you’re certain of the timeframe that the listbomb was happening, you can target Subscribers who signed up during that time period. But in general, a clean list is a healthy list, so it’s not a bad idea to use your entire list. 

How can I prevent listbombing? 

The number one way to protect your account from listbombing is to take care of your Forms. Use Double Opt-In on all Forms and Landing Pages, and if possible, use ReCaptcha too. It’s that simple! With a Double Opt-In, bots might still sign up, but they will remain unconfirmed which minimizes damage to your sending reputation and deliverability. 

Complete Guide to ConvertKit Forms 

Did this answer your question?