Spamhaus Listbombing & What You Can Do
A recent article at Marketing Land presents the case of recent email list attacks, or “list bombings,” in which a large bulk of email addresses were signed up to emails lists by unknown hackers.
These addresses, whose true owners never intended to sign up to these lists, generated a high number of complaints which in turned caused Spamhaus to block many of these ESPs IP addresses.
Marketing Land has some best practice suggestions that we agree are essential basic elements to every email marketing program that will help keep your list in good standing.
Double Opt-In and CAPTCHA
On your signup page, make sure you're using CAPTCHA authentication. This will help with preventing malicious bots and scripts from signing up an email address.
Once an email address signs up on your site use a double opt-in process to send a confirmation email and link so the user can confirm they truly wish to be added to your email list.
Take this opportunity to try to get to know your new signup after you've confirmed their address by providing a link to preference options or profile settings in the confirmation page.
You may choose to send a reminder if the initial confirmation email is not opened, however, keep in mind that the more unsolicited messages a user receives without opening, the more likely they will be grouped with spam messages. It is not recommended to send more than one reminder email, if at all.
If an email address does not respond to your initial confirmation email and/or reminder make sure to suppress them from any future messages, but keep the option for them to be able to sign up in the future. Signing up this time around could have been an error or the result of a list attack, but the owner of the email address may wish to subscribe down the line.
Finally, make sure you're monitoring your subscription lists' origins and domains. At Savicom we provide a Recipient Activity tool where you can monitor your recipient subscribes, unsubscribes, and complaint activity. Look for surges in subscribed addresses and when those occurred. While you're here, look for trends in unsubscribed and complaints to see how these correlate to your message history.
Dive deeper into the details. Whether you notice a surge in subscriptions or not, check to see where the bulk of these addresses are coming from. Savicom's tools allow you to view what date and time addresses were added, the method (website or manual addition), the source IP address, as well as the ability to select for key domains, such as government, military, or educational email addresses, that may be the target of list bomb attacks.
If the data for any of these categories seem unusual, such as bulk additions made at the same time from the same IP addresses, or bulk additions of high target email domains, you will want to isolate these addresses and investigate further.