Yesterday afternoon, Copernica disabled file downloads upon the discovery of a security risk by one of our users. The reporting user was able to download random files by manually altering URLs. To prevent abuse, all file downloads were disabled completely on the spot.
Sending spam is bad, we all know that by now. Sometimes, we can send out spam inadvertently, a simple mistake in our lists can be enough to do harm to our reputation.
However, what if someone outside of your company is abusing your lists to flood people's inboxes without you ever knowing about it? This practice known as list bombing has been popping up more and more over time. In short, a bad actor takes an email address they do not like and sign it up to as many mailing lists as possible. This is made possible by unprotected forms, forms that do not have a captcha to prevent automated signups.
A partial solution to this is implementing a Confirmed Opt-In, also known as Double Opt-In. This makes use of a confirmation email to the new email address, to check that it exists and the recipient actually signed up. The issue with this is that if the bad actor signs up to many lists at once, the confirmation emails will be enough to flood their inbox. Therefore, a captcha is an increasingly important addition to your signup form, to prevent such issues.
Some blacklists specifically look at issues related to listbombing, one of those is Spamhaus. Spamhaus detects abused forms and adds a listing for the affected IP address. Depending on the severity of the issue, this listing may have serious effects on your deliverability. We do therefore strongly advise all our customers to protect their forms with a captcha, to prevent these issues as much a possible.
Users of Copernica and CRMs like Magento should have an easy option to add a captcha. Copernica users only need to add a captcha field to their webform. add a captcha field to their webform.
Most CRMs have plenty of options plugins available to allow for captchas. Magento users should pay special attention, as the default form Magento generates does not contain a captcha and is very recognizable for bad actors. We often see Magento forms targeted specifically by listbombers, so be sure to check and protect all your forms!