Turning on opt in confirmation won’t prevent the bots from submitting your form, but it will prevent them from being added to your list.
To remove the unconfirmed contacts, filter your contact list by Status > Unconfirmed and then select Delete.
To prevent the bots from submitting your form, you’d want to add a Recaptcha field to it.
Since your site been targeted by nasty bot. I’m wondering if you can use sucuri’s website firewall to deny access from ‘nasty’ bots… it’s $9.9/mo but you can have ease of mind… https://sucuri.net/website-firewall/signup
*) i’m a sucuri customer, but i’m not their employee…
Brian,
Thanks for the reply. All of these spam emails have been confirmed even after I have added the double optin.
I have tested the form several times and it is working correctly in my tests.
Any idea what to do now?
I would add a captcha form, but I’m using optimize press and that is not supported with their opt in boxes.
I’m afraid that I have no explanation for how a bot could get around double opt-in confirmation.
Would you mind opening up a ticket so that our support and technical team can investigate what is happening?
I finally got someone on live chat yesterday and was determined to solve the issue no matter what. We did it. I turned every optin into a double opt in and yet they were still coming. So we reset the API key and all good, no more spam!
Thanks for the update, Jena.
@bettersax Support will be able to help you with reseting your API key. It sounds like that’s the missing piece for you.
Brian,
I have opened up a ticket, and been in touch with support, but they are telling me that resetting the api won’t solve the problem.
I’m still getting about 50 spam emails a day on my double optin form, and this has to stop.
Can you suggest another solution for me?
I’m still waiting on support to get back to me.
Hi Jason,
Let me do a little more investigating behind the scenes here and get back to you later today. I’ll talk to everyone familiar with the issue and find a solution. I’m wondering if there is a way to identify these bot addresses and remove them with an automation.
When you do, Brian, let me know. Because I’ve been waiting for a solution for this crisis for 8 months and have been in contact with various people at AC and nothing’s happened.
I
Definitely, Rob.
Worst case, it may be a matter of looking for unengaged contacts and doing some automated list pruning. But, I’m hopeful there is another way to distinguish these fake contacts from real contacts.
I’d try anything because right now I have no idea about list numbers, open rates or click through rates. And the bots are easy to spot with the naked eye: siefuhwe484r8.dkdie@gmail.com, for example
I just met with a developer and we’ve got something in the works we believe will solve this issue. I’ll update you when I have more information but we’re confident at this point we can resolve this for you.
So I’ve figured out a way to temporarily stop some of my bots.
I get about 50 a day that have a name that is a series of numbers and letters that all start with 583 like:
583e9b02af56d
I added a condition to my automation for this optin form that separates contacts whose name contains 583. They are tagged as bots and then unsubscribed before they are ever sent an email.
I expect the numbers to change soon enough though so this solution is only temporary, and doesn’t apply to bots that use more normal made up names.
Good to here, they just got to one of my client accounts 
And I just had a client account LOCKED DOWN due to the spam bots. Now he can’t send out any emails and even with changing the API they are still coming in
Does he have a captcha on his form? Adding one will help.
He has three access points, one ActiveCampaign form and 2 simple OptimizePress optin boxes. These are doing great for bringing in clients, as in 3x more business in October than any other month when typically October sees a 300% decrease in clients due to the holidays.
Is there a way to automate complete deletion of a contact? I have them being separated off by first name (the numbers being used) but would like to automatically delete them
@branddotblog I’m looping in one of our deliverability experts, Alex Burch. He’s familiar with this issue and will be able to give you some more concrete suggestions on how to resolve this. He’ll be replying at some point today.
We’ve already been in touch. He’s reopened up the account for now.
Right this moment I have adjusted the automation list they are being added to in ActiveCampaign to separate the bots my name (they all include the same first 3 numbers in sequence and even added the next three numbers) so they receive zero emails and have them pooled for easy deletion.
My client is a bankruptcy attorney so I am sure these very real addresses do not appreciate being told they are having financial troubles
@branddotblog The rise of bots has been an increasing problem for all email providers. Malicious actors sign up addresses to thousands of forms, and then the recipient inboxes receive an overload of mail and are rendered useless.
Our development team is working on some techniques to identify bots at the moment, but there are 3 things you can do right now:
It sounds like you are pursuing option #2. Unfortunately we don’t have an auto-delete option, but you could certainly use our “Unsubscribe from All Lists” automation action. The automation would be very simple to setup: just add a hidden field, trigger the automation when this field changes, and then unsubscribe from all lists. The automation would look like this: http://screen.ac/0i0c453r012Z