In September 2016 we released several new industry-leading Form security measures, including an after-opt-in CAPTCHA feature. Most of you won’t notice this at all, but you might come across this when you test Forms on your website.
In this case, you will see the ‘I’m not a Robot’ screen after hitting Subscribe. This might look alarming at first, but just know that this is our new CAPTCHA feature working its magic!
What is a CAPTCHA?
A CAPTCHA is basically a way for us to verify that people subscribing to your list are actual humans - and not bots crawling the internet trying to add real (and fake!) people to your list. It’s a system designed to keep your lists full of actual Subscribers who want to hear what you have to teach!
To dive into this more we first need to explain why we’re using CAPTCHA:
Recently, there was a dramatic increase in a specific type of spam attack, called "subscription bombing". In brief, it works like this:
A bot grabs ahold of an email address (an innocent one like firstname.lastname@example.org) and launches an attack on it specifically by subscribing it to as many subscription lists as possible. The victims here are then plagued by an onslaught of hundreds, or even thousands, of emails into their inbox at a rate they can’t unsubscribe from fast enough.
The kicker here is that since the mailing lists are legitimate with good open rates and user engagement, these messages won’t get routed to the spam folder. Like other kinds of mail, they get dropped right where you’d want them if you’d intentionally signed up for that list.
This practice has unfortunately gone on for some time, across all email providers. Spamhaus, an international non-profit that is considered the authority in spam issues, recently cracked down on this behavior. They strongly encouraged all email marketing providers to put measures in place to stop subscription bombing.
Cue the CAPTCHA.
This will help us make sure that only humans can subscribe to your list.
For your Subscribers, the effects are pretty minimal. Based on the algorithms we use to determine when to display it, most of them will never see the CAPTCHA at all. They’ll go through the process just like they always have, with no inhibitions. A normal Subscriber looks nothing like a robot to our system.
In short, what can CAPTCHA do for you?
- Improve the deliverability of your broadcasts
- Lower your spam complaints
- Improves your open and click rate - the actual people on your list who want to read what you have to say.
- Improve the interaction with your list
- Ensures that the Subscribers on your list opted in themselves - and were not forced on your list by a bot
What the CAPTCHA does for ConvertKit
- It helps us to keep our deliverability excellent across all customers
- Keeps our sending IPs from being blocked by Spamhaus and other blocklists
CAPTCHA is just one small piece of the puzzle.
Of course, being ConvertKit, we couldn't do anything halfway. CAPTCHA is one of several Form security measures we've put in place to address subscription bombing. We've gone above and beyond what Spamhaus has asked us to do, and what our competitors are doing because we are committed to providing you with the best deliverability in the industry. To do that, we are doing everything in our power to stop spammers.
Why am I seeing the ‘I’m not a robot screen’?
This is likely because you’re testing your Forms and tried to subscribe to a ConvertKit Form several times. Our system is trying to make sure you’re human and a regular Subscriber, as subscribing multiple times is abnormal behavior.
Do all my Subscribers see this?
No! A lot of your Subscribers won’t notice this at all. It’s only when they try to subscribe to your Form several times, within a short period of time, that this will then show up for them.
Why do I need a CAPTCHA?
We want to make sure you email people who want to be on your list. (Not to mention landing in your Subscribers’ inboxes!) In order to do this, we need to use the CAPTCHA to prevent cases of list bombing.
Can you turn the CAPTCHA off for me?
This is not something we can do. It’s very important, and one of several industry-leading security measures in place. We need to keep this active for everyone to ensure our deliverability (and yours!) stays high.
Does this have any impact on my integrations?
In some cases this is a possibility, though there is generally a fix. We currently have known connection issues with PopupAlly Pro, Contact Form 7, and the Leadpages Standard Builder.
- If you are using LeadPages Standard Builder, make sure you have reconnected your page with ConvertKit, as the process has changed.
- If you are using PopupAlly Pro or Contact Form 7, please send in a ticket. We are working with their teams to resolve this, and we can keep you updated as this is resolved!