How to identify spambots and kill them like the cockroaches they are

Recently the Infusionsoft community was disrupted by a spambot attack that put every single Infusionsoft user at risk of not having their emails delivered to their customers, to their prospects, or to any of the contacts in their database for that matter.

One of the benefits of using a hosted email provider such as Infusionsoft is that there should in theory be an increase in email deliverability. By email deliverability I mean – your emails get to the inboxes of your contacts. Guaranteed.

Remember the good ole’ days when the mailman had his route to hand deliver your mail to your mailbox. Wasn’t that much more direct? The post office had a saying:


That’s kind of like what we’re saying about email deliverability. No matter what, if you use our service we are going to make sure we have the right equipment and the right people to get the job done.

There are times when there is a disruption in service. Those times are usually under extreme circumstances such as natural disasters such as floods or fires. For example this past weekend, there was a an internet flood.

What happened was this

Over the last few months (or years) spambots have been quietly exploiting a vulnerability in the Infusionsoft webforms. They did not come in masses of thousands or tens of thousands – because that is something we would have noticed. They also did not come dressed as spambots – they made sure to cover their tracks by slipping into our databases quietly in small groups of 20-30 always making sure to have a few real and legitimate contacts with them so as not to be noticed.

spam-bot2These spam bots were actually quite smart – though not that smart as we will see in a moment.

These spam bots didn’t just enter through the front door of an Infusionsoft web form – they also made sure they got into the daily operations of top Internet Marketers by automatically clicking and confirming the email addresses used.

What that means is that even when you as the Infusionsoft user is doing everything you can do to prevent sending out emails to spambots by requiring all of your contacts to double opt-in – all of your efforts are undermined with the wicked plot of the spambots.

How were these spambots identified you ask? Well, in this case they all came in on the same IP address – making it drop dead easy to identify them. (Amateur hour move spambots!)

Which leads us to this. What can you, an ethical Internet Marketer, do to identify and kill the spambots like the cockroaches they are?

How to Identify Spambots

If your site normally gets less than a hundred opt-ins a month, the process can be quite simple. You can use custom notifications from Infusionsoft to be notified every time someone opts-in to one of your forms.


Set up a special filter for these notifications in your email inbox and each day check how many come in. Spot check them for spammy looking email addresses. The whole process should take a few minutes a day. Not ideal – but easy to implement and low cost for most business owners.

If your site normally gets a few hundred to up to a thousand opt-ins a month, the process is more difficult to identify. You will want to set-up checks to monitor:

  • Spikes in Confirmation Rates
  • Spikes in Links Clicked in Emails
  • Decrease in Conversion Rate of your Email Marketing Funnel

Measuring spikes in confirmation rates or links clicked is quite easy to do with tools such as Graphly.

You can use the automation links to apply a tag anytime someone confirms their email and set-up a report in Graphly to measure how many contacts get the tag applied over time.


Measuring a decrease in conversion rate is a little more difficult if you are not already measuring the conversion rate of your email marketing funnels! (We will save how to set up that tracking for another day!)

Suffice it to say, if you have a decrease in conversion rate, one of the first things to check is the source of your traffic.  Export all of the contacts that entered your email marketing funnel over the time period of the drop and look at the emails. You should see a pattern. You should be able to quickly identify contacts that you suspect are spambots. Once you do this, you can check their history on their individual contact records to confirm your suspicions.  If you are applying link clicked tags on all of the links in your emails (which you should be doing), you should quickly see that these contacts not only opened every single email, they also clicked on every single email. Jackpot!

Once you have verified that several of the emails are actually spambots you will notice patterns. You will see that they have a common domain in common. They might all be opting into the same webform. They might all be opting in a few minutes apart from each other.

This does take work – but there is not an easy way around it that I know of.

Once you have identified the spambots you can safely delete them from your Infusionsoft app. Use the domain blocking functionality of Infusionsoft to block any obvious domains.


How to Close the Door to Spambots

Now that you know how to identify the spambots – the next question is – but HOW can I stop them from ever entering in, in the first place?

I have found that by implementing two steps, the spambot issue is greatly reduced.

The first is by installing Cloudflare on your site.

  • Enable the Web Application Firewall


The second is by installing the Wordfence plug-in.

  • Use Rate Limiting Rules to throttle or block excess pageviews


Since I installed both of these on my sites I have not had any issues with spambots. (Not to say that I never will or this is the permanent fix!)

Another option (though not a reasonable option for most) is to create custom opt-in forms that add the contact info to the Infusionsoft database via the API and bypass the Infusionsoft webforms.

One of the reasons this issue happened in the first place was due to a vulnerability in the Infusionsoft webforms – a vulnerability they have tightened up by blocking the offending IP so that no spambots can enter through that IP again.  This is great and exactly what should have happened but it will only be so long before the spambots find another door to enter.

Do you have questions on how to implement? Want help installing and configuring Cloudflare or Wordfence? Would you like my team to audit your app or set up a system so you can monitor your app to prevent this from happening to you? Please click here to schedule a free strategy session