This post is in support of a proposed feature in ticket 25028870 raised with Customer Account Review Team. It is a duplicate for: https://community.constantcontact.com/t5/Need-help-with-something-else/SPAM-Signups-even-with-reCAPTCHA-A/m-p/302345 =====PROBLEM DESCRIPTION===== Setting up a new website with a Constant Contact Form for registering your email address to a mailing list, we started getting fake emails from bots within 5 minutes of the site going live and saw 15 overnight. For example: email@example.com Johnette-Rignall@streamarticles.com Christian.Saywell542@magic.freog.com Johnette-Rignall@streamarticles.com Johnette-Rignall@streamarticles.com Percy_Shockey@cloud.frequiry.com Millard-Brand619@sites.opbeingop.com Holly.Strzelecki909@sites.opbeingop.com Kevin_Wicker@next.relucius.com ohnette-Rignall@streamarticles.com Lenard.Price139@magic.freog.com firstname.lastname@example.org email@example.com Johnette-Rignall@streamarticles.com Note duplicates, use of subdomains and unusual TLD such as .network or foreign TLDs. These emails were compiled from an automated email sent from Wordpress which is what displays the sign-up form. Note that typically these email addresses are often found by Constant Contact later on and cleaned off, however, they are still able to sign up successfully. The page is protected with reCaptcha v2 so we believe that these are actually human verified and are used in the hope of harvesting email addresses on mailing lists. I'm not sure what other reason spammers would have for doing this. ======FEATURE REQUEST===== The solution would be to use a content filter or content filter and RBL to do a synchronous lookup of multiple attributes related to the signup, such as browser IP address, email address and domain to assess spamminess. From that, the signup could either be blocked with an error message, or blocked with a success error message. A third-party service could quickly act as a best-effort Policy Decision Point on the sign-up to prevent this - Cloudmark Insight API would be an example of a service which would do this, or Constant Contact may already have their own intelligence to check against, such as IP RBLs or suspect domains. The workaround put in place to solve this just now is verification email, however, this is an extra step for users, which I feel is unnecessary for the user and causes signup fallout. Please could this be considered for a future release?
... View more
Can someone please explain why we can't just have an email address to raise issues to? I write up details on a problem I'm having with the service and have a suggestion on a product improvement to try and resolve it. I contact chat and can't put the details in to the chat, can't escalate it. Chat person says there is absolutely no email I can send into to give some details on the problem I'm having. Godaddy do the same thing and it really is moving customer service down in terms of quality. I was advised to call into the Account Review Team - 20 minutes on hold so far and even then I can't just send an email in. All I want to be able to do is submit an email to a product manager showing the details of my problem. If the suggestion is to use the community forum to try and resolve this, some details here might be confidential to a customer so I have to redact parts of the write up such as email addresses and website addresses in order to bring this up on a community forum. Is there some way for this posting to be at least forwarded to a product manager / complaint process? Replacing regular email ticketing with chat isn't helpful in a lot of cases when the customer wants to provide evidence like attachments, IP addresses, email headers etc. Rab McNaught
... View more