Company Blog Support
Rochelle Yoshida


    Back to Top

    List Bombing


    About List Bombing

    Since late April 2017, it's been the new cool thing for hackers to attack email service providers by automating submissions to our forms, resulting in hundreds of thousands of bogus contacts being added across many accounts.

    This is called List Bombing, and the supposed goal is to hurt email deliverability by making us all send emails to bad addresses. It's not a very friendly thing to do.

    It behooves us all to remove those names from our lists as much as possible. Of course, the bad guys tried hard to blend in, and they seem to be a pretty sophisticated bunch. Cloaks of Invisibility, the whole shebang. That has made it pretty challenging to separate wheat from chaff, as it were.

    We have taken several measures to block future bogus additions to your list, and we have now largely (though not completely) stemmed the tide.

    HOWEVER, it's not super-easy for us to figure out which of your existing contacts are good or bad. While there are certain 'markets' we've discovered, we can't always be 100% sure. so, we're going to need your help.

    There's two things you can do.  

    What You Can Do
    1. Use ONTRAforms/ONTRApage form blocks (e.g. Javascript-based forms)

      Wherever possible, use our ONTRAforms or ONTRApage form blocks.

      If you use Legacy Smart Forms, avoid using the HTML version - they’re much more prone to list bombing. Instead, use the Javascript snippet, lightbox or iframe-based versions instead.

      If you must use Legacy Smart Form HTML versions, add captcha when possible. If you're using an integration that requires you to use the Legacy Smart Form HTML version, enable captcha or bot prevention in that app. 

    2. Review your contacts. 

      Our engineers have identified four groups of contacts that may or may not be in your account, and they've automatically created these groups for you. If you don't see these Group names, that means your account is in the clear. 

      If you see these groups in your account, here's what they mean.

      1. Group name: OP Engineering says: Bad Contact - Contacts we KNOW are bad and they’ve have been opted out from bulk mail. You can confidently delete these contacts. We'll automatically delete these for you in a week or two. 

      2. Group name: OP Engineering says: Contact Unverified - Contacts we can’t confirm are bad. They most likely came from Legacy Smart Forms using the HTML version (or similar integration) or because Javascript wasn’t enabled in the contact’s web browser. These contacts have NOT been opted out.

      3. Group name: OP Engineering says: Suspect Email - Contacts we suspect are bad because the email addresses in these contacts exist on known spam lists. They have NOT been opted out because we're not 100% sure so we want you to make the call on whether to delete or not. We suggest deleting these contacts.

      4. Group name: OP Engineering says: Suspect IP Address - Contacts we suspect are bad because the IP addresses in these contacts are known as suspicious due to past IP's used in list bombing attacks. They have NOT been opted out because we're not 100% sure so we want you to make the call on whether to delete or not. You're going to have to make the call here.

      We will continue adding contacts to these groups if more contacts are found to fit these criteria.



    Articles in this section

    Created - Updated
    Have more questions? Submit a request


    Powered by Zendesk