🤖 Reporter

• Partner Name: ONE
• Partner ID: 823799
• Partner URL: https://apps.shopify.com/partners/onestorehq
• Partner Contact: accounts@one.store
• App Name: AI: Upsell—SMS—Email Marketing
• App ID: 2532403
• App URL: https://apps.shopify.com/one
• App Contact: support@one.store

👀 Problem

Partner Support Ticket Number: N/A

Shopify merchants are facing increased spam attacks on their store that are leading to low quality contacts on their store. This can cause secondary issues such as triggering email automations (thereby lowering email reputation), increased time spent cleaning out contact lists, and potentially increased costs from their apps

List of merchants we’ve observed being affected

• scentsational-beauty.myshopify.com
• enndia.myshopify.com
• lucifer-lingerie.myshopify.com
• vera-roasting-coffee.myshopify.com
• 67b7c4.myshopify.com
• perfumeoilstore.myshopify.com
• fishers-cart.myshopify.com
• test-nygm.myshopify.com

Context

We've been noticing more and more Shopify accounts being attacked by these types of bots that put in real email addresses with bogus first and last names. It seems like they preferred Avenue of attack is by actually creating customer accounts on the merchants store. We know this because we have conversed with a couple of different merchants that confirmed that all these accounts were created by the spot, unfortunately, we don't have evidence of that anymore because the merchants that we worked with already deleted those accounts.

You can also see additional complaints from other:

• https://www.reddit.com/r/shopify/comments/1aclu88/bot_subscribers/?rdt=58699
• https://community.shopify.com/c/shopify-discussions/fake-newsletter-signups/m-p/2147237

💭 Proposal

Shopify add captcha or additional mechanisms like not allowing emails with “+” special character to be submitted when a store account is created.