One of the most powerful tools in any business’ arsenal is a well maintained subscriber list. However, in Magento 2 there is a glaring oversight in the protection of the basic subscription functionality, leaving the platform open to the potential for cross-site insertion of fake subscribers. These fake subscriber attacks/spam lead to larger costs in email marketing by sending to dead-end email addresses as well as a large amount of spam complaints from scraped email addresses, which can lead to blacklisting and even serious legal trouble.
So what can be done? The simplest solution is to require a “form key” at the time of email subscription. You may ask, “What is a form key? It is merely a unique identifier that is only present when a page is loaded directly into a client and is not present when scammers/spammers use remote scripts to pollute your subscriber list.
To this end, I wrote a Free Extension, which inserts a form key into the default Magento 2 newsletter subscription form and then checks for that form key whenever a new newsletter subscription is processed.
E-Commerce Gorilla Newsletter Form Key Download & Installation Instructions
The free module can be downloaded from the following link:
Once you have downloaded and unzipped the module, move the files into the root of your Magento 2 store.
Log in to your hosting via SSH and navigate to the root of your Magento 2 store and run the following commands:
php bin/magento setup:upgrade
php bin/magento setup:di:compile
php bin/magento setup:static-content:deploy
And there you go! Now any time a subscription request is run through Magento’s core subscription controller, it will check for and validate the attached form key, greatly improving the integrity of your email lists.