One of the most powerful tools in any business’ arsenal is a well maintained subscriber list. However, in Magento 2 there is a glaring oversight in the protection of the basic subscription functionality, leaving the platform open to the potential for cross-site insertion of fake subscribers. These fake subscriber attacks/spam lead to larger costs in email marketing by sending to dead-end email addresses as well as a large amount of spam complaints from scraped email addresses, which can lead to blacklisting and even serious legal trouble.
So what can be done? The simplest solution is to require a “form key” at the time of email subscription. You may ask, “What is a form key? It is merely a unique identifier that is only present when a page is loaded directly into a client and is not present when scammers/spammers use remote scripts to pollute your subscriber list.
To this end, I wrote a Free Extension, which inserts a form key into the default Magento 2 newsletter subscription form and then checks for that form key whenever a new newsletter subscription is processed.
E-Commerce Gorilla Newsletter Form Key Download & Installation Instructions
The free module can be downloaded from the following link:
Once you have downloaded and unzipped the module, move the files into the root of your Magento 2 store.
Log in to your hosting via SSH and navigate to the root of your Magento 2 store and run the following commands:
php bin/magento setup:upgrade php bin/magento setup:di:compile php bin/magento setup:static-content:deploy
And there you go! Now any time a subscription request is run through Magento’s core subscription controller, it will check for and validate the attached form key, greatly improving the integrity of your email lists.
Thanks for sharing this guide, I was trying to setup newsletter for my Magento store, I had to send them black Friday campaign, Your post helped me a lot in configuring this.