or, The Hitchhiker’s Guide to Fear and Loathing at a Public Library Reference Desk



Keeping Constant Contact Clean

   November 16th, 2016

Earlier this year, when the woman who used to be in charge of all our email newsletter retired, I became the library's primary contact for our Constant Contact account. This meant I started getting the weekly emails about how many new subscribers we had, confirmation that messages were sent out, and I was the one to get the billing notices.

All of that is fine, except that after just a couple weeks, our bill jump. A lot. And I had no idea why.

After a little digging and a few phone calls to Constant Contact, it turned out that the number of contacts in our account had grown so much that we crossed into the next higher pricing tier. We were now over 10,000 contacts - that sounds great, but the price different was tremendous, and wasn't something we had budgeted for nor could we afford.

After the dust settled, the obvious occurred to me: Chelmsford's population is about 33,000 - there's no way that enough people in town could have signed up for our email newsletter to grow our contacts list that much.

So I started looking at the weekly new subscribers notification more closely, and notice something - see if you see the same thing I did:

ccnewsubs

To me, all of these looked like fake email addresses. Not just the .ru, .pl, .top, .site, etc, but even the yahoo.com accounts looked bogus. And we were getting 100-200 new subscriptions a week, so yes, it makes sense then how we could grow from a sensible subscriber base to over 10,000.

So now of course, I needed to figure out how to delete all these fake addresses out of our account to bring the total number of contacts down so Constant Contact would drop us down to the lower pricing tier again. Their Customer Service people I spoke with were friendly, helpful, and understanding, and gave us a grace period to get things under control.

I hadn't used Constant Contact much before this, but I quickly became familiar with their Contact Management area and deleting contacts. My first strategy was just to search for things like "*.ru" and "*.pl" and delete any address that came up, because I sincerely doubt that we have any patrons in Russia or Poland. I built myself quite a list of top-level domains to search for and delete every week, and even though it helped, it still required a lot of of my time.

The first day I started working on this, I deleted something like 2,000 contacts. That was a good start and gave us some breathing room to stay below 10,000, but I knew there were lots of other junk addresses in there that I needed to figure out how to eliminate.

I also wanted to stop the flow of new signups. I talked to Constant Contact again, but they said there was no way to block signups by country or domain. They said all I could really do was require First Name and Last Name during signup, and also use "confirmation opt-in" (where patrons must click a link in an email sent to them after they filled out our web form before they are actually subscribed to the list). I did turn on the first name/last name requirement, but didn't want to use "confirmation opt-in." That extra step annoys me, and it bugged me that real patrons would have to suffer (and possibly not get signed up) because of the jerks out there. Not to mention, there is no guarantee that this would keep the jerks out.

So I kept looking in the Contact Management section for something that might help. At one point I tried figuring out where these fake signups were coming from - we only have one signup form on our website, and that's it. No Facebook form, no other apps, nothing, but I figured these fake accounts must be coming from some kind of script somewhere.

On the Advanced Search screen, I saw one of the options was "Contact Source:"

ccadvancedsearchsource

That made me think that if I could just figure out the source, I could easily search for those and delete them. Nice.

Oh, and then on list of contacts, I noticed there was a way to change the view, and the second option included the source. Ha - it's all coming together now.

ccviewoptions

After skimming through pages of our contacts, I noticed something: the source for the real contacts were either "Added by you" or "Website sign-up form." The source for everything that looked like a fake address was "Embedded JMML."

I had no idea what "Embedded JMML" or where it was to be abused like this, but at least there was some commonality. Now all I had to do was an Advanced Search for Source=Embedded JMML and everything is fine.

Except: Embedded JMML was not one of the options in the Source dropdown box in Advanced Search. Arrgh.

But, I think I solved it anyway. Using a combination of Advanced Search fields, I was able to filter out all good records, and so the results were only records with the Embedded JMML as a Source:

cccustomsearch

And there were THOUSANDS of them. I skimmed through pages of the contacts to make sure no real addresses slipped through, but they all looked fake.

So I selected them all, braced myself, and deleted 4,000 contact from our account. Whew. At least now we're back down to a realistic number, and they all seem like legitimate addresses.

I contacted Constant Contact once again, asking if they can block the "Embedded JMML" as a source for signups, or at least tell me where these signups were originating. At first all answers were no, but the support person who got my ticket really stayed with it, and convinced the development team to look at adding this as a feature. Which is great. For awhile I was beginning to think it was a big Constant Contact conspiracy to make it impossible to manage our contact list, because their pricing structure is set up to charge us more for high numbers of contacts - but that seems crazy even to me.

I know this is kind of dumb, but it really was a problem. And oddly, I didn't see anything on the internet about other people experiencing this same issue, so maybe we're just unlucky. Still, I thought it was kind of interesting and wanted to share.

So, the end result of all of this is that I still have to spend five minutes each week setting up this Advanced Search and deleting all the JMML signups, but at least it's a functioning method to get what I want, it keeps our contact list accurate and clean, and patrons don't have to jump through unnecessary hoops to get the library's email newsletter. Maybe that's the best I can hope for.




Tags: , , , , , , , , , ,


6 Responses to “Keeping Constant Contact Clean”

  1. A Says:

    JMML = join my mail list
    embed usually means the link has been added to a photo or text

    If you’ve not done this somewhere on your library’s website, then someone else has and is flooding spam addresses to it. Is there any way your website has been hacked or your library’s email was hacked or something of that sort? It’d be nice to see where the link is hosted so that you can see how the addresses are being pushed through.

    Might be something to look into but I’m not an IT librarian so it could be something else entirely.

  2. Mary Ellen Carter-Gilson Says:

    My husband is one of the support reps at Constant Contact! He didn’t work on your ticket, though.

  3. Ben Says:

    Interesting. If A’s comment is correct, then it might be the “Click to Sign Up” link on the library’s Contact us/Signups page that is causing the problem. A link like that could be searchable by an automated webspider process. I have no idea what the end game would be — I don’t know enough to know if there is a vulnerability that’s associated with that sort of thing that would make it attractive to spambots — but it’s almost certainly being done by scripts and not by people. Not sure if that’s any consolation.

  4. Brian Herzog Says:

    @A: thank you for the information (especially for explaining the JMML acronym). I don’t think anything has been hacked, because I haven’t seen any signs of that other than these newsletter signups. I had hoped CC could tell me where this link was hosted, but unfortunately they said they couldn’t. I still feel like this is fixable, so I’ll keep looking.

    @Mary Ellen: ha, that’s great. And really, everyone I spoke with at CC was extremely nice – such a great surprise.

    @Ben: I’ll have to search around to see if there are any rogue cc.com links on our site, but I don’t think so. But regardless, once I turned on the requirement for firstname/lastname, I would have thought it should apply to whatever this JMML path was too, but it didn’t – so I agree, this is definitely a script running in a shadow somewhere, somehow with a direct path circumventing CC’s normal signup forms.

  5. Dave B Says:

    I had this problem too – for us we have a domain that redirects to our actual website, and the bots were spamming the newsletter signups at that redirect URL somehow. Taking the sign up form off the homepage worked for me, and now just finding all those fake emails and deleting.

  6. Kathy L. Says:

    Brian, we had this problem, too, when we redesigned our website and added an e-news sign-up widget on the home page. Our web developers figured it out and added a “captcha” field at the bottom of the sign-up widget and that took care of all the fake email addresses. I know it’s a pain for patrons to enter that captcha, but it solved the problem. We had the same issue with our online events calendar registration form. Added a captcha field at the bottom of the electronic registration form and solved the problem. Had to delete tons of fake emails from our database, though. Good luck.