You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am experiencing a spike in subscribers with genuine-looking emails. However, they subscribed to the test mailing list, which is public but not embedded in a form anywhere other than the default newsletter website main page. This has not been linked anywhere and has "do not subscribe" in the name, so I assume these are bot users or someone targeting the server. Therefore, the assumption is that someone is attacking using the subscription API. I learned that the subscription API does not require authentication. Is this correct?
The text was updated successfully, but these errors were encountered:
You can disable the Enable public subscription page option in Settings -> General if you don't want public signups. If you need it and you have a bot problem, you can enable CAPTCHA in Settings -> Security
I am experiencing a spike in subscribers with genuine-looking emails. However, they subscribed to the test mailing list, which is public but not embedded in a form anywhere other than the default newsletter website main page. This has not been linked anywhere and has "do not subscribe" in the name, so I assume these are bot users or someone targeting the server. Therefore, the assumption is that someone is attacking using the subscription API. I learned that the subscription API does not require authentication. Is this correct?
The text was updated successfully, but these errors were encountered: