On my website I have a simple self coded (double opt-in) newsletter sign up form.<p>I receive lots of spam sign ups (gmail, yahoo, aol accounts) that never get activated. I automatically clean those up after a few days.<p>I have no captcha because I don't like them from a UX perspective. My assumption was that because of the double opt-in process I don't need one.<p>But now as I get so many spam sign ups I'm wondering if I'm missing something. What's the motivation from a spammers point of view? Do they check for security vulnerabilities this way? What kind of goal do they try to achieve?<p>The newsletter form is on the bottom of this page: https://asylumsquare.com
Do you have anything (end subscription form etc) that might reveal if an address opened the email or accepted the signup? Could be spammers probing for valid addresses? not sure if thats a thing with email.
Newsletters on any site are prime candidates for spammers and malware distributors. One email reaching thousands or potentially hundreds of thousands of people is very tempting. Spammers and malware authors are getting more clever too. They have bots that pose as people and ask naive leading questions, then ultimately direct people to the watering holes.