Thank you, Karen! I’ve noticed a lot of strange subscribers in the past few days. My count goes up and then goes down. I know Substack is trying to keep them out. I feel safer now because of you!
One tiny extra step: I have all my Substack subscribes and unsubscribes synch to my email marketing platform (I use Kit, formerly ConvertKit). How? I have email notifications turned on for Substack, and then I use Zapier to connect Substack with my Email Management System via Google Mail. Then I don’t need to remember to export subscriber list periodically- it’s all synched all the time. And there are things I can do in Kit I can’t do in Substack…like email journeys…so it’s actually beneficial to have the list in both places. Then, so that I don’t get all those subscribe/unsubscribe notifications from Substack as they happen, I have a filter on gmail that has those email bypass my inbox and go straight to archive. Zap still runs, but I don’t get emails in my inbox.
Excellent information - thank you so much. I have often fretted about whether to save my posts elsewhere,(independently from Substack altogether, I mean). Where would be the best place to do this?
Saving a copy of the exported file both offline, such as on a USB stick and in the cloud, such as in Google Drive or dropbox is a great idea, as Amie says.
Because I am paranoid, and often fear the worst, I save a link to each post AND the actual text of the post in an unpublished page of my website (not substack, it’s a separate personal/business website I own with an https verified security key). I also am very old school so I save all the posts in a word document that is not stored on the cloud but backed up to a thumb drive. I’m sure there are numerous other options to be found but these work for me. Hope this helps.
Thank you, Karen, a terrific reminder on point one for any site and point two for any site with stored assets. A question for you, though…
I’m sure that you, like many of us with names associated with women get subscribers with men’s names and profile pictures, the DMs that start with “ Hello”… or something like that. I’ve judged these to be bots and delete them. I am tempted to delete and report, but that feels harsh.
Hi Barbara, I think best practice is to ignore them.
I do this on both Substack and LinkedIn for unsolicited messages like that. I think some are from real people, not bots. Either way, I don't waste my energy responding/reporting/deleting.
Ha Kristi, the fact that I beat you to it makes me happy (in a friendly, non-bitchy way heheh). By the way, I had to jump in an update the instructions for switching on 2FA, as it can't be done until you've first enabled recovery questions.... sharing this to save you the embarrassment of giving your audience faulty instructions like i did :(
What do you use for security systems/plug on your Substack. I know things like that are available for self hosted WordPress websites, but could you please share what you use for your Substack hosted website/blog. Thanks in advance.
Hi Karen. Just wanted to let you know, I tried to sign up for your workshop, but I don't know if something went wrong? I made a payment but I haven't received any information or a receipt from you. Could you check your direct messages please? Thanks
I’ve gotten a bunch of new subscribers that don’t have profiles and seem bogus. How did Substack know to delete yours? I’ve stopped posting to my list…paralyzed. Help?
Hi Sherry, don't waste sleep over the dodgy profiles, there's not a huge amount of harm in sending posts to bots, it's just one of those annoying internet-y things we have to deal with.
Wow. There are helpful tips. I got 33 new "fake" subs last week. Substack went in and deleted them. It reminds me that protecting my Substack account is essential. Thanks!
Thank you, Karen! I’ve noticed a lot of strange subscribers in the past few days. My count goes up and then goes down. I know Substack is trying to keep them out. I feel safer now because of you!
One tiny extra step: I have all my Substack subscribes and unsubscribes synch to my email marketing platform (I use Kit, formerly ConvertKit). How? I have email notifications turned on for Substack, and then I use Zapier to connect Substack with my Email Management System via Google Mail. Then I don’t need to remember to export subscriber list periodically- it’s all synched all the time. And there are things I can do in Kit I can’t do in Substack…like email journeys…so it’s actually beneficial to have the list in both places. Then, so that I don’t get all those subscribe/unsubscribe notifications from Substack as they happen, I have a filter on gmail that has those email bypass my inbox and go straight to archive. Zap still runs, but I don’t get emails in my inbox.
Excellent information - thank you so much. I have often fretted about whether to save my posts elsewhere,(independently from Substack altogether, I mean). Where would be the best place to do this?
Saving a copy of the exported file both offline, such as on a USB stick and in the cloud, such as in Google Drive or dropbox is a great idea, as Amie says.
Because I am paranoid, and often fear the worst, I save a link to each post AND the actual text of the post in an unpublished page of my website (not substack, it’s a separate personal/business website I own with an https verified security key). I also am very old school so I save all the posts in a word document that is not stored on the cloud but backed up to a thumb drive. I’m sure there are numerous other options to be found but these work for me. Hope this helps.
Thank you for this kind response! Absolutely not being paranoid and much appreciated :)
Good advice i am going to implement , thanks Karen.
Thank you, Karen, a terrific reminder on point one for any site and point two for any site with stored assets. A question for you, though…
I’m sure that you, like many of us with names associated with women get subscribers with men’s names and profile pictures, the DMs that start with “ Hello”… or something like that. I’ve judged these to be bots and delete them. I am tempted to delete and report, but that feels harsh.
Do you have a best practice?
Hi Barbara, I think best practice is to ignore them.
I do this on both Substack and LinkedIn for unsolicited messages like that. I think some are from real people, not bots. Either way, I don't waste my energy responding/reporting/deleting.
Good guidance, thank you.
This is really great advice. I actually had a future draft re this topic so thanks for beating me to it. So important!!
Ha Kristi, the fact that I beat you to it makes me happy (in a friendly, non-bitchy way heheh). By the way, I had to jump in an update the instructions for switching on 2FA, as it can't be done until you've first enabled recovery questions.... sharing this to save you the embarrassment of giving your audience faulty instructions like i did :(
Thank you, Karen - scary but important! 10 million is a big number. Where do you see this activity?
I have security monitoring systems/plug-ins set up on the website and they count the attacks, attempted logins, etc.
What do you use for security systems/plug on your Substack. I know things like that are available for self hosted WordPress websites, but could you please share what you use for your Substack hosted website/blog. Thanks in advance.
Hi Karen. Just wanted to let you know, I tried to sign up for your workshop, but I don't know if something went wrong? I made a payment but I haven't received any information or a receipt from you. Could you check your direct messages please? Thanks
Very helpful tips, thanks for sharing!
Smart, quick steps you can take to backup your newsletter posts and subscriber list. (Useful to do monthly or at least quarterly.)
Thanks for raising awareness around this topic and for the useful tips!
Wow, super helpful & original tips, Karen. I will implement each one. And, I agree about the bots; rather disheartening.
I’ve gotten a bunch of new subscribers that don’t have profiles and seem bogus. How did Substack know to delete yours? I’ve stopped posting to my list…paralyzed. Help?
Hi Sherry, don't waste sleep over the dodgy profiles, there's not a huge amount of harm in sending posts to bots, it's just one of those annoying internet-y things we have to deal with.
Ok thanks…and I appreciate your helpful tips. Cheers.
Wow. There are helpful tips. I got 33 new "fake" subs last week. Substack went in and deleted them. It reminds me that protecting my Substack account is essential. Thanks!
love this thank you so much
I'm so glad you said this - I've noticed a large number of random subscribers recently, usually in clusters. I had no idea!
Amazing. Thanks so much!