It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Abuse mitigation for Statuspage email, SMS, and webhook subscriptions

Starting this week, we’re rolling out some changes to help ensure the people subscribing to your status pages are actually real people. These changes will help make your status page less vulnerable to fraudulent subscribers.

Specifically, we’re making the following changes:

All SMS subscriptions will require a double opt-in confirmation

All U.S. subscriptions are initiated via short-code and these subscriptions require double opt-in by replying “YES”. This is the existing behavior, there is no change for these subscriptions.

SMS subscriptions for all other supported countries are initiated via long-code and historically, this has been done without double opt-in. Starting this week, these subscribers will be required to double opt-in by tapping a link to confirm their subscription.

Users filling out the subscription form will need to to pass a CAPTCHA verification

We’re implementing Google’s reCAPTCHA for all self-serve subscriptions. Users that Google identifies as “bot-like” will be required to pass a CAPTCHA challenge. Most real (human) users won't be interrupted by the CAPTCHA challenge.

We are removing the Status API subscription endpoints

Historically, the Status API has had endpoints for creating a subscriber

(POST to /api/v2/subscribers.json)

and updating a subscriber

(GET / PATCH / DELETE to /api/v2/subscribers/:subscriber_id.json)

We're removing both of these endpoints as these methods now both exist in the Manage API. (We’ve introduced a new endpoint for updating a subscriber in the Manage API).

If you need to manage subscribers using the API, please use the following endpoints noted in our Manage API docs:

Conclusion

All of these changes are being made to protect your page from receiving bogus or fraudulent subscribers. If you have any questions about these changes, please comment below or contact our support team.

3 comments

Hi Jake,

I've just tested the SMS subscription with a few UK numbers on some of our pages and I don't get the double-opt in. In fact, the number isn't a short-code one (it's a random landline and mobile number). I get a confirmation message that says I am now subscribed but nothing to confirm. Could you clarify if this is the expected behaviour for UK numbers as opposed to what you've posted above?

Thanks,
Nick

Hi Nick! We started this rollout on the 21st and are slowly rolling it out in phases. I believe we're at 80% of all customers right now. I can confirm this change has not yet hit your organization. Sorry for the confusion, I should have clarified this is a phased rollout in the copy above. 

Regarding short-code vs. long-code, it's possible the carrier you're using to test is not a supported carrier for Twilio short-codes. You can find that list here: https://support.twilio.com/hc/en-us/articles/223182088-What-carriers-are-supported-on-Twilio-short-codes- -- if it is a supported carrier, please let me know and I'll investigate further!

Upon further investigation, only US numbers are subscribed via short-code. I'll update the above copy to reflect this. Sorry for the confusion! 

Comment

Log in or Sign up to comment
Community showcase
Published in Statuspage

Try our new Incident Communication Template Generator

Your customers need to know when your software isn't working as expected - but knowing what to say or how to say it isn't always easy, especially in the heat of the moment. To help make incide...

872 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you