Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,457,977
Community Members
 
Community Events
176
Community Groups

Abuse mitigation for Statuspage email, SMS, and webhook subscriptions

Starting this week, we’re rolling out some changes to help ensure the people subscribing to your status pages are actually real people. These changes will help make your status page less vulnerable to fraudulent subscribers.

Specifically, we’re making the following changes:

All SMS subscriptions will require a double opt-in confirmation

All U.S. subscriptions are initiated via short-code and these subscriptions require double opt-in by replying “YES”. This is the existing behavior, there is no change for these subscriptions.

SMS subscriptions for all other supported countries are initiated via long-code and historically, this has been done without double opt-in. Starting this week, these subscribers will be required to double opt-in by tapping a link to confirm their subscription.

Users filling out the subscription form will need to to pass a CAPTCHA verification

We’re implementing Google’s reCAPTCHA for all self-serve subscriptions. Users that Google identifies as “bot-like” will be required to pass a CAPTCHA challenge. Most real (human) users won't be interrupted by the CAPTCHA challenge.

We are removing the Status API subscription endpoints

Historically, the Status API has had endpoints for creating a subscriber

(POST to /api/v2/subscribers.json)

and updating a subscriber

(GET / PATCH / DELETE to /api/v2/subscribers/:subscriber_id.json)

We're removing both of these endpoints as these methods now both exist in the Manage API. (We’ve introduced a new endpoint for updating a subscriber in the Manage API).

If you need to manage subscribers using the API, please use the following endpoints noted in our Manage API docs:

Conclusion

All of these changes are being made to protect your page from receiving bogus or fraudulent subscribers. If you have any questions about these changes, please comment below or contact our support team.

3 comments

Hi Jake,

I've just tested the SMS subscription with a few UK numbers on some of our pages and I don't get the double-opt in. In fact, the number isn't a short-code one (it's a random landline and mobile number). I get a confirmation message that says I am now subscribed but nothing to confirm. Could you clarify if this is the expected behaviour for UK numbers as opposed to what you've posted above?

Thanks,
Nick

Hi Nick! We started this rollout on the 21st and are slowly rolling it out in phases. I believe we're at 80% of all customers right now. I can confirm this change has not yet hit your organization. Sorry for the confusion, I should have clarified this is a phased rollout in the copy above. 

Regarding short-code vs. long-code, it's possible the carrier you're using to test is not a supported carrier for Twilio short-codes. You can find that list here: https://support.twilio.com/hc/en-us/articles/223182088-What-carriers-are-supported-on-Twilio-short-codes- -- if it is a supported carrier, please let me know and I'll investigate further!

Upon further investigation, only US numbers are subscribed via short-code. I'll update the above copy to reflect this. Sorry for the confusion! 

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events