Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Abuse mitigation for Statuspage email, SMS, and webhook subscriptions

Starting this week, we’re rolling out some changes to help ensure the people subscribing to your status pages are actually real people. These changes will help make your status page less vulnerable to fraudulent subscribers.

Specifically, we’re making the following changes:

All SMS subscriptions will require a double opt-in confirmation

All U.S. subscriptions are initiated via short-code and these subscriptions require double opt-in by replying “YES”. This is the existing behavior, there is no change for these subscriptions.

SMS subscriptions for all other supported countries are initiated via long-code and historically, this has been done without double opt-in. Starting this week, these subscribers will be required to double opt-in by tapping a link to confirm their subscription.

Users filling out the subscription form will need to to pass a CAPTCHA verification

We’re implementing Google’s reCAPTCHA for all self-serve subscriptions. Users that Google identifies as “bot-like” will be required to pass a CAPTCHA challenge. Most real (human) users won't be interrupted by the CAPTCHA challenge.

We are removing the Status API subscription endpoints

Historically, the Status API has had endpoints for creating a subscriber

(POST to /api/v2/subscribers.json)

and updating a subscriber

(GET / PATCH / DELETE to /api/v2/subscribers/:subscriber_id.json)

We're removing both of these endpoints as these methods now both exist in the Manage API. (We’ve introduced a new endpoint for updating a subscriber in the Manage API).

If you need to manage subscribers using the API, please use the following endpoints noted in our Manage API docs:

Conclusion

All of these changes are being made to protect your page from receiving bogus or fraudulent subscribers. If you have any questions about these changes, please comment below or contact our support team.

3 comments

Nick Coates
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 2, 2019

Hi Jake,

I've just tested the SMS subscription with a few UK numbers on some of our pages and I don't get the double-opt in. In fact, the number isn't a short-code one (it's a random landline and mobile number). I get a confirmation message that says I am now subscribed but nothing to confirm. Could you clarify if this is the expected behaviour for UK numbers as opposed to what you've posted above?

Thanks,
Nick

Jake Bartlett
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 2, 2019

Hi Nick! We started this rollout on the 21st and are slowly rolling it out in phases. I believe we're at 80% of all customers right now. I can confirm this change has not yet hit your organization. Sorry for the confusion, I should have clarified this is a phased rollout in the copy above. 

Regarding short-code vs. long-code, it's possible the carrier you're using to test is not a supported carrier for Twilio short-codes. You can find that list here: https://support.twilio.com/hc/en-us/articles/223182088-What-carriers-are-supported-on-Twilio-short-codes- -- if it is a supported carrier, please let me know and I'll investigate further!

Jake Bartlett
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 4, 2019

Upon further investigation, only US numbers are subscribed via short-code. I'll update the above copy to reflect this. Sorry for the confusion! 

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events