Your checkout flow is opening at 2%
A competitor was stuffing it with fake customers. Here's the fix.
|
Your checkout flow is opening at 2%Happy Wednesday! I opened a client's Klaviyo account last week and every flow was sitting where it should be. Welcome flow, browse abandonment, post-purchase, all opening in the normal range. Except one. The abandoned-checkout flow was at 2% opens. A 2% open rate isn't a soft number. That's the kind of number you see when almost nobody on the other end is a real person.
I scrolled down to who was actually getting the emailsSo I drilled in. I went from the account view, into that one flow, and then into the actual recipients getting those emails. That's the part most people never look at, because we obsess over the copy and the subject line and never scroll down to see who's actually receiving the thing. When I looked at the recipient list, the pattern jumped out. Name after name of generic, fabricated people, "James Smith" and twenty variations of it. Real customers don't sign up in clusters of identical filler names. The tell wasn't in the email. It was in who was getting the email. If you want to catch this in your own account before opens crater, scroll the recipient activity on your flows, not just your campaigns. Scan the actual profile names and addresses, and watch for clusters of identical or obviously generated names sitting next to each other. A handful of real people never look like that. Every list has two doors, and one of them was wide openNew email addresses get onto a list through two doors: one is your signup forms, and the other is the checkout on your store.
In this case, the door was the Shopify abandoned checkout. Someone, a competitor or just a random bad actor, was stuffing fake checkouts with junk email addresses, and every fake checkout dropped another fake address into the flow. This was never a copy problem. It was a who's-getting-in-the-door problem. How one broken flow poisons everything you sendHere's why a single broken flow becomes a much bigger one. Those fake addresses don't exist, so the emails bounce, and bounces damage your sending reputation. And most brands send everything from one subdomain and one IP. So the reputation hit doesn't stay contained to the checkout flow. It spreads across everything you send.
That's the real cost. Your actual customers, the people who want to hear from you, start landing in spam instead of the inbox, and a problem that started in one flow quietly drags down your whole program. The fix, in orderThe fix happens in order. First, I set up a conditional split in Klaviyo that catches the name pattern and routes those profiles to a list I suppress manually every week. The condition itself is simple. The split filters on the junk signature, like a first and last name matching the generic pattern or addresses sharing the same throwaway format, and anything that matches gets routed straight to the suppression list. That stops the bleeding while we figure out the source.
If the suppression can't keep up with the volume, the next step is blocking the bot at the edge. That means identifying the IPs hammering your checkout and shutting them out with Cloudflare or a Shopify app before they ever create a checkout. But the suppression and the blocking are just cleanup. They fix the account that already got hit. The takeaway is the habitThe thing I actually want you to take away is the habit. Run a weekly audit on every flow, not just your campaigns. These attacks don't send you a warning, and you only catch them by looking, on a cadence, before a 2% open rate becomes a domain-wide deliverability problem. Most operators watch their campaigns like a hawk and assume the flows are just humming along in the background. Flows are exactly where this kind of thing hides. The only way to know who's getting onto your list is to check the door yourself, regularly. If you want me to run that audit for you and tell you what's actually coming through your doors, grab a time below.
Have a great week. Go check your flows. - Raymond |