diff --git a/lib/models/subscriptions.js b/lib/models/subscriptions.js
index fa5448e5..17f20d76 100644
--- a/lib/models/subscriptions.js
+++ b/lib/models/subscriptions.js
@@ -215,7 +215,7 @@ module.exports.addConfirmation = (list, email, optInIp, data, callback) => {
 
                         setImmediate(() => {
                             if (data._skip) {
-                                log.error('Subscription', 'Confirmation message for %s marked to be skipped (%s)', email, JSON.stringify(data));
+                                log.info('Subscription', 'Confirmation message for %s marked to be skipped (%s)', email, JSON.stringify(data));
                                 return;
                             }
 
diff --git a/package.json b/package.json
index f99325fa..4862b97c 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
   "dependencies": {
     "bcrypt-nodejs": "0.0.3",
     "body-parser": "^1.15.2",
-    "bounce-handler": "^7.3.2-fork.1",
+    "bounce-handler": "^7.3.2-fork.2",
     "compression": "^1.6.2",
     "config": "^1.21.0",
     "connect-flash": "^0.1.1",
@@ -41,7 +41,7 @@
     "csv-parse": "^1.1.7",
     "escape-html": "^1.0.3",
     "express": "^4.14.0",
-    "express-session": "^1.14.0",
+    "express-session": "^1.14.1",
     "faker": "^3.1.0",
     "feedparser": "^1.1.4",
     "geoip-ultralight": "^0.1.4",
@@ -52,15 +52,15 @@
     "humanize": "0.0.9",
     "is-url": "^1.2.2",
     "isemail": "^2.2.1",
-    "jsdom": "^9.4.2",
-    "juice": "^2.0.0",
-    "libmime": "^2.0.3",
+    "jsdom": "^9.5.0",
+    "juice": "^3.0.0",
+    "libmime": "^2.1.0",
     "mkdirp": "^0.5.1",
     "moment-timezone": "^0.5.5",
     "morgan": "^1.7.0",
     "multer": "^1.2.0",
     "mysql": "^2.11.1",
-    "nodemailer": "^2.5.0",
+    "nodemailer": "^2.6.0",
     "nodemailer-openpgp": "^1.0.2",
     "npmlog": "^4.0.0",
     "openpgp": "^2.3.3",
@@ -70,7 +70,7 @@
     "serve-favicon": "^2.3.0",
     "shortid": "^2.2.6",
     "slugify": "^1.0.2",
-    "smtp-server": "^1.14.1",
+    "smtp-server": "^1.14.2",
     "striptags": "^2.1.1",
     "toml": "^2.3.0"
   }
diff --git a/routes/subscription.js b/routes/subscription.js
index 41524cd3..27d50878 100644
--- a/routes/subscription.js
+++ b/routes/subscription.js
@@ -216,10 +216,14 @@ router.post('/:cid/subscribe', passport.parseForm, passport.csrfProtection, (req
         return res.redirect('/subscription/' + encodeURIComponent(req.params.cid) + '?' + tools.queryParams(req.body));
     }
 
+    // Check if the subscriber seems legit. This is a really simple check, the only requirement is that
+    // the subsciber has JavaScript turned on and thats it. If Mailtrain gets more targeted then this
+    // simple check should be replaced with an actual captcha
     let subTime = Number(req.body.sub) || 0;
-    let subTest = !!(subTime > Date.now() - 3600 * 1000 && subTime < Date.now() + 3600 * 1000);
+    // allow clock skew 24h in the past and 24h to the future
+    let subTimeTest = !!(subTime > Date.now() - 24 * 3600 * 1000 && subTime < Date.now() + 24 * 3600 * 1000);
     let addressTest = !req.body.address;
-    let testsPass = subTest && addressTest;
+    let testsPass = subTimeTest && addressTest;
 
     lists.getByCid(req.params.cid, (err, list) => {
         if (!err && !list) {
diff --git a/views/subscription/confirm-notice.hbs b/views/subscription/confirm-notice.hbs
index 8ef06ea6..06d4cb17 100644
--- a/views/subscription/confirm-notice.hbs
+++ b/views/subscription/confirm-notice.hbs
@@ -1,3 +1,11 @@
+<div class="alert alert-warning alert-dismissible" role="alert" id="js-warning">
+    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    <strong>Warning!</strong> If JavaScript was not enabled then no confirmation message was sent
+</div>
+<script>
+    document.getElementById('js-warning').style.display = 'none';
+</script>
+
 <h2>Almost finished.</h2>
 
 <p>We need to confirm your email address. To complete the subscription process, please click the link in the email we just sent you.</p>
diff --git a/views/subscription/subscribe.hbs b/views/subscription/subscribe.hbs
index 18f66d61..fc782eae 100644
--- a/views/subscription/subscribe.hbs
+++ b/views/subscription/subscribe.hbs
@@ -5,6 +5,14 @@
     </form>
 {{/if}}
 
+<div class="alert alert-warning alert-dismissible" role="alert" id="js-warning">
+    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    <strong>Warning!</strong> JavaScript must be enabled in order for the subscription form to work
+</div>
+<script>
+    document.getElementById('js-warning').style.display = 'none';
+</script>
+
 <form method="post" action="/subscription/{{cid}}/subscribe">
 
     <input type="hidden" name="_csrf" value="{{csrfToken}}">
@@ -120,9 +128,12 @@
         </div>
     {{/each}}
 
-    <div class="form-group">
+    <div class="form-group" id="js-subscribe" style="display: none">
         <button type="submit" class="btn btn-primary">Subscribe to list</button>
     </div>
+    <script>
+        document.getElementById('js-subscribe').style.display = 'block';
+    </script>
 </form>
 
 <script>
