Houston Miata Club Posted May 27, 2021 Posted May 27, 2021 On 4/2/2021 at 12:02 AM, The Old Man said: I get this particular PITA spamming me from the Contact Form about 4 times a week, every week for months now. His IP may change, but the email address never does. eric.jones.z.mail@gmail.com Honestly it drives me nuts that I can't simply block him by adding his email address to the existing IPS AdminCP email blacklist facility. A quick check of that list by the contact form would sort it. I can't flag his emails as spam in my mail client, because then I'd be reporting my owner server and shooting myself in the foot in terms of anti spam blacklists (because the email is sent via my server), such is the nature of contact form spam. I increased the strength of the Google Recapcha in their settings but no joy. I can't use the spam filters in CPanel because the form sends the external message, he doesn't spam via a traditional mail client. The From field sent by IPS is my sites email address, not the email addresses of the spammer, which may be RFC compliant in doing so but doesn't help. I set up DKIM, SPF and DMARC correctly but that actually works against me, because Spam Assassin is rating my server and reduces the spam score. Subject: A user sent a message via the contact form From: "Eric Jones" <my sites email address> X-Spam-Status: No, score=4.3 X-Spam-Score: 43 X-Spam-Bar: ++++ X-Ham-Report: Spam detection software, running on the system "vpsxxx.myserver.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: A user has sent a message using the Contact Us form. ---- Eric Jones ( eric.jones.z.mail@gmail.com ) said: Content analysis details: (4.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 2.0 PYZOR_CHECK Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From 0.0 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX X-Spam-Flag: NO X-From-Rewrite: unmodified, no actual sender determined from check mail permissions My email goes through Sparkpost, so technically I'm sending the spam (from my server and it has my email address in the From field) which puts me at risk from their policies. I think that simply manually blacklisting an email address in AdminCP is worthwhile, doesn't have any negative aspects in terms of legitimate users being able to get through. It won't block the first email but at least we could do something about it. The exact same one I was looking for a solution to! Installed the NE right now. The Old Man and SeNioR- 2
jackflash Posted May 27, 2021 Posted May 27, 2021 (edited) report that e-mail address to Google: https://support.google.com/mail/contact/abuse Edited May 27, 2021 by jackflash
NoSpy Posted June 1, 2021 Posted June 1, 2021 It lacks a feature that would prohibit during 24 hours at least to send a second request via the contact form if the email address is identical.
Morrigan Posted June 1, 2021 Posted June 1, 2021 On 5/26/2021 at 11:02 PM, jackflash said: report that e-mail address to Google: https://support.google.com/mail/contact/abuse If the email really exists this wouldn't help anything since the Contact Us doesn't require an email verification. However, I thought it obeyed the ban filter but it doesn't appear to. I get those same spam messages.
NoSpy Posted June 2, 2021 Posted June 2, 2021 (edited) Spam on the contact form is a disaster, there is no verification of the domain name via the whois function to know if it exists or not. As well as forbidding the HTML format and remote images. Edited June 2, 2021 by NoSpy MEVi 1
The Old Man Posted November 24, 2022 Author Posted November 24, 2022 Hi Nathan, Quote "40% off for 48 hours" for Black November - normally $25 ($10 yearly renewal), currently $15 ($6 yearly renewal) Have I missed the awesome sale offer? Thanks! 🤗
Myr Posted November 30, 2022 Posted November 30, 2022 Can we get a fix for Contact Us spam? Such as respecting the ban list? This eric.jones spammer clown is still hitting us. At least listening to the ban list will block the junk when they enter it. Or add the questions? Something. Anything.
Randy Calvert Posted December 1, 2022 Posted December 1, 2022 2 hours ago, Myr said: Can we get a fix for Contact Us spam? Such as respecting the ban list? This eric.jones spammer clown is still hitting us. At least listening to the ban list will block the junk when they enter it. Or add the questions? Something. Anything. This does exactly what you’re asking for. 🙂
Recommended Posts