Jump to content

Spam via Contact Us - Call to Arms!


The Old Man

Recommended Posts

On 4/2/2021 at 12:02 AM, The Old Man said:

I get this particular PITA spamming me from the Contact Form about 4 times a week, every week for months now.
His IP may change, but the email address never does.

eric.jones.z.mail@gmail.com


Honestly it drives me nuts that I can't simply block him by adding his email address to the existing IPS AdminCP email blacklist facility. A quick check of that list by the contact form would sort it.

I can't flag his emails as spam in my mail client, because then I'd be reporting my owner server and shooting myself in the foot in terms of anti spam blacklists (because the email is sent via my server), such is the nature of contact form spam. I increased the strength of the Google Recapcha in their settings but no joy. 
 

I can't use the spam filters in CPanel because the form sends the external message, he doesn't spam via a traditional mail client.

The From field sent by IPS is my sites email address, not the email addresses of the spammer, which may be RFC compliant in doing so but doesn't help.

I set up DKIM, SPF and DMARC correctly but that actually works against me, because Spam Assassin is rating my server and reduces the spam score.

Subject: A user sent a message via the contact form
From: "Eric Jones" <my sites email address>
X-Spam-Status: No, score=4.3
X-Spam-Score: 43
X-Spam-Bar: ++++
X-Ham-Report: Spam detection software, running on the system "vpsxxx.myserver.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 Content preview:  A user has sent a message using the Contact Us form. ----
   Eric Jones ( eric.jones.z.mail@gmail.com ) said: 
 Content analysis details:   (4.3 points, 5.0 required)
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
  2.0 PYZOR_CHECK            Listed in Pyzor
                             (https://pyzor.readthedocs.io/en/latest/)
  2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
  0.0 TO_EQ_FM_DIRECT_MX     To == From and direct-to-MX
X-Spam-Flag: NO
X-From-Rewrite: unmodified, no actual sender determined from check mail permissions

My email goes through Sparkpost, so technically I'm sending the spam (from my server and it has my email address in the From field) which puts me at risk from their policies.

I think that simply manually blacklisting an email address in AdminCP is worthwhile, doesn't have any negative aspects in terms of legitimate users being able to get through. It won't block the first email but at least we could do something about it.

 

The exact same one I was looking for a solution to! Installed the NE right now.

Link to comment
Share on other sites

Posted (edited)

Spam on the contact form is a disaster, there is no verification of the domain name via the whois function to know if it exists or not. As well as forbidding the HTML format and remote images.

Edited by NoSpy
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...