In the past hour I’ve had around 40 spam failure to deliver messages. It’s happened twice in that hour, around 20 times within a minute, different emails in every failure.

Its happening through the post through register from what I see, but how they are doing it so fast I don’t know. Any ideas? I’ve turned it off temporarily

Example of one

Edited March 30, 20223 yr by marklcfc

Look at the CleanTalk plugin. It’s done a great job of reducing spam registrations and Contact Us spam messages. 

 

Does this just mean that the emails will continue to bounce but I just won't be notified about it? so I won't be aware of how often it's happening.

Correct.  However again...  you should not need it if you are using other alternatives.  For example with @Jon Erickson's SES integration, you can pick what happens when emails bounce or if someone sends a spam complaint.  For example, to automatically set them back into the validating member group if emails hard bounce.  

Also...  with SESDashboard, I don't need an email notice.  I instead have a web portal that I can see any bounced email, etc.  

If you want to receive notifications via email the event happened, great...  do nothing.  It's working as designed.  Your complaint was however that you're getting tons of those emails when spammers attempt to signup with a fake address.  

You're going to have to pick your poison here.  You can disable email validation and instead do manual user approval for all registrations.  You could leave email validation enabled, but then you have to deal with the ones that just enter fake addresses that will never get approved. 

The reality here is if you have the post before register option enabled, you will get people who will try and register with email addresses that don't exist. 

 

Just woke up to 120+ emails of spam, what a mess

There is little else we can be of assistance with on this unfortuanetly. If you have these notifications (these are not spam, and actually notifications from your server) switched on, and have post before register switched on, you will be notified by your server if someone uses an email that doesnt exist. 

That hCaptcha mod doesn't work by the way, impossible to sign up. You enter your details click create my account, it gives you the captcha to go through and then just goes back to the sign in form every single time. Gone back to invisible captcha and account can be created, just won't have to use post before register. 😔

How do I get a refund?

Edited April 14, 20223 yr by marklcfc

your solution would be to deactivate the publication before registering that those bots are like a plague that no matter how much you put security they always mock it