Determine source of spam emails sent from multisite account

I have multisite with 100 or so users. Started seeing a lot of bounce spam messages returned and they are using admin@mydomain.com for the sender so I see all the returns. They are all spam with attachments. How can determine which site/account is sending the the emails so I can remove that site/account?

Also which malware plugin would you suggest, I know there are many. I have used wordfence in the past for single sites which would scan & find malware but maybe there are better options for multisite?

Defender?

thanks!
-George

  • Adam Czajczyk

    Hello George,

    I hope you're well today and thank you for your question!

    I'd start with these plugins:

    1. Anti-Splog
    https://premium.wpmudev.org/project/anti-splog/

    This is not for stopping e-mail spam going out of your network but should prevent it from accepting "spam blog" registrations.

    2. Defender
    https://premium.wpmudev.org/project/wp-defender/

    This one is to protect your site against various security threats that may result in "spammy" account being registered or even hacking your site.

    That being said, the question is whether these messages are indeed being sent from your network or are they just "fake" (that's a common technique and it's very easy to fake to/from address). Did you take a look at message raw content (source)?

    It would also be good to get in touch with your host tech staff to ask them if they could review server logs, hopefully this would help you identify the spamming site.

    Sucuri Scanner may also help here if you site got hacked.

    I hope that helps!
    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.