how to detect and control spammers

one blog user activated this plugin and manually subscribed about 150 email addresses to his blog. most of the emails are causing trouble, i.e. address no longer in use or inexistent.

since he blogs at least once a day he was sending out quite huge amounts of mails and most bounced back.

unfortunately since the mails sent out were being sent via phpmail they landed in the browser's inbox if that makes sense? I mean no real human mailbox, so I didn't see them until now.

I am a bit worried about offering this feature for my users anymore.

Was thinking about installing one of those plugins where you can change mails to globally go out via smtp, seeing that all mails were sent from: From: "" <> but had the Return-Path: <> set so all landed in this inbox.
Do you think changing it to use smtp would help? At least then the return path would be the same as the sending email and I would notice problems way earlier.

Btw. is it normal practice to send out all emails from one email address (the global one?) is this the way this plugin handles it or is something else interfering here?

  • aecnu

    Greetings Ovidiu,

    Thank you for being a WPMU Dev member!

    Yes it is my opinion that using the SMTP out would be a better choice then using php plus it secures the application a little better.

    However, if it were my choice I would be using the e-Newsletter plugin which offers automatic bounce list cleaning, smtp outbound, and a widget for subscribers.

    This should take care of the issues you described and bad email addresses simultaneously.

    Thanks again for being a WPMU Dev member!

    Cheers, Joe :slight_smile:

  • aecnu

    Greetings Ovidiu,

    Wow I do not know how this ticket got past me to include being so aged and it did not show your reply in the back-end of the ticket system that I am aware of - I am sincerely sorry for the delay Ovidiu.

    Can you explain a little bit how the e-newsletter plugin works on multisite?

    I have done the activation using site by site activation and it appears that it carried over the settings from the original setup to the fields of the new site in which I activated the plugin on. This of course is an smtp version of the settings versus the php version. I originally chose smtp to avoid spamming outbound via php. I must admit that I was very surprised to find these fields were pre-populated to include disclosure of the password from the original setup in the main site - not good.

    what user/account are the emails sent out from?

    They are sent out from the account input in the outgoing email settings in which I am using smtp in this test, it appears that these settings can be changed, but also it originally inputs the fields from the main site settings.

    can any blog owner wanting to use this plugin change the sender?

    Yes they can change whom the sender is.

    In conclusion, one must be extremely careful what settings are put in the main site because they are replicated into the sub sites when activated. Therefore the main site account should contain fictitious information.

    In addition related to my previous statement I would completely remove the php option to protect my hosting account. A bad member could spam off the server giving a real big security leak and the hosting account owner taking the hit from the host when in fact they were innocent and the sub site member is the perpetrator in fact.

    Update: In an effort to see if the above information was indeed being transferred to each blog/site I tried activating it on a third site of mine and found that the smtp information was NOT transferred and perhaps on my test site I must have previously configured this plugin. False alarm.Caution is advised.

    Cheers, Joe

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.