Lately, some may have noticed unusual activity on their Magento store. Every day it sends new account spam from registration form and fake user accounts are created in your store just to send spam mails to random email addresses,
mostly in qq.com, mail.ru, inbox.ru, list.ru or bk.ru domains. Such mails have very long Subject and To fields having all SPAM content stored there, as Magento will reply with same To and Subject lines.
The requests usually come to /customer/account/createpost or to /customer/account/login URLs.
It means the registration form is unprotected from automatic submission.
And may result in bad reputation for your mail domain (all transactional mail will be marked as SPAM) or your hoster can simply block outgoing SMTP traffic for your account due to complaints.
Registration form can be protected in a matter of minutes with a few new fields and limits imposed on First Name, Last name and Subject attributes.
Request our implementation to secure your forms, the process is usually as follows:
- you submit request form providing URL of your store and initiate payment
- our ticket system will reply with request on additional information, use it to provide details about any custom forms or customizations. Here you can also attach sample mails send or failed and access details
- we will implement the changes (no any downtime expected) and complete a few test submissions to ensure the form is working correctly
- you verify the details and notify us in case of any issues pending.