Just one autoresponder mail per mail address

  • Hello there,

    we all know the way to use “Mail (2)” to generate an autoresponder mail whenever someone uses a CF7 form and enters his mail address.

    But this could be abused to spam mail someone. If someone sends 1000 forms or even more and enters the mail address of his worst enemy then our website would mail bomb this mail address with 1000 autoresponder mails.

    How can we prevent this? Is there a possibility to send just one autoresponder mail per mail address and 24h or sth. like this? Has anyone thought about this problem so far? We find tons of “Use Mail (2) to generate an autoresponder” tutorials in the web but no one seems to think about the abuse potential of this.

    Thanks for any help in advance and many greetings,

    -doffine

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Takayuki Miyoshi

    (@takayukister)

    Right. Settings to send email to arbitrary address based on user input always have risks of this type abuse. By using spam protection modules, you will be able to mitigate the risk.

    Thread Starter doffine

    (@doffine)

    Hi @takayukister,

    thank you very much for coming back to us. We do use spam protection modules for at least to block standard spam bots. This works quite well. But as you say this only mitigates the risk. There might be a more sophisticated spam bot or even a real human that manages to abuse the form.

    So wouldn’t it be an idea for a new CF7 feature to add a check box “Send this responder only once in 24h to an individual email address”? Or do you even know CF7 addons already doing something like this?

    Thanks again for your time and great work. We rely on CF7 with over 250 installations for years now. Thank you!

    Greetings,

    -doffine

    Plugin Author Takayuki Miyoshi

    (@takayukister)

    Why don’t you create it as your own custom spam filter?

    Thread Starter doffine

    (@doffine)

    Hi @takayukister,

    to do so we would have to self-implement (and maintain) some database storage functions for entered email addresses to determine if a mail address has already been used in the last 24h. This would go beyond what we can do here. We would have hoped that for a plugin with 5+ Mio. installations there were others that already thought about this risk of abuse and there might be a solution “out of the box”.

    Many greetings and thanks again for all your work,

    -doffine

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Just one autoresponder mail per mail address’ is closed to new replies.