Spam Comment Blocked Count

My pleasure ??

Scott – I finally just had one spam mail make it through to me. This is the first one that wasn’t blocked since I installed your plugin. Would you want me to send it to you in some form so that you can study it?

Sorry, my bad. The spam mail I received is from another site of mine, which doesn’t even allow for comments. So it doesn’t have your plugin even installed.

I am not sure how this would have even gotten submitted to me at all? It says it is a trackback on a post which is waiting my approval and it is some spam going on about cheap Jordan shoes whatever that is.

Trackbacks and pingbacks usually get submitted directly to your WordPress blog (it doesn’t go through the comment form) from other websites when they link to you. Spammers use trackbacks as another channel to spam your site. Yeah, shoes, sunglasses, handbags are all common spam topics. You can go into your WordPress settings on the Discussion sub-page and look for “Allow link notifications from other blogs (pingbacks and trackbacks)” and uncheck it, and save. That will disable trackbacks and pingbacks. Especially if you don’t have commenting on that site there is no point to have trackbacks enabled. Otherwise, WP-SpamShield protects from trackback spam as well. ??

Hope that helps!

Hi Scott – I hope you are well. It just occurred to me that I have a captcha on my contact form page as well. Can I just remove that captcha too, meaning does the plugin also inspect emails that are sent through a contact page on a word press site so that I don’t need to bother people to fill in a captcha if they want to make contact through the site? Cheers.. Marc

Hey Marc,

Thanks! I hope you’re doing well too. If you’re using the contact form from the plugin, you can remove the CAPTCHA. (If you’re using a contact form from another plugin, then this plugin can’t do anything to help stop spam on it since they aren’t integrated.) One of my goals with WP-SpamShield is to create a friendlier, CAPTCHA-free experience for users. All of the elements that the plugin protects (comments, contact forms, and registrations) all block spam without CAPTCHAS.

Hope that helps!

– Scott

I am doing well, thanks. And many thanks for that Scott. I got it all sorted out now. I switched to your contact form. Thank you for your help as always. Marc

Glad to hear. You’re very welcome. ??

By the way Scott, perhaps you could add a function which allows the user to set the subject header for inquiries that come in through the contact form?

First of all the “From” says “Contact Form”. Maybe it could show the name of the web site instead?

And the subject shows [Website Contact]. That is the part that would be good to be able to set on an individual basis. I might change that to something like “Website Inquiry From yourwebsitehere” or something else because when I received an inquiry today through my web site I was a bit confused at first by the subject header what the contact was regarding.

Thanks for the suggestion. I don’t have any plans to add that feature at this time. (It does say what website it’s coming from in the body of the email.) I fully realize the contact form is very basic, and doesn’t have all the features that other contact form plugins may have, and have been very upfront about that in the plugin documentation from from the beginning. Unfortunately I have to spend most of my free time used on the plugin focused on fighting spam. There are other more configurable contact form plugins if you need a higher level of customization. (I highly recommend Contact Form 7.)

Thank you for the suggestion on Contact Form 7. I have used that one in the past, but prior to changing to yours I was using Fast Secure Contact Form, which had some advantages over Contact Form 7, but I forgot what they were now. I think perhaps it was they had a nice captcha plug-in that was able to be utilized with it or something. Anyway, as we know, I don’t need captchas anymore ??

By the way, one thing I think you could fix on the contact form is that when you get an inquiry and you hit reply it wants to reply to [email protected] – This isn’t good. Most contact forms will populate it with the email address of the person who is making the inquiry. As it is now you have to copy and paste and replace the recipient email address.

You’re welcome. ??

Regarding the issue you mentioned on the contact form, that’s actually a feature, not a problem. Wait, what! ?? It may sound strange but I’ll explain. (Please see the Changelog and the note on Version 1.4.3 for more details.)

Earlier this year Yahoo updated it’s DMARC Policy. This policy effectively restricts all Yahoo users from using most website contact forms. How it played out was that users with Yahoo email addresses would fill out a contact form, and it would appear to never arrive. In short, it was being deleted by the receiving server because they were following the Yahoo DMARC rules…thus never getting to the intended recipient. Contact form submissions from Yahoo users simply disappeared.

Up until Version 1.4.3 (including all previous versions of the plugin and its predecessor dating back to 2007), things worked as you mentioned.

Before version 1.4.3, I noticed that contact form submissions from yahoo.com email addresses were not getting sent. After tracking this and doing a bit of testing, I was able to narrow it down to this: emails getting sent through the PHP mail() function from users @yahoo.com were not making it through. This wasn’t limited to one plugin or script, it was universal (at least in my tests). After doing research and consulting some other experts, I got to the bottom of it.

In version 1.4.3, I modified how the plugin handles the email address of the contact form submitter. The contact form emails will now come from an email address that looks like wpspamshield [dot] noreply [at] yourdomain [dot] com, similar to how WordPress sends out emails to admins. This should also avoid any spam problems with properly configured SPF records on your domain. (Properly set up SPF records should allow the IP Address of your website as an valid sender.) The email address of the person submitting the contact form will now only be included in the body of the contact form email (which it always was) instead of being in the “From” field too.

After consulting some other experts, it was agreed that while not ideal, this was the best solution. Submissions from Yahoo users are now getting through just fine, and WP-SpamShield may be the only contact form plugin where they are getting through. (I let some other plugin authors know about the issue, so we may see more using this method over time.) On all other contact forms that work the way you suggest (and the way WP-SpamShield and its predecessor used to work), submissions from Yahoo users are not getting through. So unfortunately, I can’t go back to that method.

So you can see, everything I do with the plugin is the result of a lot of thought, research and testing. ??

Since we’ve wandered pretty far from the original issue that this thread was originally about (and it’s been long solved), let’s close this thread down. I don’t think you have my email yet, but feel free to use the contact form on our site, and I will email you back personally. Feel free to drop me a line there if you’ve got more ideas or questions. Have a good one. ??