If you’re finding that your Magento 1 website is sending spam email you’re not alone! We’ve seen an increase in enquiries from merchants looking to fix this issue. The first a store owner is made aware of this is when their email service bans them from over-sending.
So how are the spam emails being sent from Magento?
We’ve identified at least 2 areas of Magento which is being used by the Chinese spammers, these are the ‘Share your wishlist’ and ‘Send to a friend’ features.
After creating an account on your web store and adding a product to cart. The bots have free reign to send this product to ‘friends’ i.e any email they would like to. Including a Spammy message alone with the product share. Also the wishlist can be shared with a message to any emails.
We’ve identified some stores that have sent over 12000 spam emails in a single day!
Stop Send to a friend spam
Luckily this is an easy fix, just edit your local.xml file and add the section below. Then clear your site cache.
...existing config file...
Don’t forget to remove the ‘Share this product’ button from the product page or you’ll annoy your customers!
Stop Wishlist spam
Wishlist is a little harder, unless you’re willing to just turn this functionality off completely.
Luckily there is an extension available for free which fixes both of these issues.