If you’re finding that your Magento 1 website is sending spam email you’re not alone! We’ve seen an increase in enquiries from merchants looking to fix this issue. The first a store owner is made aware of this is when their email service bans them from over-sending.
So how are the spam emails being sent from Magento?
We’ve identified at least 2 areas of Magento which is being used by the Chinese spammers, these are the ‘Share your wishlist’ and ‘Send to a friend’ features.
After creating an account on your web store and adding a product to cart. The bots have free reign to send this product to ‘friends’ i.e any email they would like to. Including a Spammy message alone with the product share. Also the wishlist can be shared with a message to any emails.
We’ve identified some stores that have sent over 12000 spam emails in a single day!
Solutions
Stop Send to a friend spam
Luckily this is an easy fix, just edit your local.xml file and add the section below. Then clear your site cache.
app/etc/local.xml
1 2 3 4 5 6 7 8 9 10 11 12 |
...existing config file... <default> <sendfriend> <email> <enabled>0</enabled> </email> </sendfriend> </default> </config> |
Don’t forget to remove the ‘Share this product’ button from the product page or you’ll annoy your customers!
Stop Wishlist spam
Wishlist is a little harder, unless you’re willing to just turn this functionality off completely.
Luckily there is an extension available for free which fixes both of these issues.
https://github.com/vnahalpara/magento-Wishlist-Share-Spam-Protector