: Could we get blacklisted somewhere when our "register" form is abused? I am on the board of a small sports club. None of us is a professional web master or administrator. A hobbyist club member

@Nimeshi995

Any website, or any server that sends a huge volume of emails runs the risk of their IP or domain being added to email blacklists. Also, similar, or exact emails are higher on the risk factor, especially when it comes to 'MASS' public email addresses such as:

@yahoo .com @gmail .com @hotmail .com @aol .com


You can find out if your server IP or domain has been added to the email blacklists but it should also be noted that it is believed that email providers will often use a range of features to determine if the sender is spam, for example Google is believed to run their own spam algorithm and use their own internal database, its impossible to check this other than sending emails to their service and monitoring the results.

Your biggest concern right now should be to address automated signup spam. I wrote an article eons ago about WordPress having similar issues and you should be able to use the same information for your forum, or least some parts of it, I recommend:


SOURCE

Captcha Service

One of the easiest ways to prevent spam is to use a Captcha service;
sadly they aren’t bot proof as there are many online services that
will crack the code for as low as 0.01USD each. But, it does stop the
majority, only the best spammers will get through.

I highly recommend Google reCAPTCHA and there is even a WordPress
reCAPTCHA plugin which should make installing this service easier.

Bait for Spammers

A more advanced method to block spammers within WordPress is to setup
bait for spammers, AKA honeypots. This involves setting up a form that
only spammers will see and any attempt to fill in that form will
result in a comment post rejection. This sounds complex but thanks to
WP Spam Fighter this method is made easy.


To extend onto that even further to prevent this recurring you should research into the following:


Captcha Service (some work better than others)
Form Honey Pots
Footprint Removal (Content Management System footprints removal of powered by ppBB etc)
Request restrictions (denied users who request registration page too fast, too often using something like fail2ban)
There's many more methods that you can find on Google.

Vote Up Vote Down

@Angela700

In regard to your automated emails failing, these spammer email addresses used for the fake registrations often bounce because they either don't exist or quickly become full, or are flagged as spammer addresses - for this reason your server will have a high rate of bounced emails. This will affect the mail reputation of your server and will in turn degrade the deliverability of emails from your server. So yes, this is cause for concern.

If you are getting bombarded with email spam it is very likely that you do not have any email submission protection on your site.

The first and most important thing to do is to add something which ensures that bots cannot submit fake registrations. The most common solution available, but not the only one, is Google Recaptcha.

Depending on what technology is driving your website, you may already have inbuilt options for this. If not, there are extensions for all major Content Management System platforms (such as Wordpress, Joomla, Drupal etc.) that you can easily add, or if it is a pure HTML site you can copy the code from Google's Recaptcha site and install it directly on your contact/registration pages.

After solving this issue I would also recommend that you ask your webmaster to look into using an external mail delivery service (STMP) such as sendgrid.com which will ensure a high delivery rate for your outgoing server emails (they will require that you keep a good mail reputation though). Different methods are necessary for setting up your site or server to delivery mail through an external SMTP service so it is beyond the scope of this answer to address that here.

Vote Up Vote Down