Jump to content

[HTML/JS/PHP] Wordpress contact form sending emails to spam

Energycore

Hey everyone!

 

Today I'm tapping into the wisdom of you web developers out there.

 

Basically, I installed a plugin for easy contact forms and personalized it.

 

image.thumb.png.c1bd6483c061289f3bb08d4ac6dbb0c0.png

 

I know the style looks terrible, don't worry about it xD

 

The problem I have is when I submit, I can set the email to send to in the configuration page, but it's sending to spam. Here's the configuration and an example.

 

image.thumb.png.e8cad8ae2305b1cffbf7d4ad43fa19fe.png

 

image.thumb.png.243859b276587dbda376ad99b9223dc0.png

 

The plugin I'm using is this one

https://contactform7.com/

 

Any ideas why this might be the case?

We have a NEW and GLORIOUSER-ER-ER PSU Tier List Now. (dammit @LukeSavenije stop coming up with new ones)

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)

Chillinmachine: Noctua NH-C14S
Framepainting-inator: EVGA GTX 1080 Ti SC2 Hybrid

Attachcorethingy: Gigabyte H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333

Computerarmor: Silverstone RL06 "Lookalike"

Rememberdoogle: 1TB HDD + 120GB TR150 + 240 SSD Plus + 1TB MX500

AdditionalPylons: Phanteks AMP! 550W (based on Seasonic GX-550)

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: Razer Viper Mini + Huion H430P drawing Tablet

Auralnterface: Sennheiser HD 6xx

Liquidrectangles: LG 27UK850-W 4K HDR

 

Link to comment
Share on other sites

Link to post
Share on other sites

41 minutes ago, Energycore said:

Any ideas why this might be the case?

You could try checking the headers of the email. Tools that detect spam usually add headers that tell you why an email was classified as spam (e.g. X-Spamd-Result header)

 

Are you using a well known mail server to send your emails or is this your own? Might also influence how likely it is for your emails to be flagged as spam.

Remember to either quote or @mention others, so they are notified of your reply

Link to comment
Share on other sites

Link to post
Share on other sites

5 hours ago, Eigenvektor said:

Are you using a well known mail server to send your emails or is this your own?

So this is where things get a little weird.

 

Technically, the contact form lets you put anything as the "From" email address, which means that I need to figure out what email address to use for the contact form.

 

Do I need to create an email account for the contact form maybe?

 

There's an IT company hosting the website and they're handling their own mail servers using Plesk. However, there's a good chance that since I installed Wordpress on the website's blog address, the form button is using Wordpress' mail servers.

We have a NEW and GLORIOUSER-ER-ER PSU Tier List Now. (dammit @LukeSavenije stop coming up with new ones)

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)

Chillinmachine: Noctua NH-C14S
Framepainting-inator: EVGA GTX 1080 Ti SC2 Hybrid

Attachcorethingy: Gigabyte H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333

Computerarmor: Silverstone RL06 "Lookalike"

Rememberdoogle: 1TB HDD + 120GB TR150 + 240 SSD Plus + 1TB MX500

AdditionalPylons: Phanteks AMP! 550W (based on Seasonic GX-550)

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: Razer Viper Mini + Huion H430P drawing Tablet

Auralnterface: Sennheiser HD 6xx

Liquidrectangles: LG 27UK850-W 4K HDR

 

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, Energycore said:

There's an IT company hosting the website and they're handling their own mail servers using Plesk. However, there's a good chance that since I installed Wordpress on the website's blog address, the form button is using Wordpress' mail servers.

That seems unlikely. No properly configured mail server these days will forward your emails (relay) unless you have an account and you're authenticated. Otherwise the mail server acts as an open relay which is a spammer's wet dream. I doubt the Wordpress server acts as an open relay.

 

In fact, many also no longer allow you to use whatever you want in the from field. To send an email from the @example.com domain, you first need to prove that you're the owner of that domain. Otherwise you can only send from the address you're signed in as.

 

However, every mail server will accept incoming email to itself on port 25, since this is what is used for mail server to mail server communication and servers aren't typically authenticated to one another(1). So it's possible the contact form simply connects to whatever mail server you specify as "to" and communicates with it directly.

 

This has some problems: You're coming from an IP that is not known, it may not use a proper host name in the "HELO" or "EHLO" (IP and host name don't match) and you're sending "from" a domain that isn't your own. All of these increase the likelihood of being detected as spam. So yeah, if it is possible to configure the plugin to use an account that would definitely be something to do.

 

~edit: (1) Mail servers these days can use SPF, DKIM and/or DMARC to sign emails and the receiving mail server can use this information to verify whether the IP/domain the mail is coming from is allowed to send in the name of @example.com. It is not mandatory to use such a header, but increases the likelihood of being seen as ham rather than spam.

Remember to either quote or @mention others, so they are notified of your reply

Link to comment
Share on other sites

Link to post
Share on other sites

6 minutes ago, Eigenvektor said:

Otherwise the mail server acts as an open relay which is a spammer's wet dream. I doubt the Wordpress server acts as an open relay.

You're right. I figured out that the message did have a user that's authenticated (just not one I was previously aware of), and the field in the form's configuration was to change the From field despite that.

11 minutes ago, Eigenvektor said:

However, every mail server will accept incoming email to itself on port 25, since this is what is used for mail server to mail server communication and servers aren't typically authenticated to one another. So it's possible the contact form simply connects to whatever mail server you specify as "to" and communicates with it directly.

This is very interesting. I think this info from the isnotspam.com report might help.

Spoiler

image.png.e61721f98d22bd4d2c5b1e9f8c70dff2.png

 

You can see the report here http://www.isnotspam.com/newlatestreport.php?email=ins-uvxa1anb%40isnotspam.com

 

(I'll delete the report after a couple weeks for security reasons)

18 minutes ago, Eigenvektor said:

This has some problems: You're coming from an IP that is not known, it may not use a proper host name in the "HELO" or "EHLO" (IP and host name don't match) and you're sending "from" a domain that isn't your own. All of these increase the likelihood of being detected as spam. So yeah, if it is possible to configure the plugin to use an account that would definitely be something to do.

I'll look into that! I'm actually in contact with the plugin's dev so hopefully he'll give me support also.

 

I'll update this when I get new info!

We have a NEW and GLORIOUSER-ER-ER PSU Tier List Now. (dammit @LukeSavenije stop coming up with new ones)

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)

Chillinmachine: Noctua NH-C14S
Framepainting-inator: EVGA GTX 1080 Ti SC2 Hybrid

Attachcorethingy: Gigabyte H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333

Computerarmor: Silverstone RL06 "Lookalike"

Rememberdoogle: 1TB HDD + 120GB TR150 + 240 SSD Plus + 1TB MX500

AdditionalPylons: Phanteks AMP! 550W (based on Seasonic GX-550)

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: Razer Viper Mini + Huion H430P drawing Tablet

Auralnterface: Sennheiser HD 6xx

Liquidrectangles: LG 27UK850-W 4K HDR

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×