Security is always first at Tendenci - The Open Source AMS

Allowing email forms to auto-reply to the "submitter's email is a great way (for example) for your domain reputation to be hurt by malicious spammers. How? Easy. 

Spammers use this for two purposes.
  1. They spam you in the hopes you click a link.
  2. They submit under fake emails and if the "send submitter a reply" checkbox in forms is checked, it sends from YOUR domain under YOUR email links to a long list of sites.  
Email desktop software clients, Gmail, outlook, all, will convert links to links. For example: If I make my last name https://www.example.org then when someone receives the reply, it will give them a nice fake link to click and infect their computer.
 
As always, the best security is based on two things:
  1. Common sense. Think before you do.
  2. Think to yourself "How would you hack that information?"
 
Example: Never "playback" data the user submitted. By that, we mean having a reply that includes ANY CONTENT OF ANY KIND from the submitted form. I could submit a form under the email Joe @ gmail com and make my last name "www example com" and Joe would get an acknowledgment email with a link to his example . com. See how easy that is?
 
Solution: DO NOT SET UP AUTO-REPLY ON A FORM.
Of course, there are exceptions. You can change the email text to say "thanks for your submission" and nothing further. Or you might be using Tendenci behind a firewall. Or the form might be restricted to logged-in and verified users. Those are exceptions and they are valid. Seek balance, just don't feed the s p a m m e r s. 
 
 

Check out this help-file and explore FOSS alternative Forum Software for your Tendenci website and let us help you take your Tendenci Forums to the next level!  

 

 

Did this answer your question? If not, please contact our support team for more information.

Contact us to upgrade to Tendenci

The open source solution chosen by associations around the world.

Want to talk? (281) 497-6567

Sign up for Tendenci - The Open Source AMS

No per user pricing. Unlimited admins.

Demo Now

Have Questions?

Contact us!

Site Search



I agree

Our site saves small pieces of text information (cookies) on your device in order to deliver better experience and for statistical purposes. You can disable the usage of cookies by changing the settings of your browser. By browsing our website without changing the browser settings you grant us permission to store that information on your device. See our Privacy Policy