provider detects spam with mass mails by my elgg-site

hello from germany :-)
today i get the message of the internet hoster of my elgg-site, that he blocked an elgg-script because it sends mass mails with engine/handlers/action_handler.php
the provider says, that the mail-header was hacked und gives some hints to solve the problem (see at the end of this mail, sry, in german)
has anyone the same problems?
i use elgg $version = 2011123101; $release = '1.8.3';
have a nice sunday
yours manfred

  • upgrade to 1.8.8 - nothing specific to email sending that I'm aware of, but there were a number of security fixes between .3 and .8

    Also are you sure it's a case of hacked email, or is your host just not happy with the volume of email going out?

  • no, i think the provider has no problem with the amount of emails
    thanks @matt for your suggestion, i do so :-)

  • I don't think that there's actually spam being sent but only the content of most of the messages are quite similar (for example registration confirmation emails) and therefore falsely identified as spam. Has the provider given you any example of an email that's supposed to be spam? I don't see the "see at the end of this mail" part you mentioned that might refer to the changed mail-header.

    It has happened to me twice that some email providers blocked emails from my domain because they thought it was spam. It helped to enable SPF (Sender Policy Framework) in CPanel to increase the credibility of the emails. Also, a correct entry for my domain for reverse dns queries helped - though this could only be done by the webhoster. Ever since these changes I had no issues with blocked emails anymore - at least I haven't noticed any.

  • server flags message as spam when your mails are sent at a ratio 100-200 emails/5 mins. if you reduce that it will not considered as mass mailing/spam.

    Better to use cron triggered sending means 10 email/5min so that in one hr it will be 120 emails/hr this will reduce the server load.

     

     

  • You may want to install recaptcha or some text_captcha. In case your website is attacked by spammers, registration emails are being treated as spam. I had similar problem on one of our test sites, installing recaptcha solved it.

  • i noticed all your good suggestions 
    thanks a lot for your reply :-)
    i think my provider detects the registrationmails as spam, what they are ;-))
    i have no captcha installed . . . but i will do instant
    anyway, the website was a flop at least, so i will not invest any time in that problem
    i work on a new projekt which will start in spring 2013
    if my provider, will detect spam again, i check it out
    and will give you a feedback