Magento – Magento 2 Newsletter fake subscriptions

magento2newsletterSecurity

Easily with any email you can subscribe to Magento 2 newsletter.

The only available control is to send confirmation email to provided address.

If provided email address is not valid Magento confirmation email will bounce back.

The issue is:

If you are using email provider like mandrill or sendgrid they are charging per outgoing email, so you are losing money because of this SPAM newsletter subscribers, any solution?

Best Answer

In my opinion it's not possible. At most you can try to check if the domain in question have MX record and try to connect to its mail server. Even that won't guarantee it is in working condition though.

You absolutely can't check if a particular e-mail exists on it in some standartized way as there are many approaches to masquerade and aliasing that many server employ. Servers can and will report in SMTP exchange non-existent addresses as valid for many reasons in both VRFY and MAIL/RCPT. The only definite answer you can get is that e-mail is invalid if it is rejected by MAIL/RCPT, but being accepted is not definite proof of it being valid, as it can be rejected down the line of e-mail processing. Abusing MAIL/RCPT without actually sending anything can also lead to you being blocked.

If you want to verify user-supplied e-mail, your best bet is to send confirmation letter there.

You also should review if you really need confirmed working e-mail at all.

1. Add form key in newsletter form

First,you need to add form_key in newsletter form for preventing against Cross Site Request and validated at form_key at post controller .Form Key Value in template and controller

2. Add Captcha to newsletter

Add captcha to newsletter form Add Captcha to subscribe.phml

Magento – Magento 2 How to disable newsletter subscription success email

Magento doesn’t have default functionality to stop sending newsletter emails.

Below I show an example of how to disable newsletter subscription emails.

Create a custom module and add di.xml

Override Subscriber.php

app/code/Vendor/Module/etc/di.xml

<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
    <type name="Magento\Newsletter\Model\Subscriber">
        <plugin name="myplugin" type="Vendor\Module\Newsletter\Model\Subscriber" sortOrder="1" disabled="false"/>
    </type>
</config>

Now create Subscriber.php

app/code/Vendor/Module/Newsletter\Model\Subscriber.php

<?php

namespace Vendor\Module\Newsletter\Model;

use Magento\Newsletter\Model\Subscriber as SubscriberModel;

class Subscriber
{
    /**
     * @param SubscriberModel $oSubject
     * @param callable $proceed
     */
    public function aroundSendConfirmationRequestEmail(SubscriberModel $oSubject, callable $proceed) {}

    /**
     * @param SubscriberModel $oSubject
     * @param callable $proceed
     */
    public function aroundSendConfirmationSuccessEmail(SubscriberModel $oSubject, callable $proceed) {}

    /**
     * @param SubscriberModel $oSubject
     * @param callable $proceed
     */
    public function aroundSendUnsubscriptionEmail(SubscriberModel $oSubject, callable $proceed) {}
}

Now run following commands

php bin/magento setup:di:compile
php bin/magento cache:clean

Best Answer

Related Solutions

Magento – Getting many Fake Customers and Newsletter Subscribers

1. Add form key in newsletter form

2. Add Captcha to newsletter

Magento – Magento 2 How to disable newsletter subscription success email

Related Topic