Home » Blog » Dev notes » Spam emails and Captcha in Magento

Spam emails and Captcha in Magento


Spam in the inbox. Bots.

Our client recently had a sudden email attack sent from a store built in Magento 1.9 technology. The number of approximately 5 mails per minute caused a lot of confusion in his shop, so he needed an urgent response from our side. He didn’t use the Captcha in Magento store.

Bots built in various corners of the world attack all websites that contain forms for sending emails. For what they do this, it remains a mystery to me, but let’s leave this philosophical aspect of programmers activity, and let’s focus on ways to solve the problem.

Forms in Magento

Magento 1 has no built-in control of shipments from forms. When I write a “form”, I mean all those places where the user can enter an email address to get something for it. This way, you can subscribe to the newsletter, can make purchases and give your contact details, or maybe just send your own inquiry to the store.

The talented programmer

Imagine that in a small village on the northern edge of the globe, some capable programmer writes a program that will automatically enter such forms and use them to send emails with content that persuades to vote for Donald Trump (this is my personal statement). Recipient of e-mails, which in our case is a contact cell in a large online store, does not feel like exploring the political situation in the US or anywhere else. The shop wants to sell the products, and a massively littered box makes it very difficult. Then what?

Captcha and reCaptcha?

The most popular and effective solution to protect the mailbox from mass mailing remains the Captcha. It has many forms, the most annoying for me is to recognize road signs or storefronts in the photo. Fortunately, invisible Captcha modules are becoming more and more popular. In those modules you can see the square sign just at the moment you submit the form. You don’t have to recognize anything anymore 🙂 The module itself recognized whether the message is sent by a robot or a legitimate user. Were there any doubts – the Captcha will return questions about road signs, because these – for now – can only be recognized by a human 🙂

AI captcha Google cars
Source: https://xkcd.com/1897/

(By the way: Did you know, that these photos and work of millions of people searching for specific landscape elements supports the program of automatic cars? By clicking on the photo “we teach” cars – including those designed and tested by Google – the proper recognition between, for example, pedestrian crossings from other horizontal signs. In this way, a robot chases a robot… Protecting ourselves against spam sent by a robot built in the northern end of the world, we teach other robots how to safely drive a car. Those Captchta tools are called reCaptchta, as they are used to digitalise the real world.).

Looking for the reason of spam sending

As I mentioned, our client had a problem with the mass of e-mails, but … The forms in this customer’s store were secured! CAPTCHA worked properly, and this gave us food for thought. The client’s mailbox grew several hundred e-mails every hour, and for a few moments we did not know how did it happen, that they were sent…

Since you’ve looked at the Pandagroup blog dedicated to Magento issues, you’re probably a committed Magento user. If so, you probably use Mandrill and Mailchimp. Our Mandrill screen showed a long series of such rows:

Captcha in Magento


What can be seen from this? That a robot of a talented programmer from the northern edge of the globe entered the page with the wishlist repeatedly and shared it every 8 seconds.Captcha Magento Wishlist
Captcha modules does not include the wishlist by default. Therefore, we had to enter the magento admin and insert a new rule:

Magento → System → Configuration → Google Invisible Captcha → Advanced Settings

The plug-in worked immediately, and the sudden soft murmur on the inbox was a marvelous silence from the scream of a crazy programmer from the northern edge of the globe.


We recommend using Captcha in Magento to control the sent correspondence and monitor user involvement by the Mandrill and Mailchimp modules. These are useful tools, and in the event of an attack – necessary for the store to function properly.

Far northern part of the globe

We have nothing against the far-north programmers, directly opposite: we like them! We wrote the post including such an anonymous person, to remind ourselves that the internet world is really a global village…

+1 (3 votes, average: 1.67 out of 1)

Leave a Reply

Your email address will not be published. Required fields are marked *