redsand
Forum Replies Created
-
Forum: Plugins
In reply to: [MailPoet - Newsletters, Email Marketing, and Automation] email validatorHi @cnesbit,
If you’re getting any spammy signups with WP-SpamShield, it means that something isn’t working…it’s likely you have a conflict, and something is causing it to bypass the plugin altogether. It would never allow that kind of spam.
I would recommend that you check out our Troubleshooting Guide and FAQs. If those don’t help you solve the issue, then you’ll want to submit a support request, and we’ll help you get to the bottom of it. ๐
– Scott
Forum: Plugins
In reply to: [MailPoet - Newsletters, Email Marketing, and Automation] email validatorHi Chris,
thanks for the thorough reply. Iโm glad to know โbotโ submissions are blocked via wp-spamshield. But Iโm still not clear on something: wp-spamshield depends on the use of is_email() correct? I see nowhere in the mailpoet plugin where is_email() is actually used, so wouldnโt that make the addition of wp-spamshield irrelevant?
You’re very welcome. Perhaps I can clarify. ๐ Both bot and human spam submissions are blocked by WP-SpamShield. It protects MailPoet, and all other types of third party form plugins. In our anti-spam process, it adds all the necessary functionality. When it checks MailPoet submissions for spam, it also validates the email address to eliminate definite fake email addresses.
In my research of email verification, Iโve learned (which your explanation confirms, Scott) that some popular mail servers (like aol.com) do not reveal that an email address is valid or not during these MX and โmailbox existsโ checks; while other services (like gmail.com) are very accommodating. As many of my spam emails are coming from gmail (human or otherwise) that would be helpful.
The reality is that no mail servers will ever reliably reveal whether a mailbox exists, so trying to find this out is a futile effort. You can only find out if the domain is real, and if it has MX (mail exchange) records setup (for the server).
The
is_email()function in the WordPress core does a fairly good job of checking for valid email address formatting, but it can be improved. Using theis_emailhook contained within the function allows plugin authors to extend its functionality, which we do in WP-SpamShield. I think you may misunderstand: The plugin also uses theis_email()function in part of of the anti-spam process, so it doesn’t need to be called in any other plugin.There are a number of other ways to make sure that an email address is valid on the front end. (HTML5 for example has basic email format validation built in.)
I hope this info helps. ๐
– Scott
Forum: Plugins
In reply to: [MailPoet - Newsletters, Email Marketing, and Automation] email validatorHi MailPoet and Chris,
MP, Thanks for the recommendation! You are 100% about WP-SpamShield protecting MailPoet forms.
WP-SpamShield Anti-Spam plugin uses other mechanisms to prevent SPAM (https://www.redsandmarketing.com/plugins/wp-spamshield/), so the fact that your email address worked does not mean that it would pass the test if a SPAM bot were to try to subscribe to the form.
This is also 100% correct. The plugin is very smart, and will not block an admin-type-person, so this type of test would not yield any results.
Or is there a way, with mailpoet, to validate that an email address is legit before trying to send even a confirmation to them?
First off, WP-SpamShield will eliminate ALL non-human submissions. That leaves only the human spam. Within the human spam category, these email validation tests come into play.
WP-SpamShield does do email validation to make sure that obvious fake emails cannot be used. It adds a number of enhancements to the WordPress
is_emailhook (which it does use). We have developed the single best email address validation possible. We add additional RFC checks that are not in the WordPress coreis_emailand other specific checks for Yahoo and Gmail addresses to make sure that any addresses with these ESPs (Email Service Provider) conform to their formatting standards. The anti-spam process goes on to also include checks to make sure that the domain in the email address exists and has an MX record setup for that domain.No method is foolproof and we prefer to send a confirmation email that yields the best results.
MailPoet is 100% correct here as well. Beyond the checks listed above, it is not possible to check for 100% email address validity. Even if these checks above are passed, it does not necessarily mean that the email address is valid, but where these tests are valuable, is to get rid of the email addresses that are guaranteed to be fake.
However, that being said, WP-SpamShield has been proven to eliminate 99.99% of all spam, including human spam, so there would not be many validation emails being sent out by your server.
Hope that helps! Feel free to let us know if you have any further questions. ๐
– Scott
Forum: Reviews
In reply to: [WP-SpamShield] Best Spam pluginHi TaNikTa,
Thank you so much for the awesome feedback. That really means a lot. ๐
You are very welcome! We’ll keep working hard to keep spam away from your website. Take care.
– Scott
Forum: Reviews
In reply to: [WP-SpamShield] Easy and powerfulHi @bearcatsandor,
Thank you for sharing your positive feedback and experience with the plugin!
We’ll keep working hard to keep spam away from your website. Take care.
– Scott
Forum: Reviews
In reply to: [WP-SpamShield] Fantastic spam controlHi @coribug,
Thanks so much for taking a minute to share about your experience with the plugin. That’s our goal…that you don’t have to worry about spam. ๐
Have a good one!
– Scott
Forum: Reviews
In reply to: [WP-SpamShield] It’s MagicHi ravZen,
Excellent. That’s our goal…we want everyone to be spamless and happy! ๐
Thanks for sharing your experience. Have a good one!
– Scott
Forum: Plugins
In reply to: [Jetpack VaultPress] Unpatched Security VulnerabilityOutstanding. Thanks for the fast response and for working on the update.
Forum: Reviews
In reply to: [WP-SpamShield] Javascript error appeared…Hi @gck303,
Reviews like this make me sad. This post really should be a support request, not a review.
I am genuinely sorry to hear that you had an issue.
However, I have to ask, why would you post a negative review without even submitting a support request first?
If you are having an issue, then there is most likely something else causing the issue, either in your browser (such as extensions that disable JavaScript or cookies) or in your site. It’s most likely not an issue with the plugin.It is important for all plugin users to read the documentation. Please take a few minutes to work through the Troubleshooting Guide and FAQs, as these solve over 90% of issues users have. (Please be sure to follow all the steps, not just read through them.)
Please take special note of FAQ 9, as it specifically addresses your issue:<br />
“Q: I think a legitimate user or comment may have been blocked. What’s going on here and what do I do?” Read the full FAQ: http://www.redsandmarketing.com/plugins/wp-spamshield/faqs/#faqs_9For the rest of the FAQ, please click here to read it.
From the Troubleshooting Guide:
If this message comes up consistently even after JavaScript and cookies are enabled, then there most likely is an installation problem, site configuration issue, plugin conflict, or JavaScript conflict.
For the rest of the Troubleshooting Guide, please click here to read it.
If the information provided doesn’t solve the issue for you, we can help you fix the issue on your site. We’ll need a bit more info from you on the specifics, and will need to email back and forth, so please head over to the WP-SpamShield Support Form, and take a moment to fill out a support request. That will allow us to help you diagnose this, find out what the real issue is, and get things working right for you.
Please ask yourself this: When developers spend so much time developing free plugins for the WordPress community, is it really ok to post a 1-star review without making any reasonable effort to receive support? That’s simply not the right way to handle things.
If you have an issue with something, submit a support request first, and give the author time to respond. We provide free support for our plugins…all you have to do is submit a support request at the WP-SpamShield Support Page. We provide some of the best support out there.
You might want to take a moment to check out these two posts:
I would ask that you reconsider your rating, as it simply isn’t accurate or fair. Reviews like this simply do not help the global WordPress community.
— Scott
The plugin relies completely on the PHPCompatibility project…
That’s the main problem.
Relying solely on one library is not an intelligent solution.
Any false positives and so forth should be posted as an issue there.
That’s passing the buck, don’t you think? This is your plugin, not theirs.
You make the choices as to what method is used for detection.
Make adaptations.
Add logic on a separate layer on top of the base library.
To make it accurate, you need an algorithm, not a library.
No one said you had to rely on one library.
- This reply was modified 9 years, 3 months ago by redsand.
Thanks for the improvements. I can confirm that as of v 1.4.0, it does delete the results on uninstall. So that’s good.
And, the “Clear results” link is a good addition, although it really should be a bit more prominent…most likely a button.
It still does leave a couple stray options in the DB though:
wpephpcompat.test_versionandwpephpcompat.only_active, so please fix that.Thank you.
Forum: Plugins
In reply to: [Page Links To] Error after update upto 2.9.8+1 for this issue.
Thanks for fixing quickly.
- This reply was modified 9 years, 3 months ago by redsand.
Finally, it happened. Now you guys showed your real goal. You are just smart attackers on some plugin you donโt like to see here on wordpress.org available and successful.
Wow, nothing could be further from the truth. Real goal? Attackers? Wow. We wouldn’t report the issue if we didn’t like your plugin…we just would not use it. We do use it ourselves. We just have had to make some modifications to the code to make it more secure.
Maybe don’t automatically assume someone is attacking you. Maybe listen to the concern, and look into it on your own? Maybe get third party feedback from others.
I’ve never said anything negative about you, and I appreciate the work you’ve put into this plugin.
Anyway, do what you like. Take care.
We don’t consider this issue resolved, so please don’t keep marking it as “Resolved”.
It would be one thing if you had even said that you would research the issue further, or look into it, but instead you’ve simply denied there is any issue.
Look, no one is here to criticize you personally…just to request improvements to insecure code. Insecure code can lead to severe consequences for users.
You’re free to ignore this. Just understand that users may decide not to use your plugin if you choose to ignore best practices.
– Scott
Forum: Reviews
In reply to: [WP-SpamShield] Brilliant!Hi CheopisIV,
Thank for letting us know, and for the great feedback!
Hearing real-life examples like this is very satisfying. This is exactly why we designed this plugin. ๐
Have a great weekend!
– Scott