How Your Unsecure Webform Could Impact Email Performance

Posted by Julia Babahina 

A webform is an area on a website where users can submit information, and either they or others receive an email reply from the company who owns that website. Common webforms include:

  • Forward-to-a-friend
  • Surveys
  • Order & payment forms
  • Invitations & RSVP’s
  • Registration and contact forms

Between January and April 2017, 64 percent of detected compromises among Return Path Certified clients resulted from webform abuse. Spammers entered content and links into the webform’s custom text box then sent those spam messages to numerous email addresses.

If you have received a malicious email that was generated via a webform, it can be tricky to determine its legitimacy. First of all, this mail comes from the company’s infrastructure so the originating IP address will belong to the company. Also, spammers can be very crafty and include subject lines that are similar or even identical to what a company would use. However, major red flags include suspicious URLs/URL shorteners, along with content that is not associated with the company and includes structural and grammatical errors.

How does webform abuse impact email reputation and deliverability?
Return Path’s Certification team routinely witnesses how webform compromises affect senders’ performance and overall deliverability. For starters, webform spammers often send to random email addresses they purchase or harvest online. The random nature of their email acquisition – coupled with the spam webform message coming from your IP – increases the chances of your IP address hitting spam traps.

Complaint rates and blacklisting can also impact your reputation and deliverability. If a webform spam message is delivered to a legitimate email address, it’s likely the recipient will complain. This increases your complaint rate at mailbox providers and hurts your reputation. It is also probable that your IP will be placed on industry blacklists, which mailbox providers use to determine reputation and set filtering rules.

How does Certification detect webform abuse and remediate the issue?
Return Path’s Compliance team is here to help. We immediately contact our clients once we detect a webform compromise. Like I have explained in my previous blog post on Certification Security, we work alongside the client to minimize impact and reduce performance recovery time and associated costs. We analyze spam messages, identify the compromise/cause and develop an action plan to remediate abuse.

Naturally, our recommendations to fix webform compromises vary by case. However, below are some basic precautions you can take to secure your webforms:

  • CAPTCHA and reCAPTCHA: Require users to prove they are human before submitting a webform, thereby preventing bots from abusing the form.
  • Outbound filtering: Block abusive traffic by scanning or filtering outbound email traffic as it exits a network.
  • IP filtering: Check your monitoring tools to see if the majority of the abuse is coming from certain IPs and block them.
  • Message & Recipient limits: Limit the number of messages a user can send or restrict the number of email addresses a user can message.
  • URL restrictions: Either remove the ability to include URLs within messages or review emails with an URL that isn’t secure (HTTPS). Have a policy in place that would flag shortened URLs, that are used to redirect to the original web pages.
  • New account verification: Verify content being sent by free or new accounts (for example less than 12 hours old) trying to send the maximum or close to the maximum number of emails (200).

Remember, any unsecured webform is vulnerable to spammers. However, Return Path’s Certification customers see reduced impact to their programs because our Compliance team monitors and resolves issues much faster than senders who are not certified.

For more information about the Return Path Certification program, please visit the Certification page on our website.

Author Image

About Julia Babahina

As a Compliance and Security Analyst for Return Path, Julia is responsible for the quality and security of the Certification Program. She is passionate about finding data-driven solutions for preventing and detecting clients' security breaches and spreading her knowledge about best sending and security practices. Julia holds a MSc in International Public Policy and is CompTIA Security+ Certified. In her spare time, she enjoys running and is a keen traveler.

Author Archive