Shopping Cart Operations > Support

Password reset emails trigger base64 encoding and being blocked on email gateway

(1/2) > >>

Rdw:
Hello

I'm having issues with the password reset option and all the reset emails are being blocked on the email gateway and the hosting provider has advised that it is due to a base 64 creating a high SPAM score rule being triggered.

From our hosting provider
This is likely because unfortunately password reset type emails are very popular with spammers / phishing attempts nowadays.
Here are the issues which the spam filtering gateway found with those emails:

    Rule breakdown below
     pts rule name              description
    ---- ---------------------- --------------------------------------------------
    0.14 MISSING_MID            Missing Message-Id: header
    0.01 FROM_EXCESS_BASE64     From: base64 encoded unnecessarily
    1.05 FROM_EXCESS_BASE64_2   From: base64 encoded unnecessarily
    1.20 BSF_SC3_MV0891         Custom rule MV0891

The From: base64 messages are being generated because the software is doing something odd with the 'from' email addresses:
From: =?UTF-8?B?QWJpbmdkb24gRmVuY2luZyBDbHVi?=info@DOMAIN NAME REMOVED.org.uk
The 'Custom rule MV0891' entry will be because of the issue I mentioned above where these look like potential phishing messages.
Are there options you can tweak which could disable this behaviour with the From: address by any chance?

How can we remove the encoding that is triggering the "From: base64 encoded

I have configured using SMTP setting and all other emails are working as expected

below is an extract from the bounce back message

Subject: =?UTF-8?B?QWJpbmdkb24gRmVuY2luZyBDbHViIC0gUGFzc3dvcmQgcmVzZXQ=?=
Date: Thu, 06 Jan 2022 00:33:50 +0000
From: =?UTF-8?B?QWJpbmdkb24gRmVuY2luZyBDbHVi?=<info@DOMAIN NAME REMOVED.org.uk>
Reply-To: =?UTF-8?B?QWJpbmdkb24gRmVuY2luZyBDbHVi?=<info@DOMAIN NAME REMOVED.org.uk>
X-Mailer: PHP/7.4.27
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----=_NextPart_c603966fff8af298a85ea4e0f39f92c5"

I have tried editing the content of the email to remove PASSWORD but this makes no difference.

Currently using version1.3.1





Basara:
Hello.
Try to upgrade to 1.3.2

abolabo:

--- Quote from: Rdw on January 07, 2022, 07:42:14 PM ---
Currently using version1.3.1

--- End quote ---

please try to replace file core/lib/mail.php with file from 1.3.2 version

Rdw:
I've upgraded to the latest version 1.3.2 and still password reset emails are being blocked by our hosting provider and they are still advising it is due to the content / structure of the message.

I have tried installing several other packages and the password reset links always come through without any issues.

I have changed the wording of the reset email and still makes no difference.

emails are being sent via SMTP is there any other backend configuration which needs to take place?

Basara:
Hello.
Try to switch Mail protocol to PHP Mailer https://abantecart.atlassian.net/wiki/spaces/AD/pages/7372837/Mail+Settings#MailSettings-MailProtocol%3AMAIL

Navigation

[0] Message Index

[#] Next page

Go to full version
Powered by SMFPacks Social Login Mod