AbleCommerce Shopping Cart Software

My client contacted me today to say that they've been getting an email sent to them repeatedly (content below), about 25 times at a time. This 25-time email situation has happened four times now.

Subject: Customer added a note to Order Number $order.OrderId

Please Review -

On ${note.CreatedDate}, a new message was added to Order Number $order.OrderId

Customer said:

${note.Comment}

[STORE NAME]

Any thoughts on why this would happen? And what to do to prevent this?

Actually, I think I figured out both things.

In the Email Settings area, there's some options for the Product Send to a Friend form, which appears in the sidebar of product pages. I had not seen or configured this before (or if I did, it was 8 years ago). There's an option to select a template and it was set to "Note added by customer." This seems to correspond to the content shown in the email, even though the variables were not displaying actual content. I tried changing the template to "None" and then the Send to a Friend form no longer worked (error "Email template could not be loaded" is shown to the visitor.) So then I selected "Send to a friend" template and now it both works and sends the correct content to the recipient. Makes me wonder why this email template option was even given if only this template works... in any case, that mystery solved.

There's also an option to Use Captcha on this form. This was unchecked before, so I suspect my client was receiving submissions from some sort of spam bot. Hopefully having it checked will prevent this issue in the future.

We have had sites recently where the send to friend was being hit by a spam bot also. I guess some people have nothing better to do than cause other people problems.

I BCC myself on product send to a friend and recently I'm seeing that spambot as well.