Why do I get blank form submissions?


Starting last week we have been receiving e-mails (maybe 5-10 a day) that the subject is “Form Submission”. However the email is blank. There is no From or other information in the email.

Where are these e-mails coming from? Are these generated from our website or somewhere else? Any guidance you can provide would be helpful.



I checked your site and it looks like you are using the popular formmail.pl script.

Usually these type of emails are generated by badly wrote web-robots (search engine indexers, etc.) that are indexing your site and submitting the blank forms.

Another likely possiblilty is that they are spam-bot attempts to use your form to send out spam. I checked out your script and it is the latest version so you should be safe. Older versions of formmail.pl had a bug that allowed spam sending so there are all kinds of spam-bots out searching for exploitable formmail.pl scripts to exploit.

Again if you are using version 1.92 or above you should be safe. If you are using anything older, you need to upgrade ASAP!

I am receiving mail from my domain that I did not send

These messages are most likely coming from an infected computer/server that you have had contact with. These messages are not coming from your server and your domain name is only being forged in the ‘from’ field of these messages. Unfortunately, there is not alot that can be done to stop this. About the only thing you can do is change your mail catch-all to ‘bounce’ which will stop the mail being addressed to bogus (undefined) addresses at your domain.

Random spam + viruses to undefined addresses on my domain

Question :

For some reason today I’m getting a lot of spam generated to random email addresses to and from my domain. I assume this is a virus scam or other net trick.
My catch-all is directing all these random address to my main account.

How do you elimate the catch all address or is there another solution?




Unfortunatly this is becoming more and more common. I would recommend you delete the catch-all address. Catch-all’s used to be a very useful type of email address but now that spammers and virus writers are starting to bombard lots of random addresses at domains we are recommending people stop using catch-alls.

You can delete your catch-all by doing the following :

1. Go into your email control panel

2. Click on “Edit existing POP3 accounts”

3. Click on “Set catchall email deleted” near the bottom of that page.