I hope this topic is not double, I have searched for it.
I would like to ask, that I am receiving some email delivery report with the subject “Undelivered Mail Returned to Sender” from unknown emails. I have crosschecked that those do not exist in all enrolled user in every journals. Please see the attached picture. I noticed that this list is increasing every time I published an issue.
The email addresses are typically random such as email@example.com, firstname.lastname@example.org, email@example.com, etc. I presume that these emails are designated not for submitting any legit manuscript, it might be for cracking/hacking our OJS.
I unable to locate and find them to disable/remove them, I have tried to look in every installed journals by using menu User Enrollment.
My questions are:
- How this email address can be listed in OJS and included to sent mail (such as New Issue Notification) and while I cannot found them as registered email?
- How can I find and disable/delete the e-mail (either through the OJS interface or database)
- I notice that when someone makes a registration, he/she can skip the option “Send the email confirmation” then straight able to log in without having to verify the email.
I think this is a flaw that everybody can easily log in. I have tried this and I can log in using an invalid email address.
Is there a way that every person that registered have had to confirm their account and should activate the username via an email for activation or registration confirmation feature for every new user for the OJS that I am using now? (we are using OJS 22.214.171.124, we plan to use the new OJS but not in the near future).
I think with an email activation or registration confirmation will reduce the false/forged email.