Need some sort of solution for this. If go into your email app and look at the abandoned checkout emails it hurts the email reputation scores.
Topic summary
Multiple Shopify merchants are experiencing a widespread bot attack creating fake abandoned carts and fraudulent orders, primarily using the name “James James” and email addresses ending in @rtremail.com or similar domains. The issue has escalated significantly since late January 2024, with some stores reporting 5,000+ abandoned carts in days and hundreds of fake orders.
Key characteristics of the attack:
- Bots target $0.00 products specifically
- Some merchants report actual orders being placed and marked as “paid” without payment
- Attacks bypass Google reCAPTCHA and standard spam protections
- Bots create customer accounts through a backend vulnerability
- Pattern evolved from “James James” to randomized same first/last names
Impact on merchants:
- Cluttered abandoned cart reports making real customers hard to identify
- Corrupted analytics and email reputation scores
- Issues with accounting/CRM software imports
- Inability to use $0 products for legitimate marketing purposes
Proposed solutions (mostly ineffective):
- Shopify support suggests enabling reCAPTCHA and third-party paid apps (Negate, Shop Protector, Ellipsis)
- Only reliable workaround: disabling all $0 products (unacceptable for many)
- One user suggests pre-registering bot email addresses with strong passwords
Current status: The issue remains unresolved months later. Merchants express frustration that Shopify hasn’t provided a built-in solution and are considering switching platforms. Shopify reportedly acknowledged the issue but hasn’t prioritized a fix.
1 Like