To ensure email processing is secure and prevent robots from sending bad emails from your site, Optimizely Configured Commerce (both Classic and Spire sites) requires that users be authenticated when using features that generate emails, including:
- Contact Us form
- Share Product on the Product Detail page
- Create Account form
- Forgot Password on the Sign In page
When users trigger emails using these features, the site checks if they are logged in. If the users are logged in, they can generate emails as usual during their session.
If they are not logged in and you enabled reCAPTCHA, the site presents Google reCAPTCHA to validate that users are not robots. Once verified, users can generate emails during their session. Users receive an error message if they fail the threshold.
You are responsible for registering for your own Google reCAPTCHA account to generate the reCAPTCHA site key and secret key for your domain. Configured Commerce currently only supports version 2 of reCAPTCHA. Integrating version 3 or reCAPTCHA Enterprise requires working with the partner at the project level.
- Go to Administration > System > Settings in the Admin Console.
- Search for Enable ReCaptcha.
- Set the Enable ReCaptcha toggle to YES (the default is NO).
- Enter your ReCaptcha Site Key.
- Enter your ReCaptcha Secret Key.
- Set the following toggles to YES as desired:
- Protect Contact Us and Also Protect on Server Side
- Protect Share Product and Also Protect on Server Side
- Protect Create Account and Also Protect on Server Side
- Protect Forgot Password and Also Protect on Server Side
- Enable Preview Login
- Click Save to save your changes and enable the setting.