Running MailScanner 4.85.2 (old I know) and we quarantine emails with attachments that have long filenames.
If an external sender sends such an email the internal recipient gets the sanitised message and we can release the file if it's ok. The external sender doesn't get notified of anything which is the way we want it.
If an internal sender sends such an email to an external recipient, we configured it so that the internal recipient gets an email advising their email has been sanitised, but the external recipient also gets the sanitised email.
Can it be configured so that any sanitised emails being sent to external recipients are quarantined and not delivered externally?
thanks
jc
Related
Platforms like upwork have a feature where when you get a message through those platforms, you also get an email.
Instead of logging Upwork to reply, the user can simply reply to the incoming email, and the message is then automatically sent by upworks backend to the original person who sent the message.
How exactly is this done in a way that Upwork knows the inbox to send the message to, and is able to receive a message via email.
It seems Upwork handles incoming emails by detecting any project ID in the email message - it can be an ID in the subject or in the email body and etc. So, the email can be recognized easily and processed. Also additional information can be checked on the incoming email - the sender (whom the original emails was sent out), the recipient and etc. Actually, it is up to your needs how algorithm should be working.
I was looking for the email address of a few profiles on GitHub and came across the no-reply email IDs. I know that these email IDs are created to make our personal email private, but I was wondering what happens if we mail to that no-reply address, I tried to mail me with my friend's email account and didn't receive any error neither did I receive the mail in my inbox. So what happened to that mail?
If you try to send mail to that domain, it will be returned as undeliverable.
In order to send mail to a domain, that domain must have either one or more MX records that provide the names of hosts to which mail can be delivered, or one or more A or AAAA records pointing to hosts which have a mail server running. In this case, users.noreply.github.com has no MX records, and it is a CNAME for github.github.io, which points to hosts which do not run a mail server.
When you attempt to send a mail to a server and it can't be delivered immediately, it is usually queued by your mail server, and if it remains undeliverable after some time (by default five days), it will bounce. Normally, you will receive a bounce message from your mail server indicating that the mail wasn't able to be delivered.
The point of those addresses is to allow users to attribute their commits to the correct account without having to receive emails. It wouldn't be very useful to prevent people from sending spam (or, in some cases, hostile or abusive emails) if the addresses weren't totally undeliverable.
I have written a program to send emails to some recipients. After sending emails, some auto-reply emails will be returned. For example (no such recipients, mailbox is full, out of office etc).
Is there any information in the email (e.g. header) such that my program can filter out those auto-reply message?
Or any other mechanisums can be used to perform this task?
It is because my program only wants to get those actual-reply-by-recipients email, instead of auto-reply email.
Thanks.
Just setup a rule in the outgoing email account to move all received email to the trash? Assuming that you have an email box for the auto emails only.
Just for knowledge purposes, I want to know if it is possible to know if email spoofing has been done successful or not . Suppose if I am sending an email from one's account, What if receiver doesn't exist? Means will i get any error as a spoofer that receiver doesn't exist and you cant send email . Thanks
There is no way to know for certain, but you can make an educated guess.
First, when sending an email to a non-existent recipient and the recipient's server is configured to report this to the sender (pretty much the default behaviour), this reporting can happen either:
1) During the email transmission. The SMTP conversation with the recipient's server may very well fail at RCPT TO: (i.e. when the recipient is specified) or at the end of the DATA or BDAT commands (i.e. when the email just have been transmitted and the server either acknowledges this or rejects the email). If you receive an 5xx-type response at either stages, or, well, anytime earlier in the conversation, you can be sure the recipient did not get the message. Validation during email transmission is common.
2) After the email transmission. Servers that don't do recipient validation on SMTP level will often accept and queue emails during the transmission, then generate a bounce report (also called a Delivery Status Notification/DSN or Non-Delivery Report/NDR) later and attempt to return it to the original message sender. As you have no access to the mailbox of the original message sender when spoofing, you will have no idea if such bounce report is generated. This method of validation is still fairly common.
Second, you can embed a tracking image in your HTML email to see if the email was opened. This works by placing a HTML <IMG> element in the email that points to e.g. http://example.org/tracking-1x1.gif?uuid=<id>. The idea is that you track whether that image was downloaded. Be aware that virtually all modern email clients will disable downloading images from unknown sources and some action is required from the recipient to enable downloading images.
Third, you can spoof the MIME sender only. Emails have two distinct set of addressee information: the envelope addressees and the MIME addressees. Emails are delivered based on what's written on the envelope, but email clients render the MIME information instead (what's inside the envelope). In other words, during the SMTP transmission you may specify a different sender address (MAIL FROM: command) from that in the email (From: header). The fun part is that bounce reports are sent to the envelope sender address, a.k.a. the Return-Path, so if you have access to the envelope sender mailbox, you can receive a bounce report no matter what stage it was rejected. Note that you will reveal yourself, either through the mail server logs or through the email header, where the Return-Path header will contain the envelope sender address.
Please use the above information for "knowledge purposes" only. Be aware that email spoofing is likely a crime in just about any country.
I'm developing a web application that uses javamail to send email messages and it works correctly.
The problem is that I don't get the email that I'm sending in the sent mail folder in the gmail account which I connect to, also I don't get bounced email as it happens if I try to send the email via gmail application.
I doubt this is due to security restrictions from javamail and cannot be done, as it would be much faster to get a possible spam list from an email server than doing it manually.but if it's for security reasons it would just be much better just not to bounce emails.
How can I use javamail as if sending the mails from gmail.com, getting the sent message in the sent mail folder and bounced mails in inbox folder?
The problem is that I don't get the email that I'm sending in the sent mail folder
Sending a mail via SMTP does not copy it to a sent folder automatically. Your sending application would have to make an IMAP connection after the SMTP connection and copy the message into the sent folder.
also I don't get bounced email
Make sure the Evelope Sender Address ("Return-Path") is set to the Gmail Adress you're using to send the messages.