I'm looking for info on whether SendGrid scans files that are attached as emails. If we provide a service for our users to send an email through SendGrid, we want to prevent them from sending something malicious.
Looking at their list of Attachment Error codes, it doesn't look like there is anything like "can't send message with attachment because it failed a virus scan"...
Twilio SendGrid developer evangelist here.
The full feature breakdown on the pricing page does not mention scanning for malicious attachments, and as you've discovered neither do the error codes, so I don't believe SendGrid does automatic scanning of attachments.
I imagine it would be difficult to get this right for users. Defining malicious depends on your threat model. I know I can't use my Twilio email address to receive JavaScript files, for example, but that might not be right for your users.
I would recommend that you investigate scanning files yourself after they are uploaded, before you allow users to send them through your application.
Related
We send out email newsletters and automated confirmation emails to users of our websites. Each email has an unsubscribe link in the email footer and each recipient opted in to receive emails.
Outlook webmail has the unsubscribe link above the body of the email in the following form:
Getting too much email from #SENDER#? You can unsubscribe
Clicking on the link opens a dialog window with following content:
Block this sender
[SENDER] hasn't given us any information to help you unsubscribe, so we'll block everything sent from the following sender: [EMAIL_ADDRESS]
[×] Also delete everything from [SENDER] in my Inbox folder
I search the internet and even contacted the Outlook support and asked them what info they need from us to help recepients unsubscribe from our emails. After several email exchanges the Outlook support concluded that they have no idea how to change Outlook's unsubscribe link, what information we should give them and how we should give them the information.
Can anyone please advise or point me to the right direction please? Thanks.
Is it "List-Unsubscribe" MIME header? http://www.list-unsubscribe.com/
You're confusing a couple of things here. First, while outlook.com is a Microsoft domain, Outlook itself is an entirely different thing, and people can be using Outlook as their mail program regardless of what domain they have. You won't know what client people are using for email, or what server they use to access it. Second, you say that email communication is vital for your websites. Banning people from your newsletters doesn't help that situation in the least. People using the various Microsoft services that you mention have no trouble receiving and participating in those email communications. What you don't touch on, is what software you're using for your newsletters. THAT is where your problem probably is. If you go to that domain.com/unsubscribe URL, what does that page do/look like? There are 2 usual links for a List-Unsubscribe header. One is a mailto: link such as unsub-list-12345#domain.com, where any email to that address performs an unsubscription. For the web link version, it needs to be a link to a page that automatically unsubscribes the user (so the link would need to be customized with variables such as the mailing list).
i have an idea about system where users respond to website's messages using the emails they received.
Is it even possible to have multiple imaginary emails with hash in the e-mail's name field(f.e., 1h2149g0as1gasd9123#mysite.com ) and those all imaginary e-mails just forward content to messaging#mysite.com e-mail. And afterwards we are able to parse the contents and know for which conversation the message was sent.
The emails are hosted in Google service. Could not find any information about this in internet.
Such option would be excellent, because there would be no need of including the identificator in e-mail's content which might be deleted if no quoted text is in replied e-mail.
I'm open to any other suggestions that would fit in this situation.
When using Google's service, you can add tags after the e-mail address using a +. For example...
test#domain.com
test+12345#domain.com
test+wuishw78#domain.com
will all go through to test#domain.com, and you can then look at the address.
Note this is not supported by all e-mail systems, so while this works on Google's hosted e-mail, it may not work on others.
I'm reading about the new development of Google quick action buttons in the mail inbox.
I'm a little bit lost in this topic and not understand how I can include this function in my emails.
I have read about DKIM/SPF but I don't know if this functionality could need to do an google app.
I have my mail server with marketing segmentation and I want this button is visible when email come to client (destiny) gmail inbox (guess only works in gmail....). If i have included the markup code in html in my emails, why i can't see this button?
would it need create a specific mail application to implement this feature and send emails from this app? Someone tried this?
I know maybe this has been reply before but i think must start more down... so.. sorry.
Thanks and regards!
When you are ready to launch your marked up emails to your users, you will need to register with Google. Please follow this process:
1.Send a real-life email coming from your production servers (or a server with similar DKIM/SPF/From:/Return-Path: headers) including the markup / schema to schema.whitelisting+sample#gmail.com.
2.If you send a test/blank email, an email that does not contain schema or if you don't send an email for review your application will be silently discarded.
3.Make sure that the markup is correct prior to sending the email. For more details see Testing your Schema. Especially make sure the email passes the Email markup Tester and that there are no errors, also make sure to include as much data as possible.
4.Gmail removes all markup when forwarding an email. Do not forward the email but send it directly.
Fill out the registration form available here.
Here is the link for the documentation.
Hope this helps!!
Are you sending a promotional email (offers, etc.)?
If yes, then you are likely to be delivered to the Promotions tab, where quick actions do not work (according to Litmus - https://litmus.com/ebooks/gmail-ebook/gmail-ebook/).
Quick Actions work best in the Inbox for transactional emails.
("Here is your booking confirmation" [Check-in now] quick action)
These typically arrive directly in the Inbox.
I am trying to avoid going into the spam folder when I send an email to users on my website.
Mainly I need them to activate their newly registered account and if it's in the spam folder, they most likely will never activate it.
I noticed that for the most part, it's Hotmail that blocks my emails.
I read a lot that the more people mark it as not-spam, and if they add the email to their contacts, that why it increases the chances of not going to spam folders in the future.
Is there a way to offer a link for "add this email to your contacts" in the html body of the email?
Also, what can I do to not get to the spam in general? I tried stripping all the html and just send plain text but still went to spam...
To prevent your emails from going to spam can entail optimizing a number of things such as
Text of the email (even if it's plain text.. spammy/salesy wording will still trigger spam
The domain in which your sending the email from
Whether or not your sending domain is authenticated (e.g. SPF, DKIM)
Checking that your not on spam lists
What people usually do is create a link to a page which provides step by step instructions on how users can whitelist the sender in various email clients and providers.
This website will actually auto-generate the instructions page for you: http://www.emaildeliveryjedi.com/email-whitelist.php
Mailchimp offers a solution which allows you to add an 'Add-to-Address-Book' link to your campaigns but it's not very broadly compatible with all clients. What they're doing is embedded hcard microdata.
Further:
Mailchimp Add-to-Address-Book Links
hCard
I'd recommend sending a test email to http://isnotspam.com/
They run a SpamAssassin test (and a few others) on the email and give you an output, which is a good metric to judge most spam filters by.
Another thing to look out for is that GMail's doesn't like when you mention money at all, especially large amounts.
First, let me get this out of the way and say this isn't a spam application. I'm writing an app that allows users to share files with multiple friends easily via email.
Right now, I'm using SKPSMTPMessage to send out emails to a list of recipients at the user's request. It works, but I wonder if there isn't a better solution here. For example, if it might be better to send the smtp info and attachments to my server, and conduct the sending from there in order to avoid repetitive attachment uploads on the device.
I am also considering how to handle cases where there is no connection available (determining connection error vs other kinds of errors and persisting the failed message for a later retry).
Any advice on the best way to structure this service would be greatly appreciated.
In order to customize the user experience for sending e-mail you need access to their email details, IMAP, POP, etc. if you want that user to be the one sending the e-mail.
The solution I use is to have the from address be an e-mail I control and use a 3rd party email provider, ex: SendGrid, PostMark, Mandrill and plug in to their api's to send e-mails.