Let's say my domain name is faketests.com (it's not) but people keep emailing various users at #faketest.com email addresses. If I own both the faketests.com and faketest.com domains, how do I make it so that when someone emails anyone #faketest.com it automatically sends that email to the same user #faketests.com?
Related
We are developing an application that will send periodic updates and notifications to users as email. The user can opt-in and opt-out of this service via a subscribe option. However we are finding that some users are making the email as spam and as a result our account is getting suspended... Is there any way to track if our emails has been marked as Spam by a user, so that we can stop sending emails to them...
We have a GSuite service and are using Gmail SMTP to send emails
No.
But you can check if your domain is on any blacklist with tools like mxtoolbox.com. And contact those blacklists with the question what you could do to be removed from the list.
In order for a mail to be classified as spam it has to fail a multitude of tests maybe your mails have specific words in the title or the senders address is way to weird or the header is getting corrupted in a certain way or and maybe that's your problem: many people are custom filtering your emails as junk/spam.
I have a web application that will be used by committee chairs to communicate with committee members over email. All these users will have e-mail accounts external to the web application and domain the web application is hosted on. Any replies from members need to be directed to the e-mail of the committee chair user, not an account on the domain of the web application. The only two methods of accomplishing this that I've come up with are
In the from of the e-mail, use the e-mail of the sending user. E-mail applications for many of the committee members block this as spam.
Use an account such as no-reply#applicationdomain.com, and then include instructions in the e-mail of the correct address that replies should be sent to. Users often get confused and don't send replies to the correct address.
Are there any alternatives I am missing?
Traditionally, this was the purpose of the Sender email header. If you want an email to be From the user, but sent by you, you would just set the Sender header to an email address on your domain but have From be the user. Also, the SMTP envelope sender should also be on your domain. Then, you would be properly declaring that you're the sender of the message for anti-spam purposes, you'll receive any bounce messages, but email clients will know that the email is reportedly from the "real" user, and will direct replies accordingly. Generally, email clients would report both Sender and From, saying something like "From my-server#website.example.net on behalf of real-user#example.com", though obviously the details depend on the email client being used.
Refer to What's the difference between Sender, From and Return-Path? and OpenSPF Web Generated Email Best Practices for more information.
However, now DMARC has come along. It has made the decision that verification should be based only on the From header. The theory is that there's no way for an end-user to know whether a particular Sender is in fact authorized to send mail "on behalf of" the user listed in the From header. While it probably isn't the decision I would have made due to how it ignores the traditional Sender, it's something that needs to be dealt with now, as if the domain of the user listed in the From has a DMARC record that is set to q=reject, then nobody else, including your web form that's trying to send mail with the complete approval of the user, can send mail that's From that domain. More and more domains are turning on DMARC, and as they do so your form won't be able to send email From them, regardless of what other headers are set.
The only other alternative, then, is to have email be From your application entirely, but set the Reply-To header to where the email program should send replies to. Also, the SMTP envelope sender should be your application, and ideally be set to an address that can handle bounce messages or other errors. You shouldn't need to include any instructions, as the Reply-To header is very well supported among email clients as indicating where replies should be directed.
Refer to the DMARC FAQ entry "Why are messages I send on behalf of visitors to my website being blocked?".
I created event registration web sites (you can imagine something like http://www.eventbrite.com/), which allow users to subscribe for event updates. When subscribed, we send mass emails (with the same content) to those users.
It was ok before, but recently I noticed that GMail always put the email into Spam folder.
As any texts would always go to Spam folder, I suspect that my domain was blacklisted by Gmail.
1) Is there a way to request google to put my domain into the whitelist?
2) Let's say it can't and I decide to register for new domain.
Is there a way to avoid the mass email to be marked as spam by Gmail? (may be something like what Facebook email notification do?)
Yes, don't send mass email :-) If you really want to avoid being considered a spammer, send out emails with less recipients, and don't swamp the mail server with them. Let's say, for example, you have thirty recipients for a given update. You can send out emails with one recipient every minute for a half hour.
Now the numbers may be different (and will of course depend on the success of your site) but the basic theory will stand up for quite a while.
As to how to get yourself whitelisted in GMail, that's really up to the recipient. They can usually do it by simply adding your email address to their contact list.
Keep in mind whitelisting there refers to individual GMail accounts, GMail itself does not whitelist IP addresses.
It does blacklist them if you misbehave but that generally means you get delivery rejects when trying to send. The fact that your messages are going in to the mail system and being delivered to spam folders indicates that this is an account-based thing, not a global GMail blacklisting of your IP/domain.
In any case, the place to report problems for GMail delivery problems is here.
As a school, we send out mass emails to our parents about events and issues. There's no way we have the time to spend sending out one email per minute. What we did was sign up with AOL as a business account, and we are allowed to do "bulk mailings" until they get multiple complaints. However, gmail clients usually have to list us as a valid sender or else those emails end up in spam folders. Works the same for clients using college alumni accounts from edu addresses. Gmail is the only one who regularly gives us this problem for our recipients on their email servers. We let parents know at orientation that they will have to specifically admit our emails via some setting on gmail.
Let say I have a website that allows users to send articles on that website to a friend.
The way it works is that when the "send to a friend" link is clicked a form appears and it allows users to fill in the details and an email is sent to their friend.
The user can put in a "from" email address and a "to" email address into this form and a small amount of content.
When the email is received the from email address appears in the FROM and REPLY TO.
This website also sends a great deal of its own email communications to its users.
My question is:
Is there risk to allowing users (bots, attacks etc) to use this application to send emails from my SMTP, and how great is the risk?
My assumption is yes, this is not ideal.
Is it possibly worse than "not ideal"?
I do not know about bots using your form. Should it be a problem? I don't know.. I do know they program bots to be pretty clever, using your custom forms and all.
I do know that some email servers check if the FROM email address has the same IP address as the IP the mail was sent from. So imagine I put in my hotmail email address, and the mail server sees your server, it might flag the email as spam.
In the past I've an e-card websystem. It was a small joint venture with a girl I knew. She created the (cute) cards and I build her an e-card system. The website was pretty simple. Select card, enter email address, placing senders email address in the FROM and sent the email that you would have received an e-card.
Life was good...
Until I found that my entire web server IP was blacklisted at three major spam filtering mechanisms. And that 15% of all email recipients who used to receive e-cards from my site, would not receive their e-cards, because all my emails were blacklisted as spam from the get go. We have receive many many emails from angry "customers" demanding that their e-cards did not arrive. (I still find it funny how some people demanded the service, especially since it was a free service, go figure). My automatic reminder function was telling them the e-card still were not viewed, and they perhaps mistyped the email address, so that might have ticked them off :P
It was pretty annoying for my other customers as well, since they relied on sending out played newsletters and such and calling me that over 20% of the customers did not receive the newsletters.
Sending e-mails is hard. You should also check out Jeff's blog about this. So, learn from my mistake, and please put an email address associated with your email server in the FROM. This will spare you a lot of headaches ;)
yes this is definitely not ideal if this is a public website that any bot can access. but there are easy ways for you to limit spam use.
have your code limit any email
address to send ~50 emails a day and
only ~10 an hour based on your
needs. a bot would probably try to
send a million at once so limit them
on an hourly and daily basis.
store every email communication in a
database and come up with a good
program to monitor the most active
email senders. if you can verify
that an email is trusted, then let
them send as many emails as they
want
think about this site itself, it has very defined actions and reputation guidelines that limit you until you have proved you are trusted.
It may depend on whether you do any authentication to determine who's allowed to send emails. If the user has to be logged in to send articles, then you're probably fine. Bots will fail because they'll never be logged in.
The risk will increase the greater traffic you get to your site, and yes it's probably less than ideal. Unprotected, a bot will inevitably find your unprotected form, and start sending emails from your server.
There are some pretty easy solutions though, the most common probably being to implement something like Captcha
Fairly safe. I assume you do check the "From" address, if only by sending it one (standard!) mail first and asking the owner of that email address to confirm they are really humans ? This prevents most bots from finding and abusing your form. Of course, a directed attack with a human responding to your verification email will still allow spamming. But you've got a much better trail if you have received at least one reply from the alleged "From" address.
However, I don't think this will work reliably. The introduction of techniques like SPF will mean that mails from "example.com" will only be accepted if they originate from an outgoing SMTP server in the *.example.com domain. If you're faking emails with From: addresses #example.com, the receiving SMTP server will see that you are in fact not part of *.example.com and reject the email - and probably blacklist your IP range for good measure.
We provide a web service that can email invoices and statements from our servers to our users customers.
Our users have asked us that all emails sent from the web-service are also stored in the Sent Folder of the person using the web service.
We know the users email, and we could insist they provide us with IMAP access credentials.
What options do we have for saving emails sent by a user from our server in the Sent Mail folder of that user?
(hope that makes sense. It was pretty hard to explain)
Since this is internal, you might be able to get an easy way out. BCC the person that is 'sending' the email, then they can setup a rule that moves any emails sent from your web service outbound email (or however you can flag them) to move that email to whatever folder they want.
This keeps credentials out of the process and may help to keep your SMTP servers a little more stable as well for sending out these emails (not constantly having to deal with mistyped names/passwords).
If it is an internal employee (s), then why not
- add them as the addressee of the mails (to, cc or bcc)
- add a filter that when such an email comes (from this service, to you, cc you or bcc you, as the case is) send it to the 'sent' folder?