I'm wondering if it's possible, through perhaps pixel tracking or another means, to know an email recipient's IP address to provide location-based dynamic content?
The most reliable way would likely be to embed a tiny image in the header that links to one of your servers. Then when the open the image you can get their ip address based on where it was accessed.
Pixel tracking is easy,
but you mentioned "dynamic content".
This means you need to make your email content change after the recipients open their email, which can only be achieved by javascript.
As far as I know, some email clients will block javascript execution, see here.
If you can use the first mail to record user's ip address, and store in database, you can use the information in the second mail.
Or you can provide a link in your email content, which leads the user to a dynamic webpage.
#Aviator provided a nice solution of generating dynamic image to solve the problem.
If I have a temporary email address that hides a real address, would it be possible for someone to find out the real address?
One possible way I can think of could be tracking a read receipt by sending over a pixel by pixel image and tracking the email address that loads it.
Are there any other ways or would this be pretty good at hiding the address from spammers?
No, you usually can't identify the "real address" behind a temporary one, unless the recipient replies to your message using its real email address (whether it's a manual response, or an automatic one like a read receipt).
That's especially true when your temporary email address is provided by a disposable email provider. However, if your temporary address is indeed an alias on the same email server as the real address, the SMTP VRFY command may be used to resolve an alias to its real email address. But that SMTP feature is disabled on most email server, for obvious security reasons.
As CBroe pointed out, including an image or a link in your email wouldn't help you finding the real email address. Because mail content would be HTML, displayed by the brower, and not at all related to the email context. At most, it would tell you that the email was received and its content scanned. That's not even a guarantee that a human opened it, since some antispam filters resolve URLs to ensure they're not a threat.
We have a website where we allow you to reset your password (say if you forget your password). This is standard on many websites. Basically you enter your email address which you've used to register on our website, then we send you an email containing an email reset link.
This is all standard stuff. However, the problem is: Gmail somehow thinks this email we send to the user is spam, and puts it in the Spam folder.
The specific message Gmail shows is:
Be careful with this message. Our systems couldn't verify that this message
was really sent by xyz.com. You might want to avoid clicking links or replying
with personal information.
Let me explain how we send the email. We use the company sendgrid.com to deliver
the emails. xyz.com is a domain we control. (xyz is a pseudo-name here.)
The email's from address is: do-not-reply#xyz.com
We have changed xyz.com's SPF record to include "sendgrid.com" (and "sendgrid.net" "sendgrid.me").
There's no website associated with xyz.com, however.
My question is: what else can we do to make Gmail believe the email is from the domain xyz.com? So it doesn't put the email in the spam folder?
Thank you.
Did you end up publishing DKIM with Sendgrid? Also, I have a feeling your SPF record isn't quite right as generally there's one official entry per email provider. You mention adding several. I'd recommend looking at their docs for exactly what they recommend publishing in your SPF. Do this for any provider you use for any kind of email.
Since you mentioned Sendgrid as your ESP, here are Sendgrid's instructions. Once you've done the DNS you have to ask Sendgrid to "sign" it. Since DKIM uses cryptography you'll need them to do their side.
DKIM's less complicated than it sounds. The DNS records you have to add will take a few minutes then presumably open a ticket to Sendgrid to have them do their side.
Also, as an aside, could you post what you have for your SPF record here? I don't mean your domain but what the value is? It's not directly causing the problem but it's a key component of email authentication.
Once you've completed SPF and DKIM, it is critical you validate them both. Do a search for SPF validates and DKIM validator to find online tools.
I am looking for a way to attach an image with shipped confirmation email in Magento. There are few threads on pdf attachments but in my case I want to attach an image from 'media' folder with the email. Any idea how to do this?
Don't. Attachments drop your deliverability numbers.
Simply setup your email as html and use an img src to a file located on any publicly available server. No attachment required.
Quick question: is the image the same every time or specific to a customer order? I presume it is different or you wouldn't be asking.
To clarify: attachments are okay if you sending out invoices/delivery notes/order confirmation. However you are advised to setup your email so that the IP address can be verified directly. You are also advised to use a SPFrecord in your DNS so that the remote mail server can check that your server is allowed to send emails for you. Furthermore, in your order success page you can also ask your customers to add you to their address book, in that way your emails will not be marked as SPAM, regardless of whether you have SPF records and things setup. The only thing is you cannot guarantee customers will do that, so the SPF records and the IP reverse lookup is best. You can also use DomainKeys DKIM for the likes of Yahoo mail - mail delivery isn't what this question is about so you will have to Google DKIM for yourself...
Otherwise, attaching an image is simple. See the example at the top of the page of the Zend Programmers Reference Guide on attachments:
http://framework.zend.com/manual/en/zend.mail.attachments.html
Keep reading the comments for clarification on how to get the image data included.
Hope that helps!
I've noticed that the domain
contoso.com
is often used in documentation when a sample is needed. I always figured this was a dummy domain, used like the telephone prefix "555" to route spam into some kind of telecommunicative void (although contoso.com appears to be a real site).
Is there a domain I can safely use when I have to, say, test a registration form 20 times with a unique email address and I don't care what happens to the message, yet I don't want it going to a real person?
You can use example.com. According to the Wikipedia article:
example.com, example.net, and example.org are second-level domain names reserved by the Internet Engineering Task Force through RFC 2606, Section 3,1 for use in documentation and examples. They are not available for registration.
By implementing the reservation, the Internet Assigned Numbers Authority (IANA) made available domains to use in manuals and sample software configurations. Thus, documentation writers can be sure to select a domain name without creating naming conflicts if end-users try to use the sample configurations or examples verbatim.
When an address such as "yourusername#example.com" is used to demonstrate the sign-up process on a website, it indicates to the user they should fill in an actual e-mail address at which they receive mail. "example.com" is used in a generic and vendor-neutral manner.
These domain names resolve to a server managed by ICANN.
I started using whatever#example.com for this purpose, but then I began getting responses back from my outgoing email server saying delivery to that address had been delayed. I don't know about the OP, but I want something that I can send to and completely forget about it.
Now I'm changing over to whatever#mailinator.com -- I know that it gets delivered to their catchall (so I'm not getting any junk back about delivery errors), and if I like, I can even go check at http://mailinator.com/ to see if the email went through as planned. (But it's not clogging up my inbox if I don't care about it.)
http://www.faqs.org/rfcs/rfc2606.html has all the standard reserved names. Notably, example.com and the like started resolving a few years ago. Before that they were truly reserved names, not even found in DNS. But they are still useful "fake" domains.
A simple way of testing email delivery is to use Gmail with the "plus" rule. We use this when registering our shared email account with some services that use unique email addresses as the username. This enables us to use a single inbox for all of the incoming registrations and filter the messages to all go to the same folder.
http://fieldguide.gizmodo.com/how-to-use-the-infinite-number-of-email-addresses-gmail-1609458192
One trick you may or may not have picked up about Gmail is that you
can add in periods anywhere in the front part of your address and it
makes no difference whatsoever: john.smith#gmail.com works just the
same as johnsmith#gmail.com. What's more, you can add a plus sign and
any word before the # sign (e.g. johnsmith+hello#gmail.com) and
messages will still reach you. If these tweaks make no difference,
then why use them? One major reason: filters.
how about example.com?
It is a valid domain, but reserved by RFC to be used for documentation.
Contoso.com is a dummy domain that can be used for testing.
It's used by Microsoft as an example whenever they need an example company or domain. They're the ones who registered it, and they use it frequently in their examples, so I doubt they care if you use it for testing. They likely ignore anything that goes it seeing as how its posted all over the web and a likely target for spam.
Frankly, I utilize an email address from my own testing email server for this because part of the testing is to ensure that the form information actually gets to the email address, and since checking it is outside of my normal work-flow, that means I have to actively do so.
We are using .local domains for that.
For testing purposes I like to have e-mail addresses that really do not exist and cannot be registered. Even access by IANA like for example.com is a no-go for security reasons. Accidently sent e-mails to max.mustermann#example.com maybe be delivered to servers controlled by IANA. This maybe an privacy issue for Max Mustermann and so on ...
Do not treat me wrong: This is just for additional security minimizing the risks whereever possible.
guerillamail.com for example is blocked by several blacklists (like http://www.block-disposable-email.com). So maybe it's better to use contoso.com.
you could configure your in house MTA to discard all example.com/net/org emails. you can be sure that no one would expect them to be delivered. and that would save your server from using resources and wasting bandwidth.
If it's email you want to test, why not use a disposable email address, such as GuerrilaMail? You can send an email to anyone#guerrillamail.com, or set your own user name, for a limited amount of time.BTW, Contoso is a Microsoft dummy site they've been using to demo .Net technologies for a couple of years now.