I have a website based on WordPress.
Every page has his own Contact form.
I am using Configure SMTP
+ Contact7
(SMTP is setup to user Gmail as a SMTP server).
After a while I'm curious why I am actually doing it this way.
Is Gmail that secure or it is only about SSL?
Is WP build in mail function secure (and good) enough to use it?
In total: what is the best way to make contact form in WordPress and avoiding my mails getting to the spam folder?
I was told that the solution descriped above (Gmail SMTP) is the best way, is it?
Well, the build-in mail function works fine for most uses, like sending "Password lost" or "New user registered" mails or even contact forms.
If you send more than just a few (can´t name a number) mails via contact forms, newsletters etc. you will probably want to use a mailserver for that, either an external one (GMail) or a properly configured internal one. They go much easier past spam protection because they are known for sending mails and are probably whitelisted at the big mail providers. Your webhost most probably is not and might be considered as spam very fast when he is sending mails regularly.
If you want to send a lot of mails in a short span of time you should probably go one step further and choose a service like Mailchimp or something similar for that. Their business is sending newsletters and so nobody (means the mail providers) wonders, when they have lots of mails incoming from one of those servers.
For your use case I would stick to SMTP via GMail, when it works fine for you. As you are not sending lots of mails in a short span of time you´ll have only little problems with getting rated as spam and you also have a trusted server sending those mails. Seems fine for me.
Related
I have a server on OVH and I'm trying to send some mail to my Gmail address using sendmail.
I installed sendmail with apt-get on debian, and echo "Subject: test" | /usr/sbin/sendmail -v mymail#gmail.com works. However Gmail puts the mail in the spam folder and says the mail is not authenticated.
I have no knowledge of how email works and from what I've seen I could use SPF or DKIM to provide authentication, but it seems it requires admin access to ovh DNS servers.
What would be the easiest way, using only admin access to the server that sends mails, to make sure emails sent from it are not marked as spam ?
Thanks
There are no easy way. That's the simple answer.
Google Mail is fighting spam every second, every day, all year. To get mail delivered directly to the inbox requires time and patience and there are no shortcuts. If there where, spammers would have it way to easy!
You are very correct that Google's SMTP servers will ask you to beef up your SMTP mail headers to include better authentication and security. There's no way around it if you want to be on good terms with Google's SMTP servers.
Here is a list of things to consider
SPF (Must have, also to defend spam sent in your name)
DKIM (Must have, this is somewhat a step up from SPF)
ESMTP (Google likes it when you talk to them encrypted)
Bulk headers (Use them if it's bulk, no reason to lie!)
Unsubscribe headers (Use them if you are sending out maillist content)
SMTP relay's with nice Senderscores (Easy access to the inbox, but cost)
SMTP relay's with good reputation (Easy access to the inbox, but cost)
Feedback loop headers/setup (If you send large amount of mails)
Only use "warmed up" SMTP relay servers (Mostly used by bulk senders)
Reverse DNS to match HELO/HELO (Mismatch can make problems)
Static IP (It's a given)
As you can see it's no simple task to "just" send an email to Google and expect it to be passed along to the users Inbox without getting targeted as spam.
Most of the options above requires extensive server knowlagde or that your hosting provider supports it. You need to have access to change your own DNS records but also the SMTP server that you send your mail from needs to be setup with the things in advance.
Now to the:
"How to send emails to Google Mail that always land in the inbox for dummies"
Well you basically buy your way into the inbox. Use SMTP services like Mailchimp, Amazon AWS-SMS (Simple Mail Service) many if not all of these services have already setup DKIM, SPF and are on good terms with Google. They do however have many rules and what and what not to do so if you don't follow the rules they will close your account right away.
I am modifying my website so users will be able to send an email through our webform.
Everything is written in PHP.
I will be using standard mail() function (PHP) and as I understand it will use local smtp server to send an email (this is sendmail, right?).
Should I maybe use SMTP server to send those emails?
I am asking because using standard mail() function it will use local server (Debian Linux 6.0) and I never really used it... I just want to be sure that all of those emails will get throu.
You have to keep some standards for sending emails in mind but then it will work fine:
set a RDNS entry for the IP you are sending the emails from
your email server must be not an open relay
don't send emails to users who didn't opt in to your email list via double opt in proceeder
your server IP need to be nowhere blacklisted
If you are sending a lot of emails (like 5000 emails and more) you should use a special service for that. A shared hosting plan or a VPS won't be a good idea for that amount of emails.
I always use PHP mailer. Its very easy to configure. Refer http://www.inmotionhosting.com/support/email/send-email-from-a-page/using-phpmailer-to-send-mail-through-php
Delivering mail is not an easy subject. If you don't want to dive into it, http://mandrill.com/ is a great solution. They offer a great free plan, and they manage all the deliverability issues for you.
We use Mandrill on all our new projects. We were using SendGrid, which is also good, but is more expensive (and not better).
in a recent project I integrated a custom Contact Form which uses the silverstripe Email Class. Unfortunately the sent E-Mails do not arrive at the client. It seems to depend on the host/domain of the target E-Mail Address. E.g. gmx does work (but spam), but receiving the mails on the E-Mail Address of the client does not work at all (hosted at united domains). Thanks,
Florian
The Email class in SilverStripe is admittedly not the greatest ;) But apart from potential lowlevel encoding errors, email delivery mainly depends on factors outside of SilverStripe.
You can start debugging mailservers, DNS records, spam headers, bounce emails, etc - but in the end its probably far easier to leave email delivery to a SaaS-provider like SendGrid or MailChimp. Both have offerings where you can just point your PHP configuration to their SMTP servers. SendGrid has a nice best practice collection on what to watch out for when sending emails in general.
I'm using my Google Apps account (Standard version) to send single emails (automatically) to real interested customers.
The problem is that my sender email account has been suspended, because it's been considered as a "spammer" by Google.
What can I do in order to send that kind of emails from now on? I use MailChimp to send massive emails, and I've seen it has an API, called STS, for sending single emails, but it also required an Amazon SES account, so I don't know whether to invest on those services or doing something else.
What do you recommend for this case?
You should try a service that specializes in sending "transactional" emails, such as Sendgrid, Postmarkapp and Mailjet.
They have APIs and libraries for most programming languages, but in your case you just need to configure the SMTP server they rovide in your email client and you're good to go. They help you not get into the spam folder of your recipients, and help make sure you don't get flagged as a spammer
With most of them you should get some prettty powerfull analytics as well, which is a nice bonus.
Let say I have a website that allows users to send articles on that website to a friend.
The way it works is that when the "send to a friend" link is clicked a form appears and it allows users to fill in the details and an email is sent to their friend.
The user can put in a "from" email address and a "to" email address into this form and a small amount of content.
When the email is received the from email address appears in the FROM and REPLY TO.
This website also sends a great deal of its own email communications to its users.
My question is:
Is there risk to allowing users (bots, attacks etc) to use this application to send emails from my SMTP, and how great is the risk?
My assumption is yes, this is not ideal.
Is it possibly worse than "not ideal"?
I do not know about bots using your form. Should it be a problem? I don't know.. I do know they program bots to be pretty clever, using your custom forms and all.
I do know that some email servers check if the FROM email address has the same IP address as the IP the mail was sent from. So imagine I put in my hotmail email address, and the mail server sees your server, it might flag the email as spam.
In the past I've an e-card websystem. It was a small joint venture with a girl I knew. She created the (cute) cards and I build her an e-card system. The website was pretty simple. Select card, enter email address, placing senders email address in the FROM and sent the email that you would have received an e-card.
Life was good...
Until I found that my entire web server IP was blacklisted at three major spam filtering mechanisms. And that 15% of all email recipients who used to receive e-cards from my site, would not receive their e-cards, because all my emails were blacklisted as spam from the get go. We have receive many many emails from angry "customers" demanding that their e-cards did not arrive. (I still find it funny how some people demanded the service, especially since it was a free service, go figure). My automatic reminder function was telling them the e-card still were not viewed, and they perhaps mistyped the email address, so that might have ticked them off :P
It was pretty annoying for my other customers as well, since they relied on sending out played newsletters and such and calling me that over 20% of the customers did not receive the newsletters.
Sending e-mails is hard. You should also check out Jeff's blog about this. So, learn from my mistake, and please put an email address associated with your email server in the FROM. This will spare you a lot of headaches ;)
yes this is definitely not ideal if this is a public website that any bot can access. but there are easy ways for you to limit spam use.
have your code limit any email
address to send ~50 emails a day and
only ~10 an hour based on your
needs. a bot would probably try to
send a million at once so limit them
on an hourly and daily basis.
store every email communication in a
database and come up with a good
program to monitor the most active
email senders. if you can verify
that an email is trusted, then let
them send as many emails as they
want
think about this site itself, it has very defined actions and reputation guidelines that limit you until you have proved you are trusted.
It may depend on whether you do any authentication to determine who's allowed to send emails. If the user has to be logged in to send articles, then you're probably fine. Bots will fail because they'll never be logged in.
The risk will increase the greater traffic you get to your site, and yes it's probably less than ideal. Unprotected, a bot will inevitably find your unprotected form, and start sending emails from your server.
There are some pretty easy solutions though, the most common probably being to implement something like Captcha
Fairly safe. I assume you do check the "From" address, if only by sending it one (standard!) mail first and asking the owner of that email address to confirm they are really humans ? This prevents most bots from finding and abusing your form. Of course, a directed attack with a human responding to your verification email will still allow spamming. But you've got a much better trail if you have received at least one reply from the alleged "From" address.
However, I don't think this will work reliably. The introduction of techniques like SPF will mean that mails from "example.com" will only be accepted if they originate from an outgoing SMTP server in the *.example.com domain. If you're faking emails with From: addresses #example.com, the receiving SMTP server will see that you are in fact not part of *.example.com and reject the email - and probably blacklist your IP range for good measure.