I'm writing a recreational email spoofing app with several safeguards to make the app useless to spammers and other malicious people. One of these safeguards is that the app requires the user to send emails from the user's own SMTP account. The app is supposed to use this "login#smtp.example.com" for the MAIL FROM command. The From: field visible to the user is supposed to be spoofedAddress#example.com. I'm using Apache Commons Net SMTP. Here are relevant code fragments.
AuthenticatingSMTPClient client = new AuthenticatingSMTPClient();
....
client.auth(AuthenticatingSMTPClient.AUTH_METHOD.LOGIN, "login#smtp.example.com", "password");
....
client.setSender("login#smtp.example.com");
....
SimpleSMTPHeader header = new SimpleSMTPHeader("spoofedAddress#example.com", "Addressee#example.com", "Subject");
....
When the email arrives in my inbox, it displays "login#smtp.example.com" in the both the From: field and the envelope. "spoofedAddress#example.com" is nowhere to be seen. I used Log.e("SendMail", header.toString()); to show me the header produced by my app and it was correct. It appears that my email client is ignoring my header in favour of the envelope.
Solution
My SMTP server was intrusively editing the From: field. When I told my app to connect to a different SMTP server, "spoofedAddress#example.com" appeared in the received email's From: field.
Related
When I send an email using MailKit, I need to ensure that the email is added to the Sent folder.
Some email servers, like Gmail and Outlook, seems to automatically add the email to the Sent folder. In other cases, I manually locate the Sent folder and add the email.
Currently, I have hard-coded the server to skip the Sent folder addition step if the client is using Gmail or Outlook, but that is obviously a very hacky solution.
Is there a way to check whether a sent email has already been added to the Sent folder, or if I need to do it myself?
You could check the Sent folder for a message that has the same Message-Id header:
var uids = sent.Search (SearchQuery.HeaderContains ("Message-ID", message.MessageId));
if (uids.Count == 1) {
// looks like the message was added
}
Is it possible to send an email from Smalltalk using a Gmail account? I have configured my company mail server with Smalltalk to send email, but that's not going to cut it when I distribute the application. Answers with any of using Outlook, Yahoo or Gmail are acceptable.
You should state which Smalltalk you are using since there are different dialects and all have different ways of handling things like e-mail.
In Pharo, check out the class SMTPClient. There are class methods that have example methods showing how to send e-mails.
For VisualWorks, load the parcel NetClients and check out the classes MailMessage and SMTPClient.
Here's an example of code that sends an e-mail in VisualWorks:
(Net.SMTPClient host: Net.NetClient netSettings defaultOutgoingHost name)
user: Net.NetClient netSettings defaultOutgoingHost netUser;
send: (Net.MailMessage newTextPlain
subject: 'This is the subject';
from: 'my-email#gmail.com';
to: 'your-email#gmail.com';
text: 'This is the body';
yourself).
For secure mail sending, take a look at ZdcSecureSMTPClient in Zodiac-Extra on a Pharo 2.0 image.
Class side shows using gmail.
When create s/mime email using OpenSSL, and send , the receiving email has smime content attached and signature is verified, but the email body is not visible through email clients such as Mac Mail and ThunderBird. All webmails (eg: Gmail) reads email body properly.
Has anybody ever experienced this ?
Would request to check the mail body for any parsing error. Most of web mailers have advanced mime parsing techniques which are usually based on real time data. But clients like outlook,mac have strictly followed the rfc standards for mail parsings.
I have seen mails which open properly in rediffmail but not on yahoo, also the mails which opens on web interfaces but on outlook they just crap out. Similarly for thunderbird also, but there few extensions available for thunderbird. If you install them then the mails starts to render properly.
You must have used NO_DETACHED signing an MIME. Just like this:
int flags = PKCS7_STREAM;
p7 = PKCS7_sign(scert, skey, NULL, in, flags);
NO_DETACHED means that OpenSSL would sign and pack all of the MIME and the signedData to a .p7m file, which means a normal client could only find a .p7m file in the email. Just use DETACHED flag by which OpenSSL would add a .p7s file as signature data in the end of the previous MIME struct instead of packing all of them.
First:
flags |= PKCS7_DETACHED;
And sign it.
p7 = PKCS7_sign(scert, skey, NULL, in, flags);
Example:
https://github.com/openssl/openssl/blob/6f0ac0e2f27d9240516edb9a23b7863e7ad02898/demos/smime/smsign.c
I am using the latest Joomla build for my website.
Allso we use a DNS record for having the mail delivered to our own server instead of the server on which the website is hosted.
I have used several contact form components, but every sent mail goes to my SPAM folder.
After searching hours on the web (and getting linked to this site frequently) i decided to make a new post.
It does not matter if i use the standard joomla forms, or any component.
Whenever a user fills in a form on my website, the email gets sent. The user receives a copy of its message, and i receive the message of the user. However, this message gets thrown in the spam folder, as phishing.
The sender of the mail always is: username#nameserver.i3d.net; namens; websitename
What do i have to change/enable/disable for this to work?
Thanks in advance.
Patrick.
(Sorry, I'm new to Joomla, but it uses PHP, so this may apply. Also this answer got a little long...)
It might be an issue with the email headers. A lot of email clients will automatically spam-box all mail where the address in the From: header doesn't match the envelope sender. As an analogy, you might not trust a snail-mail letter signed "Your Rich Uncle", mailed in an envelope with a Nigerian return address. Also if your envelope sender has a different domain than the one the email is actually sent from, that's another quick ticket to the junk bin. For more info about Gmail's message blocking policies (and general good practices), you can try this help page.
Here's some basic PHP email-sending code:
$to = $userEmailAddress;
$subj = $emailSubject;
$mesg = $emailMessage;
$headers = implode("\r\n",array(
"MIME-Version: 1.0"
,"Content-type: text/html;charset=iso-8859-1"
,"From: WEB_ADMIN_NICE_NAME <WEB_ADMIN#YOURSERVER.COM>" // *** 'From:' header
));
$from = "-fWEB_ADMIN#YOURSERVER.COM"; // *** envelope sender
if(!mail($to, $subj, $text, $headers, $from)){
//Some error handling...
}
On the first line I commented, you'll want to replace WEB_ADMIN_NICE_NAME with the name you want the email recipient to see (e.g. "Bill Gates"), and on both lines, replace WEB_ADMIN#YOURSERVER.COM with the actual return address (e.g. "da_boss#microsoft.com"). Note: whatever address you choose for the return address is where users' replies will be sent.
To reiterate, make sure both lines have the same return address (though the nice name can be anything you like), and make sure that the actual server sending the mail is in fact located at YOURSERVER.COM.
Lastly, I'm not sure where Joomla does its mailing, but if you're totally lost, you can try grepping with -lr for 'mail[[:space:]]*('.
there are several reasons that could make your email look suspicious to spam filters; to find out which head on to:
http://www.mail-tester.com
grab the email address and send an email from your website to it.
Then go back to the page and it will tell you what's wrong.
btw I'm struggling with the same issue,my problem being that on Joomla 2.5.9 apparently when you send html emails, a text-only copy is not added to the message, which is considered "spammish behaviour"
The problem is the i3d.net email address. My personal experience is that their network (31.204.154.0 - 31.204.155.255) is a significant source of spam and they do not action abuse reports. I suggest changing your hosting company.
How do you send the content of a website form to an email address without disclosing the email address to the user.
Thanks!
PS: If at all possible, I would like this to be in HTML JavaScript Ok, anything I guess.
Not possible. You can however put a "fake" from header in the mail. You'll only risk it to end up in the junk folder.
HTML doesn't provide any functionality to send mails. You'll really need to do this in the server side. How exactly to do this depends on the server side programming language in question. In PHP for example, you have the mail() function. In Java you have the JavaMail API. And so on.
Regardless of the language used, you'll need a SMTP server as well. It's the one responsible for actually sending the mail. You can use the one from your ISP or a public email provider (Gmail, Yahoo, etc), but you'll be forced to use your account name in the from header. You can also register a domain with a mailbox and just register something like noreply#example.com and use this to send mails from.
Update: JavaScript can't send mails as well. Like HTML it's a client side language. You'll need to do it with a server side language. All JavaScript can do is to dump the entire page content back to the server side. jQuery may be useful in this:
$.post('/your-server-side-script-url', { body: $('body').html(); });
with (PHP targeted example)
$to = 'to#example.com';
$subject = 'Page contents';
$body = $_POST['body']
$headers = prepare_mail_headers();
mail($to, $subject, $body, $headers);
Update 2: if you actually want to hide the to header in the mail, then you'll need to use the bcc (Blind Carbon Copy) instead. This way the recipient addres(ses) will be undisclosed. Only the from, to, cc stays visible.
If you mean doing so on a client side, using mailto: link - you can not.
If you mean any way, yes - you submit the form contents back to your server, and have your back end script send the email.
You can do the form in HTML, but the posting will need to be done in a script. Even if you don't expose the email address, the script can be used to spam that email address. This is why you see captcha being used in such cases.
There are scripts available for most languages. Check to make sure their are no known security problems for the scripts. The original Matt's script in perl had problems, and the Perl community created a more secure version.