I'm using my Google Apps account (Standard version) to send single emails (automatically) to real interested customers.
The problem is that my sender email account has been suspended, because it's been considered as a "spammer" by Google.
What can I do in order to send that kind of emails from now on? I use MailChimp to send massive emails, and I've seen it has an API, called STS, for sending single emails, but it also required an Amazon SES account, so I don't know whether to invest on those services or doing something else.
What do you recommend for this case?
You should try a service that specializes in sending "transactional" emails, such as Sendgrid, Postmarkapp and Mailjet.
They have APIs and libraries for most programming languages, but in your case you just need to configure the SMTP server they rovide in your email client and you're good to go. They help you not get into the spam folder of your recipients, and help make sure you don't get flagged as a spammer
With most of them you should get some prettty powerfull analytics as well, which is a nice bonus.
Related
I'd like to send emails programmatically via SendGrid (from admin#mydomain.example.com), but have replies to that email come to my Google Workspaces inbox for admin#mydomain.example.com). I would then like to reply to the customer from Google Workspaces.
The closest question related to this I could find is Setup | G Suite + Sendgrid for transactional email, but that was a fairly different use-case.
So in my usecase, emails to the customer would come from admin#mydomain.example.com via EITHER SendGrid or Google Workspaces.
Here's a article from MailGun that talks about a similiar pattern
My questions:
Will this result in deliverability issues, having emails sometimes come with different signing keys/domains? I don't understand email signing particularly well.
Is there anyway to have replies to the email address go to BOTH SendGrid and Google Workspaces, so I'll have it in my inbox but can also get it posted to a webhook by SendGrid? I think the answer is no, but figured I'd ask.
Any other considerations I should keep in mind for this strategy? Is this a poor idea for some reason?
Thanks!
Yes, this will result in deliverability issues. You should use the same domain for both sending and receiving.
No, you can't have replies go to both. You can have replies go to a webhook, but you can't have them go to both a webhook and a mailbox.
Final consideration: This is a poor idea. You should use the same domain for both sending and receiving. If you want to use SendGrid, you should use SendGrid for both sending and receiving. If you want to use Google Workspaces, you should use Google Workspaces for both sending and receiving. You can't use both at the same time.
Another consideration: If you're sending a lot of emails, you might get flagged as a spammer if you're sending from multiple domains.
The company I work for does something similar that might be helpful for your scenario.
We have a number of systems that send emails via SendGrid e.g. Auth0, Salesforce, various bespoke systems, etc. Some of these use native integrations to SendGrid, some use SMTP relaying, and others send emails programatically via the SendGrid API.
We've implemented sender auth (i.e. DKIM) in SendGrid for our domain e.g. mydomain.example.com, but we don't handle replies in SendGrid as we want replies to go to a different system - specifically our contact center system (which is the main systems our help desk staff use). Help desk staff would then reply to emails from within the contact center system. Note: we needed to configure DKIM for both SendGrid as well as the contact center system (as both currently send emails from mydomain.example.com), but in the future the intent was to implement a SMTP relay in the contact center system (to SendGrid) so that all sending goes through SendGrid.
I'm a bit fuzzy on the fine-grained implementation details of how we handle replies, but essentially we point the (single) MX record for mydomain.example.com to a third-party email protection system which scans the emails and forwards them to Office 365 mailboxes which subsequently forwards them to our contact centre system. I believe Office 365 is really only there for email posterity. AFAIK you should be able to point the MX record to anything that can handle SMTP.
In your scenario you should be able to configure the MX record for the mydomain.example.com domain to point at your Google Workspaces. This will allow you to send emails from SendGrid and use Google Workspaces to handle the sending and receiving of replies.
Not sure if you can configure SMTP relaying in Google Workspaces (i.e. to relay through SendGrid), but this would mean you'd only need to configure DKIM for SendGrid. All emails would be sent by SendGrid and replies would be go to Google Workspaces.
My company is developing a cloud contact management service and on our iOS app we're having some problems launching a particular enterprise email client app when the user presses the "Email" button on one of their contacts.
One member of our team came up with an idea to get around the problems with this enterprise app:
We let the user specify their email address in the app's settings and create our own email composing screen. Tapping the email button on a contact would open the composing screen, they would write their message and then we would send it on their behalf from our servers (or via service like mailchimp).
Basically, this would mean we would have to create an endpoint on our api that would accept a POST request with 'from', 'to', 'subject', and 'body' fields which would send the appropriate email.
This seems like a very bad idea as it's essentially creating a free, anonymous email service that could easily be abused send spam.
A few extra notes about our setup:
We don't verify an accounts email when they sign up
Even if we did verify the account's email, the user would need to be able to specify any email, as they may have signed up with personal email, but want to email someone from their work email.
Our API doesn't currently have any kind of rate limiting
Instead of having a from field in the request, we could instead send the id of the contact they want to email. This doesn't really change anything because if someone wants to abuse the send email endpoint they can also abuse the create contact endpoint.
So exactly how much of a bad idea is this, and how can I convince my team not to do this?
A few thoughts against doing it:
This is the perfect spamming service, which could damage the reputation of your company (reputational risk).
Your email servers would very quickly make it into blacklists (RBLs), making your outgoing emails land in spam folders in very many recipients' mailboxes.
Even if your servers are not yet in RBLs, if you send a forged email like that and proper email security is set up at the recipient end, your emails will still have a good chance to get classified as spam. Have a look at things like SPF and DKIM.
This could even have legal implications. Imagine the scenario when one of your users uses this service for something like blackmail. Would you be able to prove it was not you? Probably yes with the right controls, but would you want the hassle?
Still on the legal side, many countries (the EU, mainly) have data protection regulations which strictly control how personal data like email addresses can be used, especially for commercial advertisement. You probably want to adhere to that, but that would be hard with such a service (note that I'm not a lawyer, in such a case it's probably the abuser of your service that would offend these regulations and not you, I don't know, but it's something to consider).
If anyone can just send emails, it will be fairly easy to perform a denial of service attack against your services.
A few controls you could implement to mitigate some risks:
When adding a sender (from) address, you should validate that by for example sending a (cryptographically random) token and checking if the user can send it back (eg. by clicking a link in the email). If he can, that proves to some extent that he controls the email address and is probably a valid sender.
Limit the possible recipient addresses if you can. The best would be if recipients had to opt in to receive emails. If this is not possible, at least let recipients opt out from further emails. For this, you would have to add something like a footer to emails with "never again" links, and implement a facility to maintain recipients to which you must not send anymore.
Implement rate limiting. Depending on your exact scenario and use case, only allow to send the least number of emails acceptable for your application.
Implement proper logging so that you have an audit log of who exactly sent what email to whom. For this, log metadata like IP addresses as well. For this, you will likely have to authenticate your users.
On an operational level, have monitoring in place, and be prepared to ban offending users, based on a clear ToS shared with your users.
We are hosting customer data on behalf of companies/clients, and one of our tasks is to send out a very specific transactional email from us (with our email address as sender and reply-to) to clients customers.
We are trying to move away from storing the personal part of a customers data, including his email address. Of course, in order to be able to send out an email to a customer we need to at some point have access to the email address, but in our view it's a step in the right direction to retrieve the email address from the client during a session instead of retreiving it from our own database.
The problem now is that our unwillingness to have email addresses stored anywhere rules out using email service providers like Sendgrid. Instead we need to send out lots of emails through our own server, and this might hurt deliverability. I've been looking for a kind of "self hosted Sendgrid". One who will enable us to send bulks of emails, and one we can tweak to not store the sent emails.
One solution I've found is sendy.co who defines themselves as:
Sendy is a self hosted application that runs on your web server.
This sound promising, but then I read that emails are sent through Amazon's cloud:
Sendy uses multi-threading to send emails via Amazon SES.
I suppose this leads us back where we started, because then Amazon is storing the email addresses.
As I understand, the high deliverability that ESPs achieve is not only caused by state-of-the-art email headers, but also by their servers being recognized by Google/Gmail, Microsoft and other email hosts. So maybe a high deliverability just isn't possible without an ESP. But is there an alternative approach that lets us acheive relativly high deliverability without needing to involve a 3rd party server to do the sending?
The reason that people tend to pay for this service is because it is reasonably difficult/complicated/time consuming. If sending this email is a core part of your business, you'll want to hire a deliverability engineer to handle this. If it's not, I'd start by contacting the various transactional ESPs and see if you can find one that has an enterprise offering they're willing to tailor to this use case.
I think that I'm a little late to this. I hope that you figured out your question by now.
If you haven't then:
One alternative that you can try is to host your own server with an on-premise option. I would check out SocketLabs Hurricane MTA.
SocketLabs is a cloud ESP, like Sendgrid. But they also have a powerful on-premise option.
https://www.socketlabs.com/blog/introducing-hurricane-mta-3-0/
I have a website based on WordPress.
Every page has his own Contact form.
I am using Configure SMTP
+ Contact7
(SMTP is setup to user Gmail as a SMTP server).
After a while I'm curious why I am actually doing it this way.
Is Gmail that secure or it is only about SSL?
Is WP build in mail function secure (and good) enough to use it?
In total: what is the best way to make contact form in WordPress and avoiding my mails getting to the spam folder?
I was told that the solution descriped above (Gmail SMTP) is the best way, is it?
Well, the build-in mail function works fine for most uses, like sending "Password lost" or "New user registered" mails or even contact forms.
If you send more than just a few (can´t name a number) mails via contact forms, newsletters etc. you will probably want to use a mailserver for that, either an external one (GMail) or a properly configured internal one. They go much easier past spam protection because they are known for sending mails and are probably whitelisted at the big mail providers. Your webhost most probably is not and might be considered as spam very fast when he is sending mails regularly.
If you want to send a lot of mails in a short span of time you should probably go one step further and choose a service like Mailchimp or something similar for that. Their business is sending newsletters and so nobody (means the mail providers) wonders, when they have lots of mails incoming from one of those servers.
For your use case I would stick to SMTP via GMail, when it works fine for you. As you are not sending lots of mails in a short span of time you´ll have only little problems with getting rated as spam and you also have a trusted server sending those mails. Seems fine for me.
I've been reading up on sending mass email to a user-base, and I'm not feeling comfortable using the PHP mail function. It tends to be too simple, spammy and unreliable.
But that leads me to my question... for a custom application, what should I be using to send email to potentially hundreds of people? ...or is mail okay to use?
I appreciate the help.
I would use a third-party service. There are several of them. They ensure the emails are sent from white-listed IP's and have spent a LOT of money on legal prep for terms, privacy policy, etc to ensure the ISP's play nicely with the incoming mail.
If you're only sending mail to potentially hundreds of people, and not hundreds of thousands of people, PHP's sendmail will handle the load fine. You should be worrying more about the newsletter content and the opt-out easiness than the capability of PHP to send your email. For small campaigns to hundreds of people, check out MyEmma.com as an example of a small-list solution.
What you're probably looking for is an API to offload your email calls to and let a service handle the delivery for you. Sending a large number of email messages from PHP can be tricky as if it's not done quickly enough you run the risk of time-outs, and tracking which have been sent is always troublesome if you want to re-try a big batch.
Not surprisingly there are several companies which offer an email API service to make this sort of thing significantly easier than doing it yourself:
SendGrid (PHP example)
Mandrill (PHP package) from MailChimp
Postmark (PHP libraries)
PostageApp (PHP example)
MailGun (PHP sample)
While I'm a developer for PostageApp, but I encourage you to try out many of these to see what works best for you.
In most cases you need to re-write a small portion of your application to work with the particular API or library used to access the API, and once that's done you can send a very large number of messages with one quick call. The delivery of those messages becomes the responsibility of your provider.
The truth is that the less money you're willing to spend on email sending, the more things you have to do yourself, such as:
White listing your sender IP address (especially if you're on shared hosting this can be a PITA, because the other users can mess things up for you).
Setting up SPF and DKIM to add trust for mail hosts (Hotmail, GMail, etc.)
Checking bounce emails
Handling ISP complaints
This is also amongst the things that third party providers charge you for; if you don't wish to bother with any of the above, feel free to use providers such as Mailchimp, Bluehornet, etc. Make sure they provide what you need before you whip your wallet, some might have surprising hidden costs (such as charging you extra for API usage, use of transactional emails, life-cycle emails, etc.)
If you don't mind doing a few of the above (like checking bounce / complaint emails and making some simple DNS changes) you could sign up for Amazon SES; it has a proper API and their email charges are the lowest I've seen so far and recently they have introduced DKIM (signed emails) support. You can also configure your sendmail (assuming dedicated hosting) to talk directly to SES, so it's easy to hook up any mail() based solution and run it.
First, thanks for everyone that has helped me with this thus far.
The answer I was looking for is http://mandrillapp.com/
This is the service behind MailChimp and it rules in every way!