Virus scan emails on mail server or mail client? - email

We've written a simple email client. We've some basic whitelist/blacklist functionality in there but nothing more than that. We've noticed a few emails containing malicious code and I 'assumed' the mailserver should take care of that.
So should this be a responsibility of the mail server / host or of the email client itself?

Both
If you have to use the word assume you better just go ahead and handle things on your end.

Both, either or neither.
Neither is obliged to do it. So as Robert Greiner says, you should not assume.
The reality is that if you are selling your email client, or even giving it away, you need to consider what your customers expect.
If you expect them to use your client alongside well configured, decent mail servers and standalone antivirus software, you might not need to do it yourself.
Just make damn sure that the end user knows what they are (and aren't) getting from you, and have an appropriate licence agreement.
You almost certainly won't be able to write and maintain your own antivirus updates, unless you can afford to spend millions on R&D each year, so if you are going to take care of it yourself, look at integrating with the API of an established (not necessarily market-leader) antivirus provider. You will probably need to pay a licence fee to integrate with and distribute their software.
However, my personal expectation would be to not rely on mail server and client and have my own desktop antivirus program.

Related

Freeware e-mail client for small companies excluding Thunderbird

I'm looking for some e-mail client with:
multi accounts,
IMAP protocol,
signatures,
e-mail addresses sync,
freeware for business use.
I don't want Thunderbird because it freezes sometimes and stops receiving new mails. Synchronisation is riddiculous... Annoying thing is search box... The results aren't clear at all.
I wonder if there's any that works fine, has all the options I want and is freeware.
Alternatively if there's some non-freeware that is noticeable, you can list it here.
Thanks in advance!
You can use OperaMail (http://www.opera.com/computer/mail), eM Client (http://www.emclient.com/) or Evolution (http://projects.gnome.org/evolution/)
I think that the best is OperaMail
I'd go for the e-mail client that is built in the Opera browser if I had a small company. You have one application for web browsing and e-mail communication with lots of features. I however have no idea whether you are able to choose you browser freely.
Other alternatives could be Pegasus Mail and Incredimail.

Possible to use server for collecting and distributing mail

We currently have POP3 mail accounts where I am and try as I might to convince my manager that we should be using hosted IMAP or Exchange he won't budge because of the cost. The staff are mostly out of office so there is no domain server here, however, we do have a dedicated server and I wondered whether I could use this to collect the mail and distribute it from there in some way.
Effectively what I'm trying to do is ensure mail is stored somewhere other than the end users machine because backups are user dependant at the moment. With hosted Exchange or Exchange on this server would be simple but my manager won't shell out for it. I have seen free mail servers called MailEnable and Axigen but unsure if they will do the job. Sorry if this seems like an easy or stupid question but never needed to do this before.
I am assuming due to the reference to Exchange that you are on Windows.
If you have an old box lying around that works, you could install linux on it and then choose from a number of different imap servers. Dovecot and Courier are both good choices and I have worked with them before.
You could use fetchmail to then pick up the mailboxes and then deliver to the imap boxes or get them deliver directly.
Setting up such a linux server for email was one of the first things I ever did on Linux. While initially daunting, once you get the hang of it, it is pretty straightforward and there are plenty of resources out there to help.
Ubuntu is probably the easiest to get used to. CentOs is also a reasonable choice.
You shouldn't be running your own server if you aren't willing to administer your own server, and they are not easy to configure if you don't know what you are doing (e.g., you mess up and you are exploited for spamming).
Look into a service like mailgun. In my application we are using them for forwarding to REST endpoints as well as onto another SMTP server.
Competitors that wound up not meeting my needs but may meet yours include Dyn, email yak, Sendgrid, etc. etc.
Why not just setup the mail clients to store their mail files on a standard network drive or share? I follow that this situation is pretty silly in your view - 100% because of the ridiculous constraints that you are being asked to work within: I would similarly find the solution I am suggesting ridiculous generally; but under the circumstances, it seems like a simple answer to your problem - replacing distributed mail storage and backup with centralized storage and backup.
Don't POP3 email clients have the option keep a copy on the server? Mine certainly does. See second tick box on the pic.
You can then periodically take a back up of all the emails from the server to stop it getting clogged up.

Best Practice for Providing Email Account Information

I work for a company that builds embedded systems and we are currently developing a system for residential consumers, our primary focus until recently has been industrial and commercial applications.
One feature of this product is the ability for the device to send emails directly. The problem is the SMTP library is merely a client (as it should be) and thus requires configuring to connect to a mail server.
There is currently a debate going on as to whether we should be providing the mail server configuration information out of the box. At the moment the debate has split our team pretty much between the developers and management.
The developers think it will be too onerous for the "average" user to provide the FQDN or IP of the server, port, user, password and "from" address. Therefore, it would be preferable to only require the user's email address for the configuration to be complete.
Whereas management is worried about resource utilization (of course everyone is hoping for millions, or at least thousands, of users for our system!) and a "nefarious" user stealing the information we provide and using it for illicit purposes; while the developers don't think this is likely, as management pointed out, it would only take one spammer getting a hold of the account information and then we would be forced to shut it down for everyone.
The current compromise is to provide a unique email account for each device simple for relaying emails from our product to the user's email account. Obviously, this creates a management nightmare particularly because we are using a 3rd-party email hosting solution at the moment and can not automate the creation of these emails. Management does not like that fact that we have designed everything else to be automated and then throw in a nice big speed bump by manually creating each email account and then manually configuring each device to use this account.
Of course the developers suggested bring the email service in house but that creates other problems that we can not afford.
Which leads me to my question for the community, have you ever dealt with this problem? What solution did you decide upon? Why was that the best solution for you?
Since management is worried about a "nefarious" user free-riding your company's email service (besides that thought isn't that absurd) the only chance you have to not force people to go thru the hassle of configuration or to not burden you guys with manually creating accounts is to provide each client with a unique ID. This ID will allow you to shut down the service for the mallicous user.
One way to do this would be to configure each client to embed a unique ID in the header of every email. See this question. On the server side you would then have to implement a blacklist and check every email's header against it.
That's all, without further knowledge of your tech-stack it's impossible to provide a more detailed answer.

Mail relays or SMTP services for use in code

I'm looking to start using an SMTP or mail relay service. I've found quite a few out there, but I'm not sure if there are advantages to one vs another. The only requirements I have are:
can send "from" more than 1 domain (possibly >20 for all the different sites I work on)
can pay for a higher limit (I may need to send as many as 15000 in 1 day, although the average is <500)
can send from PHP (although I doubt this will be a problem as most are compatible with any language)
I'm okay with an SMTP service, mail relay service or a site that uses a custom API, although an API would make the conversion more difficult.
Reasons for wanting to do this:
I don't want to host any mail services my self as they just cause head aches
I don't have to worry about being blacklisted. If they are blacklisted they will know about it and have the knowledge to get it fixed.
Reporting on if emails have gone through would be nice.
I'm not sure why you would need this. If you read the proper RFCs (822, 2822, 823, 2823), you should be able to connect to any given site directly using SMTP. You need to be a little careful with Line Endings (should always be CRLF), and should probably add mail.add_x_header = OFF to your php.ini.
However, if you need a relay, I recommend using a spam filtering provider, as then you have protection from being blacklisted due to spammers abusing email-generating forms. I would recommend Red Condor for this task, but that is only because I work there, and know that we can handle it.
I've started using Mandrill and found it to be a great, reliable service provided by MailChimp that includes enough for most sites to use for free. Easy to setup, but also has a lot more functionality available.

Guidelines for email newsletter service

I'm implementing a email newsletter sender service using .NET and Windows Server technologies. Are there comprehensive guidelines which could help avoiding emails being trapped by spam filters and other mechanisms?
They should cover all aspects of (legal) bulk mail sending: SMTP configuration, DNS, HTML content, images, links within content etc. A simple example: is it better to embed images or load them from a server?
It would be great if you could provide some empirical data to show the efficiency of some measures taken.
Although I don't have a definitive answer, I think this is a very important question.
Here are few tidbits I know about it
Choose a clean hosting/smtp server. IP addresses of spamming SMTP servers are often black-listed by other ISPs.
Send a simple introductory email to every subscriber, asking them to add your sender address to their safe list.
Be very prudent in sending to only those people who are actually expecting it. You wouldn't want pattern recognizers of spam filters learning the smell of your content.
If you don't know your smtp servers in advance, its a good practice to provide configuration options in your application for controlling batch sizes and delay between batches. Some servers don't like large batches or continuous activity.
Unless you have a very specific reason to host the newsletter yourself, I think you'd be much better off using a third party service. There are lots out there, and some are very cheaply priced.
It'll save you on development work
(no point in re-inventing the
wheel).
Their system will handle all
the unsubscribe link stuff that you
need to include in email newsletters
to comply with CAN SPAM laws or
whatever.
They handle the spam
reports that you will inevitably get
if you have a list of any non-trivial size.
They keep records of who signed up,
how they signed up, and their IP
address, and can present those on
receipt of a spam report to prove
that their service wasn't sending
out spam.
You can use double-opt in
(or confirmed opt in), for extra
evidence to prove that the people
you're sending emails to actually
signed up to receive them.
If you really do need to host it yourself I'd suggest you search the web for "email deliverability". Things that are known to help include properly set up SPF records, DomainKeys/DKIM, correct DNS settings (reverse DNS especially - best to just use an online service to check your DNS settings). You can test a lot of these things by sending an email to check-auth#verifier.port25.com.
It's best to avoid using spammy words in your email - always a bit of guesswork this but you some words can trip filters.
But I'd guess that by far the most important thing is to be sending your email from a trusted server that maintains good relationships with ISPs (i.e. ensuring that ISPs don't think that the server is sending out spam). This is a big reason why it's much much easier to get a third party to handle everything for you.