I send an email from my smtp server, for example, setting From to anyemail#anydomain.com. The recipient will think that email comes from anydomain. How to confirm the email source?
There are several approaches to dealing with email forgery:
Use PGP or SSL signed certificates
Use SPF
check the Received headers (although this isn't reliable)
reply back to the sender and ask if they actually sent it. If you know the sender, maybe ask them in person or over the phone.
The main thing to realise is that the From: address isn't any form of guarantee about the originator of a message.
Edit: okay I now understand that you're just trying to tag the mail message somehow so that you can recognise which server generated it (in a non-secure way). Here's how using .NET's MailMessage:
System.Net.Mail.MailMessage msg = new System.Net.Mail.MailMessage();
msg.Headers.Add("X-Is-Development", "true");
Email Headers has more details.
Related
I'm trying to implement List-unsubscribe. I have added a mailto: header but what's not clear to me is what e-mail is actually being sent when e.g. hotmail or gmail are sending an e-mail to this unsubscribe address.
Is it sending an e-mail with From: containing the e-mail address in question, or is it some hotmail/gmail service address?
Does anyone know a way to actually test it, since gmail and hotmail only activate this feature with highly trusted addresses (I've tried and it won't show).
http://download.microsoft.com/download/e/3/3/e3397e7c-17a6-497d-9693-78f80be272fb/enhance_deliver.pdf
This states:
- Include a List-Unsubscribe header
- Send an immediate confirmation message
I understand this as replying to the unsubscribe e-mail with a confirmation e-mail. Does anyone know if there should be any specific headers or contents in that message (e-mail)?
The unsubscribe should simply come from the address of the user who opted to unsubscribe. This is a very simple mechanism which should work with even extremely basic email clients.
The notation mailto:list-admin#example.net?subject=unsubscribe causes an email message with the Subject: header unsubscribe to be sent to list-admin#example.net.
There is an optional extension of the mailto: URI protocol specifier to allow you to put something in the body of the generated message, but this is less widely supported, and should not be relied on.
Maybe put a special unique identifier in the subject= field and set up the receiving server to handle that if these pedestrian facilities are insufficient for your needs.
If you are asking whether the confirmation message should follow any specific conventions, there's nothing beyond what you put in auto-generated confirmation messages in general. As a recipient, I would expect the unsubscribe confirmation to be pretty similar to the confirmation / welcome message when I originally signed up, only of course with the opposite contents.
i am trying to setup mails on my VestaCP, i have made MX, Dmarc records, followed every guide about these records on google but there are 2 problems.
Here is my mxtoolbox results
https://mxtoolbox.com/domain/letsupload.co/
=======
1st Problem -/
The first problem is that all my mails sent from contact#letsupload.co are sent into spam folders, though i created all required records.
2nd Problem -/
I can send emails from my webmail but i cant receive them, when i send email from gmail it gets sent, there is no error that my email was not delivered but i dont receive it in my webmail.
Please help me out.
You will find that not many people will help because of the lack of code. Just always make sure that when you ask a question like this wondering why something isn't working, you provide code so people can pin point a problem. Stack Overflow don't put that page there before you ask a question because they think you're stupid, they do it so you can get a more specific and the best response to your question. So just make sure you give this a look.
However, I had a similar issue before where all my mails were being sent to the spam folder and they're a few things that could be the cause:
Mail Client Reverse DNS Checks: You mentioned that you are using a personal domain but one thing to remember is that your domain will have its on DNS server.e.g. if you are with GoDaddy that would be the default DNS setting. So the problem is that when you send an email to lets say a #outlook.com email server the mail client of the recipient will do a reverse DNS check. So it realises that you are sending to an #outlook.com but the email is coming from #letsupload.co. So it realises that you are sending from an IP that isn't related to the domain you sending to and that is what SPAM is! Like I said without seeing your code I can't exactly know how to help but if you aren't aready using a mail server with Authentication enabled that could be a cause. Try using a server with authentication and add this code:
// I am using $mail as my instance of PHPMailer
$mail->Host = 'your-new-server-with-authentication';
$mail->Port = 587; // usually the default port (double check though)
$mail->SMTPAuth = true;
// now define the username and password for your mail server
$mail->Username = 'your-username#mailserver.com';
$mail->Password = 'OpenSesame123';
Reply to: You can also try adding a reply-to email address. Some mail servers tend to put emails in spam that don't have a reply email address to stop bots from spamming a person's email account. So try adding this if you haven't already:
// I am using $mail as my instance of the PHPMailer
$mail->AddReplyTo('youremail#domain.com');
Implementing SPF: If the above to fail then the chances are that you need to implement SPF. You can learn all about this from an expert on the subject gr8gonzo here is the tutorial and article he wrote on the subject. That will not only just help with implementing SPF but also with the best practises for when you're sending emails.
I got this bounce back email whenever try to send to a specific sender..
Any help would be appreciate..Thanks :D
mail content:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
example#example.com.mm
No Such User Here
Reporting-MTA: dns; mail.example.net
Action: failed
Final-Recipient: rfc822;example#example.com.mm
Status: 5.0.0
Unless there is something odd going on, the bounce back message is clearly telling you that the email address "example#example.com.mm" doe not exist. Perhaps "No Such User Here" is not the best wording, but it means that the email address is non-existant.
Is the .mm at the end of the email address part of the problem? Are you actually sending email to Myanmar?
I have never seen this bounceback message when the email address actually existed. Since this is unusual, I would send the email headers to the ISP of the intended recipient, since it is highly likely that is where the problem exists, and ask them to investigate. Also, I do think that you can get the same message if the users Inbox is full. Ask the intended recipient about that.
the problem has to do with your websites DKIM and SPF keys (Email deliverability in CPanel), if they are not added to the server it cannot verify the authenticity of your email.
The best solution is to contact your server support or CPanel support to fix the issue. There is almost nothing you can do via programming.
I had this issue and I spoke to my server's support team and it was fixed
At this point my email deliverability has not been marked as VALID, so the email
Mail delivery failed :returning message to sender kept persisting.
so I spoke to the server support team as the tooltip in the image suggested and it was finally fixed
if you noticed the VALID mark there
Just for knowledge purposes, I want to know if it is possible to know if email spoofing has been done successful or not . Suppose if I am sending an email from one's account, What if receiver doesn't exist? Means will i get any error as a spoofer that receiver doesn't exist and you cant send email . Thanks
There is no way to know for certain, but you can make an educated guess.
First, when sending an email to a non-existent recipient and the recipient's server is configured to report this to the sender (pretty much the default behaviour), this reporting can happen either:
1) During the email transmission. The SMTP conversation with the recipient's server may very well fail at RCPT TO: (i.e. when the recipient is specified) or at the end of the DATA or BDAT commands (i.e. when the email just have been transmitted and the server either acknowledges this or rejects the email). If you receive an 5xx-type response at either stages, or, well, anytime earlier in the conversation, you can be sure the recipient did not get the message. Validation during email transmission is common.
2) After the email transmission. Servers that don't do recipient validation on SMTP level will often accept and queue emails during the transmission, then generate a bounce report (also called a Delivery Status Notification/DSN or Non-Delivery Report/NDR) later and attempt to return it to the original message sender. As you have no access to the mailbox of the original message sender when spoofing, you will have no idea if such bounce report is generated. This method of validation is still fairly common.
Second, you can embed a tracking image in your HTML email to see if the email was opened. This works by placing a HTML <IMG> element in the email that points to e.g. http://example.org/tracking-1x1.gif?uuid=<id>. The idea is that you track whether that image was downloaded. Be aware that virtually all modern email clients will disable downloading images from unknown sources and some action is required from the recipient to enable downloading images.
Third, you can spoof the MIME sender only. Emails have two distinct set of addressee information: the envelope addressees and the MIME addressees. Emails are delivered based on what's written on the envelope, but email clients render the MIME information instead (what's inside the envelope). In other words, during the SMTP transmission you may specify a different sender address (MAIL FROM: command) from that in the email (From: header). The fun part is that bounce reports are sent to the envelope sender address, a.k.a. the Return-Path, so if you have access to the envelope sender mailbox, you can receive a bounce report no matter what stage it was rejected. Note that you will reveal yourself, either through the mail server logs or through the email header, where the Return-Path header will contain the envelope sender address.
Please use the above information for "knowledge purposes" only. Be aware that email spoofing is likely a crime in just about any country.
Whenever i try to send a mail from my website for email verification, the same is being received in a spam folder. I noticed that plain messages are being received in inbox, but whenever i try to include an ordinary http link[http://abcd.in/abcd/verify.php?key=2f27feb552c83c6c65b9bfc4d799e775], the mail goes to the spam folder. Cant point out the reason why this is happening. Please help me to resolve this issue.
Thanks All
From experience, I know that the spam score can be affected when hyperlinks have an alphanumeric argument tagged onto the end. I suggest trying to reformat the URL into something like;
http://abcd.in/abcd/f27feb552c83c6c65b9bfc4d799e775/verify.php
and extracting the reference using a Regex or Split()
Is your outgoing mail server configured to receive mail?
Are you using a proper mail server with proper setup at all or some bulk-mail-sending dud?
Are your mails sent with a real from address? And I don't mean the header-from that you can add in your software, but the protocol-from that is being used by sendmail
Do you have domain keys/dkim set up for your mail server?
Is the header OR the protocol from address from a different domain? Do they have set up domain keys allowing your mailserver?
Does your mail server feature the same domain name on the reverse lookup?
Does your mail server offer to receive mail for the user they are sending for?
Is your webhost using a smart relay? Do they rewrite the from: address?
Or do you send mails with internal mail address from?