We're programming a Testing Web Application for a University in ColdFusion with a MS SQL Backend.
Right now we have to manually take faxes sent to our fax machine and then find the account they are related to and input the info (the actual fax has to be found in a filing cabinet if we ever need to reference it again). What I would like to do is create a way for someone to fax to a certain number and then the fax be sent to an email account we specify.
If that worked properly we would need a way to get the email, store it somewhere on our servers and then link it to an account. The linking process would probably have to be manual and we are ok with that, but an easy way to view all the faxes sent to that email in our ColdFusion application in PDF form (searchable by the name we assign it) is what we are mainly looking for, so that we don't have to get the faxes on paper and file them by hand.
Is there a way to accomplish this? Preferably not through a paid service as we can program almost anything we need ourselves.
Hmm... have you tried services like eFax?
Why reinvent the wheel? Services like eFax and jConnect (there are several others, just Google "electronic fax service") are affordable and do half of what you are trying to do. Save yourself the effort and just spend a few bucks. You'll probably find out, too, that it will cost you less to just pay for the service than it would cost you to pay the developer to write the software.
So after you bite the bullet and sign up for an electronic faxing service, you just need an email account for it to send to, and to use CFPOP to check the inbox and download the attachments. The rest is a piece of cake.
From the sounds of it, I have built something identical to this faxing setup with Coldfusion.
After a few trials and errors I found best way to go is:
1) DIGITIZE INCOMING FAXES: Have all faxes either sent to an email address you can check via CF, or a network folder you save them on, which you can check with CF. You can absolutely keep your fax number and simply call forward incoming calls to your digital fax number.
2) PROCESS INCOMING FAXES When you find a new fax, it is best to process it and make a record of it. I store things like the file name, dig up the fax number it came from, check it against a list of known numbers, and have a routing table (in case it needs to go to someone).
3) PRINT AND ROUTE FAX Auto printing a document once in CF is possible via CF as well.
As for tables, I keep one to store each fax. I store the fax itself in a blob as well. Easy to replicate and move around, no big performance hit. I keep another table to store a list of incoming number profiles (like a caller ID table) to relate the number to a customer. I keep a table for routing rules, if an email comes from here, send it here. Last, but not least, if you have to manage multiple phone numbers, you can create multiple incoming profiles and file them.
Once you have each fax stored in the DB, you can do a lot with it and file/index/ store it digitally how you like. CFDOCUMENT will display disk based PDFs.
I ended up having to program something like this for custom routing options. It is possible to auto link items to certain files/folders/projects if you like as well with CF.
If you need to know anything else, ask, or we can discuss it off line if you need to keep some details private.
Agree with Adam. Don't create a bunch of problems for yourself - you'll save a lot of money and nerves by just using the existing service.
On the topic: I use Popfax and I kind of like it. It's comfy, gives you opportunities, discounts, contests and a lot of stuff you'd like if you'd be interested in. It's cheap (at least, 100% cheaper than your own software) and you can use it not only on PC, but also via mobile phone
Related
Over the past few months random email addresses, some of which are on known spam lists, have been added at the rate of 2 or 3 a day to my website.
I know they aren't real humans - for a start the website is in a very narrow geographical area, and many of these emails are clearly from a different country, others are info# addresses that appear to have been harvested from a website, rather than something a human would use to sign up to a site.
What I can't work out is, what are reasons for somebody doing this? I can't see any benefit to an external party beyond being vaguely destructive. (I don't want to link to the site here, it's just a textbox where you enter email and press join).
These emails are never verified - my question isn't about how to prevent this, but what are some valid reasons why somebody might do this. I think it's important to understand why malicious users do what they do.
This is probably a list bombing attack, which is definitely not valid. The only valid use I can think of is for security research, and that's a corner case.
List bomb
I suspect this is part of a list bombing attack, which is when somebody uses a tool or service to maliciously sign up a victim for as much junk email as possible. I work in anti-spam and have seen victims' perspectives on this: it's nearly all opt-in verifications, meaning the damage is only one per service. It sounds like you're in the Confirmed Opt-In (COI) camp, so congratulations, it could be worse.
We don't have good solutions for list bombing. There are too many problems to entertain a global database of hashed emails that have recently opted into lists (so list maintainers could look up an address, conclude it's being bombed, and refuse to invite). A global database of hashed emails opting out of bulk mail (like the US Do Not Call list or the now-defunct Blue Frog's Do Not Intrude registry but without the controversial DDoS-the-spammers portion) could theoretically work in this capacity, though there'd still be a lot of hurdles to clear.
At the moment, the best thing you can do is to rate-limit (which this attacker is savvy enough to avoid) and use captchas. You can measure your success based on the click rate of the links in your COI emails; if it's still low, you still have a problem.
In your particular case, asking the user to identify a region via drop-down, with no default, may give you an easy way to reject subscriptions or trigger more complex captchas.
If you're interested in a more research-driven approach, you could try to fingerprint the subscription requests and see if you can identify the tool (if it's client-run, and I believe most are) or the service (if it's cloud-run, in which case you can hopefully just blacklist a few CIDR ranges instead). Pay attention to requesters' HTTP headers, especially the referer. Browser fingerprinting it its own arms race; take a gander at the EFF's Panopticlick or Brian Kreb's piece on AntiDetect.
Security research
The only valid case I can consider, whose validity is debatable, is that of security research (which is my field). When I'm given a possible phishing link, I'm going to anonymize it. This means I'll enter fake data rather than reveal my source. I'd never intentionally go after a subscription mechanism (at least with an email I don't control), but I suppose automation could accidentally stumble into such a thing.
You can avoid that by requiring POST requests to subscribe. No (well-designed) subscription mechanism should accept GET requests or action links without parameters (though there are plenty that do). No (well-designed) web crawler, for search or archiving or security, should generate POST requests, at least without several controls to ensure it's acceptable (such as already concluding that it's a bad actor's site). I'm going to be generous and not call out any security vendors that I know do this.
The title being self explanatory, i would like to add some points to it.
1.Firstly, is it possible to track all these (READ,DELETED,SOFT BOUNCE,HARD BOUNCE) without using third party API?
2. If no, which third party services provide you the same ?
I am aware about the <img src="send-identifiers-to-this-url-to-track"/>, but this can only get me "No.of Reads/Forwards", but not deleted.
Anybody in for help ?
There are a number of things you can detect with your own software and no third party, though I don't know how they map onto the categories you list:
Tracking images and links, like you said (READ).
No mail server to take the message, e.g There might not be any MX record for the domain or your mailserver IP might be blocked by DNSBL (maybe what you mean by HARD BOUNCE?)
Mail server response codes. This might tell you for example:
Your email was rejected because the mailbox was over capacity etc (probably SOFT BOUNCE)
Rejected because it's spam (probably HARD BOUNCE)
Greylisted or something (probably SOFT BOUNCE)
There is basically nothing you can to detect the difference between unread and deleted messages though. That is also true of third party services. You will not even detect read messages unless your recipient turns on tracking images or clicks on a tracking link.
It's pretty hard to get this information, for instance I had to implement a postfix log analyzer that is mining the bounce information (soft/hard) and the reason why they occured and make it available via API in a structured form.
for my group at the university I'd like to set up a server-sided email-to-rss service.
It should work like that, that different people can send emails to a certain address (nothing proprietary like gmail but a certain imap or pop server) which will the be translated into an rss feed. One main and important feature has to be that one can see the sender of the email in the feed. Furthermore it would be nice (to take the load off the server) if the emails get translated to a feed only once a day or so.
Does anyone has some input on this subject? Are there any scripts/services which will allow that?
Thanks a bunch.
Instead of "reinventing the wheel", you could use a mailing list that supports RSS. Your people can then write the mails to the mailing list and you can then use the mailing list's RSS feed however you intend to.
This should help you find a solution: https://encrypted.google.com/search?q=mailing%20list%20rss
Pick a programming language you're familiar with, then use either an imap library to fetch the E-mails (through cron, every hour or something like that), or if you have access to procmail on your mail server, launch your script as an email arrives (this shouldn't be too much work to handle for a server, unless you're talking a vast amount of E-mail).
The script would just insert the E-mails into a database, before extracting them and outputting the RSS-feed directly from that (this shouldn't be more than a handful of lines of code).
There's a couple of providers that does this for you, although it seems that the most popular ones have disappeared. Advanced Email2RSS seems to be an option, although I have no idea how good they are or if it'll even solve your issue.
Most services offered online today that claim to "track" e-mails, do so by embedding images in the emails. My questions are:
Is this the only way to do it and if not, what are the other methods?
Are any of the methods actually fool-proof?
Has anybody had any luck with specific software or even an online group?
Yes, this is pretty much the only way to do it. Consider that an email is something that is inherently static. The only way to know if someone has "opened" an email is for the email to send some information back to your server. Most email clients these days support HTML emails, which means that you can get the client to request an image (or anything else) from your server by embedding the proper HTML tags. Other than this, you cannot force an email client to do anything it doesn't want to do. It's a separate program on a remote computer, and you have no control over it.
No, there's no foolproof way. There will always be emails you can't track. If someone downloads their email and disconnects from the internet before reading it, you can't track that email. Most email clients allow you to disable image loading now as well if you want to, so that can block tracking too.
I've usually written my own, so I wouldn't know what to recommend. I imagine most services will be quite similar, so I'd base a product/purchase decision on how easy their front-end is to use.
In addition to pixel tracking, a second way to track open rates is by looking for clickthroughs. If someone clicked through, then they must have opened it. This is infrequent, but it's important not to throw this data away.
More details:
How MailChimp tracks open rates
How CampaignMonitor tracks open rates
Wikipedia on email open rates
Hubspot on open rate issues
Facebook uses a bgsound element in addition to an img element like this:
<img src="http://www.facebook.com/email_open_log_pic.php?mid=999999999999"
style="border:0;width:1px;height:1px;" />
<bgsound src="http://www.facebook.com/email_open_log_pic.php?mid=99999999999&s=a"
volume="-10000" />
This is the best way, and it's hardly ideal - many e-mail clients block images to start with.
No, no methods are foolproof. A foolproof method of detecting if someone had read an e-mail would be a significant privacy issue.
I've used ExactTarget and CampaignMonitor's tracking systems. Both worked pretty well for tracking trends - i.e. twice as many people opened e-mail #1 than #2 - but you never know how many missed opens there are due to images not being shown.
Pixel tracking is the only way to track open rates. Then the links in your emails are also tracked through a redirect service for click rates. Absolutely nothing is going to be foolproof. You will have to use some guess work to figure out your actual open rate since some email clients will only take the text version and not the html and also some clients do not load images by default.
SilverPop is a popular one. They actually use PowerMTA on the back-end. Our company just ended up licensing PowerMTA and writing our own front-end and tracking.
No it's not the only way. Your HTML e-mail can refer to a web server for 'some content' which is then tracked. That could be an image, a stylesheet, some Javascript, etc. Most mail clients hate it and nothing automated is guaranteed to work.
Gain the trust of your recipient and invite them to your website. Track clicks.
My current app needs to store address information for a user. I'm currently debating whether to use the customary street address / city / state / zip textboxes and dropdowns or to go with Google's method of simply having everything on one line. Any thoughts on the pros/cons of storing address information in either of these manners?
You should split it up. It will make it far easier to do reporting down the road. What happens if you want to pull up all the residents of a state or zip code, or city? If you use all one field, you will be stuck and wish you had split it up.
Also, users will forget to put in all the information you need if you don't prompt them for it.
Judging by the user-input tag on your post, I assume you are referring to how the user enters the data, and now how you are storing the data in your back-end database.
Presumably your database will still need to store this information as separate fields, if you want to be able to sort and analyse the information (e.g. for reporting and statistics purposes).
In this case, I think it would depend on how confident you are that you could parse the addressing information properly into its individual fields.
One hybrid option would be to allow the user to enter the address as a single line, and then do a best-effort parsing of the information into the separate fields. This is similar to how Outlook manages addresses for contacts - you enter all of the information into a single memo field, and then it splits it up for you. You can then correct if it interpreted any of the fields wrong.
I would be very much against just having a single text field where users enter their address. You'd be surprised how many people will leave out their zip code or some other important info if you don't have a specific field for it. Also, as others have mentioned, it make reporting much easier to report on this information later if all the data is pre-parsed. As other users mentioned, programs like outlook will parse this information, but only because the source of the data is often the signatures of emails, which is something that is never in a consistent format.
I tend to split it up, allows searching to be done for a specific section of the address and you can limit the addresses you want to handle by knowing the formatting i.e. Only ship to east coast addresses.
1) You should split it.
2) May I recommend you read this before you attempt to do international address input?
I concur with Kibbee. I was even surprised to see people don't even read the field's labels, inverting first and last name, postal code and city, etc.
No, you can't determinate if a postal code is valid, in a Web application targeting international customers...
Some countries have alpha characters in postal code, various lengths, no state info, etc.
Definitely split the input. If you can help it--and depending upon your business requirements--it may be wise to perform address verification at the point of entry. This will allow you to know that your addresses are going into your database clean and allow you to do a number of other things such as fraud prevention. Having a verified address can help reduce shipping costs if you're shipping physical goods to your customers and can help reduce credit card merchant fees by ensuring the correct ZIP Code is submitted during AVS verification.
In the interest of full disclosure, I'm the founder of SmartyStreets. We offer CASS-certified address verification services. Users can upload a list for scrubbing (CSV/Excel/etc) to our website or use our address verification web service API called LiveAddress.