I want to allow users to send emails to a list of addresses they have supplied.
If they supply their own domain I will send from their domain for them.
However, in the case they don't have their own domain I will send it from my domain address. I am wondering what a best practice 'from' address would be. Considering that I don't want users sender reputation to conflict.
Currently, my options are along the lines of:
FROM: "{$userName}{$userId}mail#myapp.com"
FROM "mail#myapp.com"
Option 2 would run the risk of sender reputation conflicts I imagine.
Are there any best practices or solutions for this problem?
Thanks
Related
I recently started working in hosting/software firm. And currently we have problem with our DNS server.
Two days ago we started getting complaints from our clients that they are receiving emails but in the From section there is a mistake, it shows wrong email of a sender. The email address that's displayed is a random address from one of our clients.
After trying to solve this problem i realized that in Email Deliverability section in cPanel Problems Exist (DKIM, SPF, and Reverse DNS).
When clicked on manage it shows how the records should look and it says that I need to update them, the problem is those same inputs do exist and so the problem persists.
It's important to note that this is a shared hosting server.
Is this some form of hacker attack? Did anyone ever had the same problem?
The sender email address is always specified by the mail client used to send that email (it's common to make mistakes in mail client settings). If those emails are not really sent by your team/server, it could be spoofing. You can implement SPF/DKIM + DMARC in your domain so that recipients can reject spoofed messages whenever they're not coming from your server.
Turns off the problem was coming from a different IP address. We were being attacked. As soon as we blocked it it stopped, and that error cPanel was showing was because the configuration on our server, it was always there.
This was the problem. I advise all WHM/cPanel users to update ASAP because the problem is really hard to find once you get in the middle of it.
https://www.tenable.com/blog/cve-2019-10149-critical-remote-command-execution-vulnerability-discovered-in-exim
You can monitor your email health score with a mail testing service.
These services allow you to check for deliverability issues along with spam activity on your email. Warmup Inbox provides a health score to all users. It's nice to keep track of how your email is performing/what needs to be improved.
Implementing a SPF record alongside proper DMARC and DKIM settings for your domain will drastically increase the overall deliverability rates of all outgoing mail coming from your domain. DKIM and DMARC increase deliverability rating as well as keep your mail server safe from malicious attacks and damaging spam mail.
We're running a directoy website where users can claim listings we have pre-populuated.
As we want to each listing have it's rightful owner, we are trying to figure out a way how can we verify that the Person who claimed a certain business or location is actually person of authority of that business?
Not all businesses have websites so we could authenticate by sending an email matching the business domain, phone number verification is also not an option as owning a phone number doesn't proves anything, I think.
We would love to have this process somehow automated, but we have no experience or ideas how to make this work.
Any suggestions are welcome!
The users need to register with you. They send you enough information to verify that they are who they say they are, eg, passport, driver's licence, credit card statements, electricity bills with address etc. You can then verify that this information is correct. In particular, their physical address must be verified.
You then mail a letter with a code that you choose to their physical address. When they have received it, send a link to their email address. The link is to a page where they must enter the code you mailed to them. They can then register with a userid and password of their choice. This only needs to be done once. After that, they can identify themselves with the userid and password they chose.
This technique relies on the fact that you can verify someone's physical address. Anyone can call you and claim to be someone else but the credit card company and the electricity company know their customer's correct address. It is possible to use someone else's credit card number and provide a different address but the credit card company will be able to tell you if the physical address they gave you is wrong.
Problem Background:
I have a 35K+ user members and growing fast. I am planning to migrate to Amazon SES service. Amazon SES has a criteria to reduce the quota or even terminate service based on bounce-back emails.
I send promotional emails to my members. But the fear is that there are email address which are no longer exists so a fair possibility that Amazon SES notice me and take action to reduce or terminate my service. I need to make sure I have valid email address which do not disturb SES.
Possible Solution:
To cope this problem I am planning to do the following procedure for each email address;
Step1. Collect the MX record for the email domain.
Step2. telnet to that MX domain
Step3. Verify email address with the following pattern
EHLO my_domain_name
MAIL FROM:<my_valid_email#my_domain_name>
RCPT TO:<email_to_verify#my_user_email_domain>
I will verify the response after each command trigger such as email is valid if I receive 250 status after RCPT command
Now what are the possible precautions I should care about to be not marked as SPAM or rejected by the remote server???
I guess you have seen this question here: How to check if an email address exists without sending an email? ? That talks a bit about the disadvantages.
I am no expert but I suspect that it is going to be pretty hard to guarantee that someone won't blacklist you at some point or that you get 100% accurate results from this, or any other method for that matter.
For your scenario though, maybe that does not matter too much - just try to do the check infrequently so that you reduce the number of guaranteed bounce backs and if you send only a few that get bounced back it won't matter too much. On top of that you can have your own system that handles a bounce back and makes sure you do not re-send to that email again.
Doing all of that may be just "good enough" to work.
You may get very different answers from what you expect. Many (most?) e-mail systems set up to prevent spam won't give away user information just like that. My own server, for example, will say 250 OK for every address on my domains, even if those addresses are in fact non-existing.
What you should do is have a system which reads those bounce e-mails and remove unused addresses after a number of bounces. A good way of doing that is having different sender addresses for each message (or at least for each recipient), making it easy to connect bounce messages with their intended recipients. This technique is sometimes called Variable envelope return path.
I'm looking to implement an SMS authentication for one of my projects, basically before a user is able to register an account with us, we would like to authenticate the user by sending sms containing a code to his mobile phone, and get him to put in the code in our form before he can proceed.
I've been looking around and found onVerify to be a pretty good way to go
http://www.onverify.com/
But I'd like to know if there're any other alternatives similar to onVerify as it is a bit expensive, so if I could go with cheaper one, that'd be great.
Thanks!
You can do this easily enough if you have access to an SMS provider.
Typically you send an SMS to the user by making an HTTP request, containing the verification code. You'd store this code, and the recipient number, in some persistent database, against which you can compare when they fill in the details on the form.
You don't mention which geographic regions you expect your users to be in, which can be important given the variable delivery quality in some markets.
Have a look at the HTTP API for BulkSMS, message pricing and coverage.
Note that you can register in various regions, if you, for example, want to price in USD.
Disclosure: I work at BulkSMS
My application sends mails containing an authentication token. The user which receives the mail clicks on a link and is directed to a webpage. The app recognizes him.
The problem is that sometimes the mail is sent to a mailing list instead of a personal address. Then several people come on the page and override each others' actions.
There are 2 ways I think I could solve this :
detect that the email address is a mailing list before I send the mail
include the final recipient address in the link in the email.
Is any of the 2 possible ?
No.
The recipient can tell if the message came from a mailing list (if the list follows the right guidlines), but the sender can't.
There is no way for the sender to modify the body of an email dynamically based on the final recipient.
David's answer is correct. Though, depending on your context you may find the following idea useful:
You might be able to record the number of clicks per email sent out using that token and just specify a threshold. If the number of times the auth token exceeds it, flag the recipient as a mailing list and exclude them from future mailings.