Email verification using telnet fear of marked as spam - telnet

Problem Background:
I have a 35K+ user members and growing fast. I am planning to migrate to Amazon SES service. Amazon SES has a criteria to reduce the quota or even terminate service based on bounce-back emails.
I send promotional emails to my members. But the fear is that there are email address which are no longer exists so a fair possibility that Amazon SES notice me and take action to reduce or terminate my service. I need to make sure I have valid email address which do not disturb SES.
Possible Solution:
To cope this problem I am planning to do the following procedure for each email address;
Step1. Collect the MX record for the email domain.
Step2. telnet to that MX domain
Step3. Verify email address with the following pattern
EHLO my_domain_name
MAIL FROM:<my_valid_email#my_domain_name>
RCPT TO:<email_to_verify#my_user_email_domain>
I will verify the response after each command trigger such as email is valid if I receive 250 status after RCPT command
Now what are the possible precautions I should care about to be not marked as SPAM or rejected by the remote server???

I guess you have seen this question here: How to check if an email address exists without sending an email? ? That talks a bit about the disadvantages.
I am no expert but I suspect that it is going to be pretty hard to guarantee that someone won't blacklist you at some point or that you get 100% accurate results from this, or any other method for that matter.
For your scenario though, maybe that does not matter too much - just try to do the check infrequently so that you reduce the number of guaranteed bounce backs and if you send only a few that get bounced back it won't matter too much. On top of that you can have your own system that handles a bounce back and makes sure you do not re-send to that email again.
Doing all of that may be just "good enough" to work.

You may get very different answers from what you expect. Many (most?) e-mail systems set up to prevent spam won't give away user information just like that. My own server, for example, will say 250 OK for every address on my domains, even if those addresses are in fact non-existing.
What you should do is have a system which reads those bounce e-mails and remove unused addresses after a number of bounces. A good way of doing that is having different sender addresses for each message (or at least for each recipient), making it easy to connect bounce messages with their intended recipients. This technique is sometimes called Variable envelope return path.

Related

Email Deliverability - Wrong Email in From section

I recently started working in hosting/software firm. And currently we have problem with our DNS server.
Two days ago we started getting complaints from our clients that they are receiving emails but in the From section there is a mistake, it shows wrong email of a sender. The email address that's displayed is a random address from one of our clients.
After trying to solve this problem i realized that in Email Deliverability section in cPanel Problems Exist (DKIM, SPF, and Reverse DNS).
When clicked on manage it shows how the records should look and it says that I need to update them, the problem is those same inputs do exist and so the problem persists.
It's important to note that this is a shared hosting server.
Is this some form of hacker attack? Did anyone ever had the same problem?
The sender email address is always specified by the mail client used to send that email (it's common to make mistakes in mail client settings). If those emails are not really sent by your team/server, it could be spoofing. You can implement SPF/DKIM + DMARC in your domain so that recipients can reject spoofed messages whenever they're not coming from your server.
Turns off the problem was coming from a different IP address. We were being attacked. As soon as we blocked it it stopped, and that error cPanel was showing was because the configuration on our server, it was always there.
This was the problem. I advise all WHM/cPanel users to update ASAP because the problem is really hard to find once you get in the middle of it.
https://www.tenable.com/blog/cve-2019-10149-critical-remote-command-execution-vulnerability-discovered-in-exim
You can monitor your email health score with a mail testing service.
These services allow you to check for deliverability issues along with spam activity on your email. Warmup Inbox provides a health score to all users. It's nice to keep track of how your email is performing/what needs to be improved.
Implementing a SPF record alongside proper DMARC and DKIM settings for your domain will drastically increase the overall deliverability rates of all outgoing mail coming from your domain. DKIM and DMARC increase deliverability rating as well as keep your mail server safe from malicious attacks and damaging spam mail.

Send email to pushbullet?

The website "PushBullet.com" is webwashed(filtered) by our proxy, at work.
But I really need to send some notifications to my devices.
Is there a way to send them thru the good old email protocol ?
So there is no officially supported feature for this, but you can sort of fake it using the existing email-to-push feature.
Send a push to an email address that is not a pushbullet account, such as yourgmailaccount+randomstring#gmail.com. It will have a from address of someotherrandomstring#pushbulletuseremail.com.
You can then send emails to that address, and they should show up in your pushes list.
Proposed method with random strings in email address doesn't work.
This method works. Not an email, just pure notification as required.
The library developer suggests also command line notification send. Simple and handy.
I was looking to do something similar so I could get pushbullet notifications from cron jobs, and came across this:
https://github.com/side2k/email2pb
I haven't gotten a chance to try it yet but I think this will do what you're wanting. Just tested it, and it works really well if you're able to run a postfix server.
I use Zapier for this (you can do it with a free account).
Set up a Zap to search for new mail under a label (I use "pushbullet-notify"), and send any message there to Pushbullet.
Then in Gmail just create filters for any mails you want PB notifications on, applying the same label.
The notification may be delayed up to 15 minutes from the time the email is received and labeled (free accounts check every 15 minutes).

Can not get Stripe recipients to verify through API

I am trying to create Stripe recipient objects - but no matter what I try I've never been able to get one to come back as "verified." My understanding is that Stripe verifies recipients by checking the name and EIN / SSN fields against a government database. So far as I call tell I'm entering in valid data that should pass the test.
There are no webhooks for validating a recipient - they are either verified immediately upon creating (or updating) a recipient, or they are not verified at all.
Any ideas what might be going on?
Furthermore ... do I even need to verify recipients before making bank transfers? They highly recommend it in the docs - although it's unclear whether it's actually necessary for making a successful transfer.
It takes us a little while to verify EINs on recipients (SSNs are somewhat faster). In the meantime, feel free to send out transfers to these recipients if you're confident they are who they say they are.

Email Spoofing Cpanel

I'm getting returned email in my indox that I nerver sent before,How Can I use Cpanel to stop it, my inbox alway filled up.
I read this article
http://www.werockyourweb.com/stop-spoof-email
But it seen doesn't work for me. Thank!
It seem some email system block my email address, it look like
This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 24 hours on the queue
Please let us know a sample header of the similar mail from queue
Make sure that the domain engaged in the process is having a valid SPF(TXT) record.
SPF
Spoofing can be done in many ways like if you have any form which may have bug in it and causing spamming from it .. or many any of your signup process form has bug which allows spamming over it
if its clear spoofing then yes SPF and DKIM will help to reduce it.
That's correct! Adding DKIM and SPF should help to reduce the spoof emails. If you will paste the headers here, we can identify the real cause of it. You will find it from the returned email as well from the server logs.

Possible to get a report of email addresses that bounced from Amazon SES?

While the SES dashboard shows aggregated statistics about the bounce rate of emails sent through the service, I do not see a way of retrieving the individual addresses that bounced. Is this possible? Our situation is that the 'from' address we had set in certain emails was incorrect and resolved to a non existant mailbox on our (verfied sender) domain, so anything SES would have forwarded to the from address is likely gone.
Use the Amazon SNS (simple notification service), and then you can add your email address - or Amazon SQS service for holding a log of all bounces/complaints.
The answer is no, they are gone. Lesson: make sure you from address is valid (good practice obviously) and goes to a mailbox that resolves (and/or set up and process a SQS queue for them to go to)
I had the same problem. The SES report didn't show enough details for the accruing bounce error. I modified the sesreport.zip, where the deliveries, from-emails/source-emails, and the subject column are added and are included in the report.
You can find my modification here:
https://github.com/Morning-Train/AWS-SES-Report
I hope my answer helps you with your problem.