I have site where people can send posts (Wordpress based website). Each post have a form which anyone can use to send email to the author of the post. I think at some point there might be heavy traffic on site and that could mean hundreds and hopefully thousands emails leaving from different posts pages per day. What should i take account that the emails don't get attached to spam filters? Or should I use some 3rd party system for this?
One thing that I usually do by default is add a TEXT record to my DNS (SPF Record) indicating that this server is an authorized sender for my domain.
If the server is on the same network as your mail server, you can relay the mail through your mail server.
If the mail server is not on the same network, you could sent the mail through SMTP.
Make a reputation system of your site users ( like stackoverflow for example) and give mail power just to those that managed to get a number of points ( or whatever you will use for reputation). This way, at least, you won't get abused by spammers. Moreover, if someone abuse his power, you can "ban" him from sending emails.
About spam filters, if you have a dedidated server, could use your local smtp with some antispam solution instaled, to drop those messages that are spammy, to stop them at the source.
Also, use SPF and DKIM but those won't ensure that your mails won;t end up in trash, just protects your identify as mail sender, and others can't impersonate you.
Related
I've lost my brain the last couple of days trying to find the best solution for handling my transactional woocommerce emails, so that customers and store managers (on G Suite at the same domain as my site) get notified of new orders, etc.
TL;DR: I have a Woocommerce and want the next e-mail behavior and I wonder what's the best way to achieve this:
Have woocommerce emails don't go to my customer spam folders and get
notified to store.manager#mydomain.com and myemail#mydomain.com
G-Suite email accounts.
Use the info#mydomain.com and "MyDomain" as the "from email and name" in WooCommerce. Whether the info#mydomain.com is an e-mail
alias of my G-Suite email or a server side e-mail I don't care. What
I don't want is to configure a new G-Suite email just to serve
transactional e-mails.
So I'll describe my original situation, problem and the solutions I've read about:
When I setup the Woocommerce e-mails in settings, using a #mydomain.com email account two things happened:
Customers would receive the e-mails on their spam folder.
Store managers did not receive any e-mails whatsoever.
We also have this context info that might be of help:
We are just starting as an e-commerce, so no big load of emails...
We use the cheapest G-Suite plan (with up to 5 accounts) with our domain in Google Domain, so I don't want to use one of those account just to handle the transactional e-mails.
So I found the alias option and setup different aliases to both send and receive e-mails. E.g: "info#mydomain.com".
I read the official Woocommerce email-FAQ, and a bunch of other links in the Wordpress Forums and Stack Overflow, I came to find this three courses of action:
Setup split delivery and let my transactional e-mail address run from C-Panel.
Use an SMTP Plugin and set it up to use the Gmail API.
Create a subdomain and set WooCommerce/PHPServer to send the emails and just use my G-Suite emails as recipients.
I've read tons, and find myself in a loop where I don't know what's the best, future proof option, but this is what I've tried for every option:
I desisted on the idea of split delivery as soon as I found the e-mail aliases option in GSuite.
I did activated it and it solved one of my two problems, customers were no longer getting my emails to spam, but the Gmail API won't let me change the "from address" nor even the "from name", unless I select the alias as the default e-mail address on Gmail, which is not something I want; and if the alias (set up as mailer) and recipient is the same, then GSuite won't show the email in the inbox, but in the sent folder (and marked as read). So If the store manager email (storemanagername#mydomain.com) has an alias used to send Woocommerce emails (info#mydomain.com) he won't be notified for new orders.
I configured a domain alias on my Google Admin settings as a subdomain (store.mydomain.com) (which generates a new email alias with that subdomain) then I created a subdomain on my hosting provider (pointed at nothing for the moment) and had my hosting setup the Google MX records for my subdomain. Without the SMTP Plugin it does nothing, regardless of which e-mail I put in the from and recipient fields on the WooCommerce settings. With the SMTP Plugin things kind of work, using the alias#subdomain.mydomain.com as the recipient, as emails do arrive to inbox (instead of the sent folder) but doubled the regular mail and a huge postmaster notice, about how the domain alias "subdomain.mydomain.com" doesn't exist.
As a related note: Google per default generates a test domain alias which is mydomain.com.test-google-a.com when I use the alias e-mail with this alias domain recipient in woocommerce and the regular G-Suite in the from field on Woocommerce things pretty much work, except that my customers still get the emails to their spam folders.
How would I setup mailgun or sendgrid to use info#mydomain.com as the sender e-mail address? Would that work better?
I'm not new to wordpress, but definitely I'm a noob at WooCommerce and email protocol, setup in general.
Do you think you might exceed the G Suite sending limits? That'd push you towards the SendGrid/Mailgun/etc. solution for outgoing info#mydomain.com mail, with G-Suite accepting the incoming mail however you'd like. Though if it's important to avoid "reply-to" type addresses, make sure to choose a provider/plan that supports running off your domain (SendGrid calls it "domain authentication", Mailgun calls it "domain verification", etc.).
That will likely also solve that initial problem you described in your point #2 (assuming it was due to mail being treated as local-to-the-web-server).
If you take that approach, make sure to triple-check your SPF/DKIM/DMARC setup. And depending on which provider you go with, some of their WordPress/WooCommerce integration plugins are...not great. I've been working on summarizing the providers and their plugins if it's of any help.
And I had a little trouble following who needs to get copies of what, but there's the woocommerce_email_headers filter if it would be helpful to BCC the store managers. You could even do it selectively.
I want to retrieve data from an applications back-end. I have to send the user's email via an API request from the front-end website in order to do this.
Is it good practice to send the user email in a GET request or a POST request? More specifically, is it good practice to not include a users email as a URL parameter because you don't want some other third party to see it?
Thanks
You'll absolutely want to make use of POST requests rather than GET requests for querying email addresses, as GET requests should never be used for sending sensitive information.
Bearing that in mind, you also have to take into consideration what you're doing with your endpoint to begin with. If you're simply requesting public information about an email address (such as resolving the server name or IP), then perhaps a GET request would suffice.
Keep in mind you cannot pass any authorisation headers with a GET request, so if you're querying something like whether the email address in question has a registered account on your website, anyone would be able to find out your user's email addresses by spamming requests until they got a 200 response (thus validating a registered email). And knowing a valid user's email address could serve as an attack vector at a later stage.
In short, you most likely want POST. Only use GET if you're purely querying information about the domain that the email is hosted on.
Well, POST-request is better for hiding GET-params from logs.
The best you could do - is encrypt data being transferred. You can use POST-request with SSL-encryption and it will be good enough for regular systems.
Email is sent using Amazon simple Email service form my website. When an email is sent to any Yahoo or Gmail address, it is delivered to Inbox; but when it is sent to Hotmail,it is delivered to Junk.
Why only Hotmail Treats my email as junk?
When an external user sends email messages to an Outlook.com account,
SmartScreen® filter technology evaluates the content of the messages
and assigns each message a rating based on the probability that it is
a junk email. This rating is stored as a message property called a
spam confidence level (SCL) within the message itself. The SCL rating
stays with the message as it is sent to other anti-spam protection
layers within Outlook.com. Rules inside Outlook.com are set to handle
email messages with various SCL ratings. If a message has an SCL
rating lower than a certain threshold, it is considered to be spam,
and a rule then deletes the message rather than sending it to the
user's junk email folder. If the message has a higher SCL rating than
the threshold, the email is delivered to the user's junk email folder
rather than to the inbox.
https://mail.live.com/mail/junkemail.aspx
Not all the Anti-Spam system depends only on 3rd party blacklists. Major email service providers builds their own reputation table in addition with the use of major 3rd party blacklists like spamhaus, barracuda etc. In your case, you are using Amazon SES to send mails.
I, myself found enormous marketing mails coming from Amazon SES. If the reputation of your email service provider is bad in hotmail then it may trigger the suspicious level of your mail regardless of your email service provider reputation at other blacklist providers. In addition to this, if your subject, body content contains some suspicious words then your mail will end up in junk folder.
Most emails sent from third party applications such as Wordpress, Joomla, or Amazon get diverted to junk and sometimes they fail and get stuck behind a security layer. I know for a fact with Wordpress Contact Form 7, this is the case many times.
After so many years and finally attending a seminar for this particular issue, I finally was able to solve this problem specifically for Hotmail (Outlook.com).
Before you do anything ensure your SMTP settings in your web config file (ASP.NET) are written correctly or in case of plugins (Wordpress) make sure the fields are filled correctly. This means ensuring these are the settings you are using for Outlook:
From: your email ("asdf#outlook.com")
From Name: "Your name or company name"
Host: smtp.live.com
Type of Encryption: TLS
SMTP Port: 587
SMTP Authentication: Yes
Username: Same you use to login (usually the complete email address)
Password: Enough said there
IMPORTANT - Send a test email even if it fails. The point is to trigger an activity in Outlook and have them flag it as an
unauthorized connection
Now, to the fix:
Go to Outlook.com
Login
go to Account Settings
Choose Security & Privacy
Click on "See my recent activity"
The most recent activity should be the fail attempt. Authorize it as a trusted connection.
Done!
Re-test and you shall see your emails showing in the inbox as an authorized connection. Doing these steps let Outlook know that your emails from Amazon are legitimate connections and not Amazon trying to spam your account with solicitations etc.
Mostly it is a email service provider specific thing but you can do below checks
Ensure valid sender email address
Try not to use keywords like gift, prize etc. which are preferably spam activities
Try using https://litmus.com which may help on this/ rendering email in different email clients
I run a classic asp website in which several thousand emails are sent a day through SMTP. I use Cdo.Message. A single "To" Email address and a Single "From" email address are used. The majority of these messages are received; however, recently several messages each day are getting stuck somewhere (not sure where).
Logs show that users have accessed the page; therefore, the message should be sent (It is sent on page load). There are no traces of emails not sent in any of the SMTP folders. Where else should I look?
Could those users be search engine robots? What does it take to get to that page? how about robotic submissions that are brute forcing their way thru?
I own a small domain on GoDaddy and I currently use their email service and pay a monthly fee for it. But I was thinking on how would it work to one be the owner of the email account itself, and create email address without involving the registrar. I dont know if I'm explaining myself but my question is more or less how do the protocol works to be able to create/manage email accounts. i.e Obviously gmail, and every single other webmail provider creates the accounts programatically without involving any registrar. Hows does it works?
Thanks.
What you'll need to do is set up a 'MX record' for your domain. This tells other email servers where to send email for some given domain; then you also need an email server to actually receive this email. On a Linux system, this would be something like postfix or exim, or even sendmail (not really recommended these days though). Or you could use a third-party free hosting service, and point MX records to them - eg, google apps.