I know there are ways to detect browsers based on CSS rules but I don't know if the same tricks would work for Outlook. The way I think it could work is have CSS rules that show and hide urls so that when a recipient clicks on a link I can tell which email program it came from.
I can't see how this would be possible. Browser detection is done via Javascript (not CSS). And if the user is using a non-web-based email client (such as Outlook), clicking on a link will trigger the default browser to open and load the link. The information the browser sends to your server will have no knowledge of what application caused the browser to launch.
I think your only option would be to have different links for each client and rely on the goodness of the users to click the correct link.
I also think you'd have a fairly high success rate of guessing the client based on a few factors that ARE available after the link is clicked such as:
The device type
The Browser
The Operating System
The email address (if it's gmail.com or hotmail.com you know 99% of them used the web client - or for a better match mix it with the device type)
Then you could make generalisations such as:
Accessed from Windows and not a gmail/hotmail/yahoo webmail address - probably used Outlook
Accessed from OSX and not webmail address - probably used Mail
Accessed from either and a webmail address - probably used Browser
Rules like that could probably give you some pretty meaningful statistics.
If your challenge is to see what email client the person is using, there are simpler solutions than showing and hiding links. The easiest way would be to embed an image, add a query string to it like so:
http://www.yoursite.com/image.png?email=youremail#email.com
You would then catch this serverside and get the user agent string.
The issue with this is with webmail clients like GMail and Hotmail. In these instances the user agent string would be the same as the web browser. Here you would detect the user's webmail client by inspecting the email address, eg. hotmail.com.
There are edge cases such as Google Apps for Business, but this should catch most cases.
Most email senders such as Mailchimp will do mail client analytics for you.
Related
I have implemented the reset password link for my app (using exactly the same firebase code provided at https://firebase.google.com/docs/auth/web/manage-users). It works well when I tried it using a gmail account that I have registered previously on the app (I received the reset password link on gmail and able to change for a new password). However, when I tried it with other email domains (like professional work or school domains e.g #mycompany.com or #school.edu), it does not seem to receive the email (not in junk/spam too). It is very weird because I do receive the 'email verification' link (from firebase) using other domains when I registered using the app but not when I tried to reset the password? Any ideas on how to approach this problem?
As an FYI, currently in Jan 2023, Microsoft 365 business blocks these emails from ever reaching the target mailbox, even if you change the SMTP settings in firebase.
They still appear in your own SMTP sent section, they just never get delivered by MS
Open firebase console goto Authentication then click on Templates > Password Reset then copy given email address (it seems like, 'noreply#YOUR-PROJECT-NAME.firebaseapp.com') then open your Gmail account and paste that email id in search section the tap on 'view message > move to not spam'
This will surly help you
Thanks
Meet Patel
If the code is the same and you don't get an error message, it is extremely likely that the email gets blocked somewhere along to the way to the target mailbox. You'd have to reach out to the system administrator and see if they can find the message somewhere in their spam filters, and ask them to modify the configuration of those to no longer block these messages.
As ganey stated, the problem is that certain email filters such as MS 365 do not accept mails that contain links that are not in pair with the sender domain.
The solution is to add a customized action url that points to the same domain as your sender domain.
Then you need to redirect from that url to the url generated by firebase.
Note:
If you do this in react or another SPA, don't forget to append the query params.
First of all, I'd like to preface this post by stating that I know this is a terrible user experience...
I have a client who would like to prevent site visitors from sharing login credentials.
Because this is a corporate marketing site, social login is not an option.
The client claims that there is a site where upon registration, a cookie is dropped onto the user's device and the user is also given a unique password that will only work on that specific device.
Does anyone know how to make this work using Wordpress? (I'd like to avoid using third party plugins)
This sounds like the use of Single Sign On (SSO) or 2 factor Authenticaton (2FA) will be needed. The SSO Wikipidea page references a cookie based solution for TCP/IP networks https://en.wikipedia.org/wiki/Single_sign-on so perhaps that's how this came up from your client.
Once you identify what your options are with that, based on what your client is using for authentication, then set up may be a bit easier. I think a plugin would save you a lot of time, since this is a pretty elaborate task. This one may do the trick https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/
Regardless it's pretty challenging to prevent the sharing of credentials. SSO may be a deterrent if that gives access to something else that user doesn't want to share. 2FA doesn't prevent a user from sharing the pin thats generated too. Perhaps the only real way is to require an IP match on a device with bio-metric authenticaton.
I am trying to set up an email verification system as part of a side project web application I am working on. The system uses rails to send email on a linux server via a mailer. I am using my personal email address, which happens to be a gmail address, as a test case. Style information for the HTML email is embedded in a <style> tag in the <head> of the HTML email. This appears to be right, although it's difficult to tell that it's exactly correct, since the style data is pretty long. (This same style data works on a web version of the application and I'm embedding it into the email message - I will eventually create a separate stylesheet just for emails, that contains only the relevant styles, but for now, I'm using my web stylesheet for simplicity)
None of the styles appear to be shown in the email as I expect. I noticed that the email that I receive has a little question mark next to the name, indicating that the email is not authenticated with google. The message headers also contain the following:
ARC-Authentication-Results: i=1; mx.google.com;
spf=neutral (google.com: 45.56.123.196 is neither permitted nor denied by best guess record for domain of no-reply#myapplication.io) smtp.mailfrom=no-reply#myapplication.io
I'm wondering if the lack of SPF verification is causing google to not show the style data for the HTML version of the email? I can't seem to find another rationale for it. I don't have another email address that doesn't use gmail as a client (both my work and other personal emails utilize gmail), so it's not as though I could test to see if it wasn't routed through google if it would be resolved.
The mailer previews for rails seem to show that the HTML email should work, but gmail doesn't show it the same way as the mailer previews (in fact, not even close). I'm not quite sure what I can do to troubleshoot this, so any suggestions on what I can do to help solve this problem are welcome.
SPF should not be issue for style related issues. You can make sure this by sending email from gmail domain (sender domain in SMTP configuration) and your own gmail address. If it works then problem should not be in SPF.
But you would face issue when your email landed in SAPM, in this case external URLs won't work as Gmail will restrict external API calls for security purpose, so if you loaded any image or any other assets then it won't work. That's why images in emails were not opening in SPAM emails.
Note: Gmail will remove whole style in case your style tag has syntax error. So please make sure you don't have any syntax errors. You have lot of online tools to validate syntax errors.
FYI: It's better to solve SPF issues as well, otherwise your email would land in SPAM as most of ESPs are expecting to pass SPF, DKIM and DMARC.
We have a form in a website in which a visitor must submit their email address.
Then we send an email to that address with a download link.
The idea is prevent people from sharing the link and instead require them to enter their email addresses.
What I can think of is setting a cookie when the user submits the form and checking for that cookie when processing the download link.
This has 2 downsides, the same user won't be able to download the same file from different devices, and given the case a user chooses to delete their cookies, they won't be able to download the file anymore.
Any better solution? (that doesn't require the visitor to use any login or password)
Notes:
I really think it's a lousy marketing strategy but it's a request from a client.
That people create free email accounts only to get the file, or that they can share the file itself is outside of the scope of this task, so basically we don't care about that posibilites, because we can't do anything about that.
In such situation I would send user link with mail itself or some generated token as GET parameter (e.g. http://my-site.com/download?mail=a#a.a). Then user opens mail and most likely visits this link before sharing it. Thus we can save HTTP's 'Referer' header, and require exactly same 'Referer' for all further visits. Because 'Referer' is same per mail provider (for example, Gmail opens link like http://google.com?q=http://a.com, which then opens http://a.com and 'Referer' will be constantly equal 'http://google.com?q=http://a.com', and because of such mechanism this is true for Gmail/Inbox native apps too), and for most providers is same even on different devices.
There are 4 problems:
User can open link only from his mail.
If user copies link to clipboard and then pastes it in new empty tab, 'Referer' will be empty, and sharing is still easy.
It is possible to copy link like http://google.com?q=http://a.com and sharing is still possible, however becomes a little tricky for average user.
Some services may give you different 'Referer' on different devices/browsers.
You can fix 4th problem by adding filtering and categorising User-agents. For example, assume average user has no more than 1 Mac, 1 Win PC, 1 Linux PC, 1 iPhone, 1 Android. On these devices he has different browsers, so we have to distinct OS X Safari, OS X Chrome, OS X Firefox, Win Safari, Win Chrome, Win Firefox etc. And if you get request with inappropriate 'Referer', but with User-agent that is from unfilled category, consider it as legit request.
Now 4th problem is fixed and 2 users having same OS-browser-family can't share link. However, problems:
It becomes easier to share link using different OS-browser-families.
It prohibits same user to open link on both of his iPads.
It prohibits same user to open link on guest device (only if your service should support this).
I am interested to detect the email client or website a new user of my site is redirected from. For instance, if he was redirected from Gmail.com (by clicking a link in one of his email there) I would like to track that.
If I need to manipulate the links leading to my website somehow I can do that.
I know there is a way to do that cause I have seen many sites and services doing it but I would like to find out how. I can track the user agent but this tells me nothing about the site or email client.
You must use QueryStrings for this purpose. For example the link that sends the user to your site must be like this www.yourwebsite.com/default.aspx?sender="googleMail"
You can get this using the code shown below when your default.aspx page loads
if(Request.QueryString["sender"]!=null)
{
string Sender=Request.QueryString["sender"].ToString();
}
You can set different Querystrings like
www.yourwebsite.com/default.aspx?sender="googleMail"
www.yourwebsite.com/default.aspx?sender="YahooMail"
www.yourwebsite.com/default.aspx?sender="googleAdsense"
There are methods to trace the users Browser, IP address etc. But to trace this you must adopt the above method.