I looking into building a system that can read and send mails all by itself.
The mailserver already exists. All I want to do is fetch the e mail data with a php script running locally on the mailserver, store some of the data in an external database.
Then when an "event" is raised, I want to run a php script that get's some data out of the database, create a mail , and send it through the mail server.
I'm fairly new to this, so I hope the things I say make sense.
Here's my question: Is it secure enough to work this way?
Am I doing anything against "the rules" ?
Thanks
There is nothing wrong in doing the things this way. Its not against the rule. But Email Deliverability is not guaranteed because:
There is no guarantee that the email you send will pass the spam filters of email providers.
Number of emails you send to 1 user in a day, Any spam keyword in the mail content, user marking your email as spam etc.
Basically, there are n number of reasons why your mail server might get blacklisted by email providers.
To ensure Email Deliverability, you need to get your mail server IP whitelisted with all the email providers. (which is not easy)
I would suggest you to use bulk email sending third party solutions like Sendgrid, Madmimi, etc.
Refer: Discussion on choosing email sending service
Also, these services also gives statistics like open tracking, click tracking etc...
Related
I am wondering if there is a way to send a quick email to my leads on gmail. I want to send each message to store them in the sent folder, I know that it can be done by create each compose message but it will give me the hard work to send the emails to each user and I don't like to use BCC because when I receive the emails from the users, I will only see one message in my inbox. I want to receive each email from each user.
Example:
http://oi57.tinypic.com/ztiy5f.jpg
I don't like to receive the email like this:
http://oi60.tinypic.com/4gl11e.jpg
Is there a way to do that through on VB6, PHP, gmail or whatever it is?
Sending mail using PHP, for example. It's not as easy as it used to be.
The sending part, is trivial. Most of the time folks use the mail command, pass parameters to it, and voila.
However, with today's overachieving spam filtering via ISPs, etc. -- Chances are very good that your email might not ever get received at its intended address. It might get there, most likely will be sent to spam, and can have several hours of delay.
The best way to send email, as far as I know, is with SMTP email in PHP. PHP mail vs SMTP
We are developing a email web site.but we are facing problem in receiving and validating the mail.i have the following doubts.can you please help me in clarifying these???
one more important thing is we are not using squrrelmail, qmail etc.
how do we receive emails for users in email web site?
do we save all the received emails in admin's mail box or in database as per the username
(my idea on email web site is,all the incoming mail are stored in admin's mail box and after the email mail is stored in database,and then the mail deleted in admin's mail box.Is it correct.if not how to store the emails in database directly in web site)
what is the technique behind the receiving mail???i think there are various techniques like email piping etc.
is there any special process of creating users for email web site,i mean do we need to create mailbox(i think mail account) for each user at the time of registration.if we need to create mail box for user,can we create it with imap_createmailbox() function.
are the users gmail,yahoomail etc are accessig database or their mail accounts at the time their login??
can we do all these things with imap functions in php??
There are many different solutions to this problem, polling existing servers, adding scripts to run when a message is received or using a gateway like CloudMailin. I wrote a blog post relating to this (it's for rails but almost all applies to php too).
The other problems almost all span from how you setup the first thing. In many cases you could just log the emails directly to your database and retrive them based on the recipient address. I think you need to explain exactly what you want to do with the email? Are you just providing email hosting for your users or are you providing an additional service? If you're just providing hosting then there are simpler approaches available.
Client asked this morning if we can provide a subscription service whereby:
Mail arives to a specific address on a cloud mail server with no procmail/maildrop possibilities
Cron runs Perl or PHP script on another server which checks for new mail and based on address mail purports to be from, does a subscriber look up, and forwards the email with any attachments to all subscribers along with an added unsubscribe link
Script deletes forwarded email
Mail server will have both IMAP and POP access, apparently.
// EDIT
Note that mail will be from 220+ governmental agencies/organizations. Users will use interface to specify which organizations they wish to receive forwards from. In order to run like a traditional mailing list we'd have to set up 200 mailing lists and then make an interface to handle subscriptions. The proposed interface will allow 1 - 200 subscriptions with a single opt-in confirmation email and a single opt-out interface.
// END EDIT
Client has been warned that header spoofing is child's play and that viral attachments are a serious concern and is willing to proceed nonetheless.
So, with the caveat that this is NOT an idea that I endorse what libraries have you used to accomplish this sort of task?
You do not mention what kind of mail server you are dealing with. Perl has Net::IMAP::Client and Net::POP3 to handle fetching mail.
For sending email using an SMTP server, there is Email::Sender or Net::SMTP or Net::SMTP::SSL.
At a minimum, you'll need an email account which you can use to send emails (this might be the original account that receives the messages).
In between fetching and sending, you can check for spam using Spam Assassin and for viruses using ClamAV.
I don't know why the original messages need to be deleted, but at the very least, I would log every single step in detail.
What you're describing is a mailing list. If at all possible, you should look into using one of the several existing software packages designed for managing such lists, such as majordomo, ezmlm or mailman, rather than trying to roll your own.
I have a web app which needs to send emails to clients 'From' staff email addresses. What's the best way to prevent my messages from being flagged as spam?
For instance, if I own charles#gmail.com, I'd like to be able to send mail "From" that address with PHP in my App, without getting the "This message may not have been sent by...." message.
Right now I'm just using the mail() function within PHP, with Headers for the From, Return Path, and X-Mailer variables.
I'm generally pretty confused by everything I've read so far about SPF and DKIM, so I appreciate any advice. Thanks.
This is a very lengthy subject with lots of things to consider.
The most important rule is to not use HTML and to send only correct mails that people want, and that the recipients do not flag as spam theirselves.
For instance, if I own
charles#gmail.com, I'd like to be able
to send mail "From" that address with
PHP in my App, without getting the
"This message may not have been sent
by...." message.
If you own a gmail address you could just sent the messages via gmail's SMTP service, but keep in mind that gmail has a 500 email sent limit. Below is a topic describing how to use gmail's SMTP server with the popular PHPMailer.
Right now I'm just using the mail()
function within PHP, with Headers for
the From, Return Path, and X-Mailer
variables.
Outsourcing this is probably the way to go using for example:
http://sendgrid.com/
We also offer a Free Plan with 200
Email Credits per day.
To read pricing visit http://sendgrid.com/pricing.html
http://elasticemail.com/
No monthly committments, no minimums,
no limits. Just pay for what you use
at $0.001 / email or less.
http://aws.amazon.com/ses/
Email messages are charged at $0.10
per thousand.
http://aws.amazon.com/ses/pricing/
http://www.cloudsmtp.com/
http://postmarkapp.com/
Just to name a few which are very cheap to use without any hassle/setup.
If instead of using the mail() function, you use an SMTP mailer such as the PEAR mailer package then you can send the mail using google's own SMTP servers. This will require you to provide the correct credentials to the google account you wish to send from. This should avoid the issue you are having.
One of the first things you need to ensure is that the email "From:..." really is from your server e.g your_mailings#yourcompany.com and it must exist and be a valid email on the server where the script works. You should try setting the sendmail user at the top of your script (assumes Linux server):
ini_set('sendmail_from', 'your_email#your_server.com');
Then you add a "Reply-To:" header and use your staff addresses perhaps and recipients will at least seem to have got an email that can be replied to. Without that you probably won't even get as far as being spam, you will get blocked on the way there.
This thread shows some of that and note the comments on PHPMailer - it is a good way to handle mailing and I have found it more successful than simple mail();
PHP mail form isn't working
I have a website, example.com hosted at godaddy. I was just messing around with PHP's mail function and uploaded the following to my website at example.com:
mail( "someone#yahoo.com", "test", "test message", "From: someone#gmail.com" );
Why does this work? I mean, it shouldn't, right? The "From" address domain isn't "#example.com". Yet, when I check my email at someone#yahoo.com, I get the message from someone#gmail.com... How is it that I'm able to (potentially) send an email from anyone's email account without their password?
This is possible, as in, you can put into the E-Mail headers whatever you want, including a totally arbitrary sender address. You are right, though, security-conscious providers will usually configure their outgoing mail services in a way that allows only sender addresses residing on the server the mail gets sent from; but they don't have to.
Also, on the receiving end, messages where the sender address belongs to a domain that is not associated with the sending mail server very often end up in the Spam folder.
It's (as you already know) very bad practice to make use of this. As to whether the provider is at fault - it could be anything from a sign of trust (if you are the only user on the server, or one of select few clients) to carelessness. You may have reason to complain because if one of your web hosting neighbours misuses this to send spam, the server's IP address might get blacklisted, causing any E-Mail coming from it (legit or not) to get caught in spam filters.
it's because of email format specification.
have a look at the email's header specification, you might refer to the http://en.wikipedia.org/wiki/Email#Header_fields
that is the reason why one should never trust the "from" information once you receive an email.
This is why systems like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) have been introduced.
SPF allows admins to define where email for a particular domain is supposed to originate. In your example, and assuming that SPF records were set up, the records would show that the Go Daddy host from which the mail was sent was not an authorised sender for the gmail.com domain. A (Yahoo) mail server that receives that mail and does SPF validation would probably reject the mail.
DKIM uses digital signatures to allow a sending mail server to show that an email came from the domain it says it came from. In your example, you wouldn't be able to sign your email and make it look like it really came from Gmail, because you don't have their key.
Both these systems require proper SPF/DKIM records to be set up, and also require that the mail server that handles the email for its recipient actually performs the validation.
So don't worry: this problem is being worked on :-)
Whether you should be able to do this is basically a matter of who you ask. The email RFC states that you should. Best practice for hosting and ISP says you shouldn't.
So seen from PHP point of view. Yes you should
Edit:
And btw you're not sending the mail from somebody's account your simply stating that you email is something differrent from what's actually true. Which is basically the same as introducing yourself to a stranger as, let's say "Bill Clinton". If the receiver is paying attention they'll know it's wrong. In the real world because you don't look like him and in the email world you can simply test if the sending server is allowed to rely from that specific domain.