Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Sending Mail to Hotmail Users?

Posted by Cliff on Thu Jun 22, 2006 08:37 PM
from the ham-not-spam dept.
Communications Microsoft The Internet
Cafesolo wonders: "I'm developing a web application using PHP. It has a user registration system that sends a link via email to activate new accounts. I've found that sending mails to Hotmail accounts is very difficult, because the spam filter is very strong and it filters lots of non-junk messages. I think the spam filter blocks any email whose domain isn't in an internal whitelist (which might contain popular domains, like hotmail.com itself, gmail.com, yahoo.com, msn.com, etc). Most of my users have Hotmail emails. I can't simply tell my users to read the junk folder because most of them are not computer-savvy and that seems to be a bit confusing to them. Has anyone managed to solve this problem? Did somebody try to contact Microsoft? Is there any way to get whitelisted? Can an independent programmer get his domain whitelisted?"
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Sending Mail to Hotmail Users? 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • See slashdot article... (Score:3, Informative)

    by crazyjeremy (857410) * on Thursday June 22 2006, @08:38PM (#15586689) Homepage Journal
    Did you see this article? http://yro.slashdot.org/yro/04/05/05/1237245.shtml [slashdot.org]?
    Also, have you tried sending the email spoofing the receivers email address? You can set the "from" header to their own address. Of course, this won't help ip based whitelists, but it will help many emails make it through for some mail hosts (few users block their own email address)

    • Re:See slashdot article... (Score:5, Informative)

      by Spazmania (174582) on Thursday June 22 2006, @08:40PM (#15586696) Homepage
      Also, have you tried sending the email spoofing the receivers email address?

      Never do this. Forging the return address is one of the few things that actually is illegal.

      • (a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--
        ...
        (3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,

        So, it's only illegal if it's for commercial purposes, and unless I'm reading it wrong, you're fine even then as long as it's within your state and the affected business is also within state.

        • IANAL and I'm betting YANAL either, so I would hesitate to take any advice such as this from someone of our ilk (non-lawyers). I wouldn't be willing to bet against an argument that the sending server and the receiving server were in different states, therefore it's interstate traffic. Given that Hotmail's servers could be just about anywhere, well...
        • unless I'm reading it wrong

          You're reading it wrong.

          "Whoever, in or affecting interstate or foreign commerce, knowingly" is pretty close to boilerplate. Judicial precedent has interpreted it to mean "virtually everything except for very rare circumstances where there is no possible tangential connection that pushes it over state lines." A grain of sand is covered in this language because it could reasonably be caught in someone's shoe and carried to another state. No, really, how do you think the EPA gets it

      • Automatic death sentence (Score:5, Interesting)

        by coyote-san (38515) on Thursday June 22 2006, @11:00PM (#15587256)
        Falsifying headers is illegal, but I doubt anyone will actually pursue a small-time website operator who's sending otherwise legitimate traffic.

        But for many of us forging headers is an automatic death sentence. I've walked away from existing business relationships where I had non-refundable credits because a customer support request was answered with a forged header.

        On the other side of the table, it's one of the few actions where I would not hestiate to recommend immediate termination for cause if I caught a member of our staff pulling that stunt. (The other actions are using the computers to perform illegal acts or to distribute pr0n/warez.)

        The reason it's so serious? It shows a culture that has a casual disregard to the consequences of identity fraud. If you forge mail that appears to come from me, then who else are you sending those forged messages to? Why should I believe your answer? Trust, once lost, is not easily recovered.

        (BTW this doesn't even address the original point of getting past spam filters. Like many sites I have my MTA set up to reject incoming messages that claim (in the envelope) to come from my own domains. I know who I am and anyone claiming to be 'me' is, prima facie, making fradulent claims and should be treated accordingly. The last time I checked that test, by itself, was blocking about a third of inbound traffic.)

        • Re:See slashdot article... (Score:2, Informative)

          by Anonymous Coward
          And what law may this be?

          The CAN-SPAM Act [wikipedia.org], actually. Deliberately falsifying headers is a direct violation.

          Don't be such an insufferable smartass ... when you're wrong.

    • Re:See slashdot article... (Score:5, Informative)

      by Violet Null (452694) on Thursday June 22 2006, @08:41PM (#15586700)
      I've run into this same sort of problem, and I've discovered that spoofing the from address is a really, really bad idea; there's a sizable chunk of mailservers that will reverse DNS the IP address they're receiving the email from, and if it doesn't match the domain in the from address, they'll reject it.
      • I agree that there are a lot of mail servers that reverse the IP address, but comparing the domain in the reverse entry to the domain in the SMTP FROM command or the From header doesn't make much sense. Any e-mail coming from a legitimate hosting company (like the one I work for) would be blocked. The reverse DNS entry for our IP address is valid and that host resolves back to the IP address (which is how it's supposed to be), but our e-mail server houses mail for upwards of 400 domain names. We certainl
    • As far as I know, hotmail has 2 options for filtering your mail. You can either have them filter it with the spam filters, or you can have it set up to only receive mail from people in your address book. I currently use the first option, as I don't like unexpected email going in my junkbox. The result is hundreds of spam messages that get through the filter. I don't know why they can't get it right. My yahoo mail account doesn't use a white list, and blocks 99.9% of spam. I get maybe 1 spam message ev

    • Re:See slashdot article... (Score:3, Informative)

      by kv9 (697238)
      i had the exact same problem with yahoo mail ending up in the bulk folder (mailserver ip was X-YahooFilteredBulk). it was easily fixed by contacting support and filling out a hefty form. so, your best bet is (surprisingly enough) tech support. i'm sure even MS has people that can help you with that.

  • Tools are available (Score:5, Informative)

    by Anonymous Coward on Thursday June 22 2006, @08:41PM (#15586698)
    Welcome to my world. I work on email deliverability for a financial services company, so no, I'm not a spammer. Hotmail makes two tools available to you to help you get your email delivered:

    MSN Smart Network Data Services: http://postmaster.msn.com/snds/ [msn.com]
    This will let you put in your SMTP's IP address and it will give you consolidated stats on how much mail was received, and how much was filtered as spam.

    Sender Score Certified: http://www.senderscorecertified.com/ [senderscorecertified.com]
    This company will "certify" you as a safe sender, and Hotmail will let your emails in unfiltered. The catch is you have to pay for this.

    Good luck. It isn't easy, but at least there are some tools at your use.

    • Re:Tools are available (Score:5, Informative)

      by doti (966971) on Thursday June 22 2006, @08:55PM (#15586761) Homepage
      Also check:
      http://wiki.apache.org/spamassassin/AvoidingFpsFor Senders [apache.org]
      http://www.senderbase.org/ [senderbase.org]
      http://www.truste.org/ [truste.org]
      http://www.bondedsender.org/ [bondedsender.org]
    • This all depends on how the user has their Hotmail account set up. I got mine back in the ancient past, and still use it as my primary email. The filter is set to allow only my Safe List members to send email to my inbox, the rest goes to Junk.

      The only thing that gets into my inbox that isn't specifically added to my whitelist is the Hotmail Staff messages, so even if this guy pays some service to get him "certified" with Hotmail, that won't do the trick.
      • I would assume that a user that set their account up this way would understand what they're doing. Otherwise they would miss a lot of mail of this sort. As such I wouldn't even take these users into account, they're not the problem.

        To clarify, it's not that these users don't matter. It's that if a user only allows whitelisted addresses through and doesn't whitelist your address/domain then you won't get through. That's not a problem with Hotmail, it's a problem with users only allowing whitelisted addres
        • In a perfect world, it would be their problem, but I bet Mr. Cafesolo would rather put an "I didn't get my email: Check you spam settings here is how"-type warning somewhere prominent just in case all the same.

        • Re:Tools are available (Score:4, Insightful)

          by TopShelf (92521) on Thursday June 22 2006, @10:14PM (#15587093) Homepage Journal
          Hotmail is perfectly fine, it's just that the parent of this thread made it sound like a service could guarantee that this guy's message could get into user's Inboxes. Hotmail has the option of having a whitelist-only Inbox, so I was pointing out that those services won't do.

  • Do yourself a favour (Score:5, Informative)

    by Bogtha (906264) on Thursday June 22 2006, @08:47PM (#15586723)

    Grab something like SpamAssassin, and set it up to add headers telling you what rules have been triggered. Then send an email from your web application to that account, and examine the headers. While Hotmail probably don't use the exact same rules as SpamAssassin, it's an easy way to spot obvious stuff for you to fix. For example, using too much HTML, particular phrases, too many capital letters, being on blacklists, etc, can all be remedied by you without Microsoft's involvement.

    I also seem to remember that Hotmail strongly discriminates against senders who don't have SPF set up, so it's probably a good idea to enable that for your domain.

      • Re:Do yourself a favour (Score:4, Insightful)

        by Bogtha (906264) on Thursday June 22 2006, @09:55PM (#15587019)

        what user is worth keeping who isn't "computer-savvy" enough to understand what a Junk Mail folder is?

        The kind of user that pays you money? And there are a lot of people that don't understand spam filtering. Unlike most other email concepts, this one doesn't really have a snail-mail analogue.

        send them all Gmail invites

        I already do this. Without fail, every single Hotmail user that I have sent an invite to has either signed up and not switched, or not bothered signing up at all. Hotmail users are happy with crap. Think about it - if they weren't, they wouldn't be with Hotmail in the first place, would they?

  • Add a SPF record. (Score:5, Informative)

    by Utopia (149375) on Thursday June 22 2006, @08:47PM (#15586729)
    My domain has a SPF record and I never had issues sending email to anyone on hotmail or other services.

    See:
    http://www.microsoft.com/mscorp/safety/content/tec hnologies/senderid/wizard/ [microsoft.com]

    &
    http://openspf.org/wizard.html [openspf.org]

    • Re:Add a SPF record. (Score:2, Informative)

      by Keeper (56691)
      I'll second that. Awhile back there was a big broohaha about how Hotmail was going to crank up the sensativity of spam filters run on mail from domains without SPF records.
  • Punch them in the face for using hotmail and get them a REAL email account. No, but seriously... I don't know if there's any (reasonable) way you're going to easily get around hotmail's "security". You could try contacting hotmail support about the problem... lord knows how much good that will do you :D. You could find a trusted host that it accepts links from, set up a mail account there, and have the mail automatically forwarded (though if you don't want it to be a mass [i.e. all the same] email you wo
      • I myself use yahoomail (was going gmail but my yahoo account is 11 years old so everyone knows it -- plus I have no need for the gmail amounts of storage) and I have no problems with webmail (not even hotmail, except when MS was a bag of douche and routed gmail invites to the spam folder) -- I was jokingly referring to getting them all SMTP/POP3/etc server/accounts of their own.

  • Very big assumptions. (Score:5, Insightful)

    by Vellmont (569020) on Thursday June 22 2006, @09:03PM (#15586797)
    You sound like you're making some very large assumptions about what's actually triggering the spam filters at hotmail. What makes you think it's your domain, and not the crappy MTA you're using? Spammers often use non-standard MTAs that anti-spam programs have learned to identify through header analysis. Have you tested sending mail from a standard mailer like sendmail or postfix to a hotmail account? You obviously need to confirm what's actually causing hotmail to tag your mail as spam and stop making assumptions.
    • Ditto. For one example, if your MTA does not have correct delivery retry settings you'll get "blocked" by certain anti-spam methods. I've run into the issue several times where someone thought it was a good idea to set their retry interval to under *five minutes* even though their delay notification was still set to four hours! It tried delivery twice in five minute then gave up. Heck, forget anti-Spam, that might not even get you into a heavily loaded server. Obviously they didn't really know what they we

    • Exactly. When I need to do a mass-mailing from my PHP apps, I use a custom class that emulates some of the sendmail interface by opening a socket to a SMTP host. See 'fsockopen' in the PHP docs -- SMTP is super-simple, and if you want, I'll share my class source with you.

      You just have to make sure that your production server has a trusted connection to the MTA, or write a few lines of code to authenticate against the server. Also remember that one thing that really pisses SPAM filters off is when you tr

  • Trial and error works. (Score:5, Insightful)

    by The MAZZTer (911996) <{moc.liamg} {ta} {tzzagem}> on Thursday June 22 2006, @09:05PM (#15586803) Homepage
    Get yourself a hotmail account and have PHP fire off e-mails to it. Tweak as needed until you get one through that's not marked as spam.
    • I don't know a great deal about how various filtering algorithms work, and even less about the filtering that hotmail has in place, so if I'm completely on the wrong track on this, then someone more in the know please set me strait
      That said, I think that if you do this, you should be aware that I think that if you send out emails marked as junk, then future emails are more likely to be marked as junk. As I understand it, a lot of spam filters work by assigning various point values to different things in t
    • I did. I created two Hotmail accounts for testing. I tried sending mails from PHP using the mail() function and through the PHPMailer library (http://phpmailer.sf.net/ [sf.net]). I also tried sending mails through Thunderbird and through my hosting service's webmail interface. My messages always have been marked as spam.

  • It's Probably Your Headers (Score:3, Informative)

    by Anonymous Coward on Thursday June 22 2006, @09:14PM (#15586839)
    I've noticed that Hotmail is very particular about the headers you send along with the message. If you send the message as a content-type: text/plain and specify a valid Message-ID, it should get through. Here is what I use for extra headers:

    $PlainMailHeaders= "MIME-Version: 1.0\r\n"
    . "Content-Type: text/plain\r\n"
    . "Content-Transfer-Encoding: 7bit\r\n" ."Message-ID: \r\n";

    Hope it helps.

  • Helpful suggestions (Score:3, Informative)

    by Spazmania (174582) on Thursday June 22 2006, @09:21PM (#15586862) Homepage
    1. Publish an SPF record. For a custom setup like yours, you can choose a subdomain just for your application and publish a record just for it, even if you don't want to use SPF for the main domain.

    2. Process the bounces. Hotmail notices and ranks the source accordingly.

    3. Make sure the reverse DNS for your server matches the forward DNS and that both resolve to a server name that is not obviously a dynamic IP address. Mail from a machine named customer43.dsl.bigisp.com tends to get weighted as spam for reasons which should be obvious.
  • 1. Obtain a Hotmail, Gmail, or Yahoo! email account.
    2. Code PHP to send emails through it to your Hotmail customers.
  • Anyone else ever find themselves without a route to any of hotmail's MXes? Once or twice per month, my mail server can't make a connection to any of the hotmail MXes. The outage typically lasts 12-72 hours, but never long enough to cause a bounce (5 days). I run tcptraceroute to port 25, and it dies at a msn.net router (the last hop that responds is 207.46.37.161). I'm on a Tier-1 ISP (Internap) sending 500-1500 messages daily to hotmail (and another 10-15k to other ISPs, with no problem). I submit to Hotma

  • My inbox (Score:5, Funny)

    by Anonymous Coward on Thursday June 22 2006, @09:31PM (#15586907)
    My hotmail inbox seems to only get mail about c14lis and v14gra. Perhaps you should use these keywords in your mail to help it get through?
  • Why not just let them enter another, in addition to Hotmail? Maybe Google could set you up with infinite invites. I bet losing traffic to Google would get them to whitelist you post-haste.
  • I have never had a problem getting an automated response for a sign up verification. I get maybe 5-10 unsolicited spams a day (all of which go directly to a junk mail folder) and 20+ solicited spams (email lists, tech groups, companies I deal with, etc...) emails a day (once again, it all goes to junk mail).

    So while other user's may have problems, I guess I'm just lucky and I've never really had a problem with Hotmail. To the extent that it has been my primary email provider since '97 (pre-MS days).

    -Rick
  • I've been using a Hotmail account for about 9 years now... things were okay until Microsoft took over control. My experiences have varied after MS came in:
    1. For the first year, 90% junk mails, only 10% proper mails.
    2. For the second to fourth years, 50 - 50.
    3. Three years back, proper mails got landed in the Junk mail folder, and junk mail in the Inbox... that's when David Coursey's (Chief Microsoft aplogist, then at ZDNet Anchordesk) mail got delivered in the Junk folder.... on second thoughts it seems sorta right now!
    4. I lost interest a year ago, just 2MB box-size.. didn't check my account - and boom! all mails lost.
    5. NOW: There's more than 25 MB, but it's been months since I checked my hotmail. Not much spam, but I've lost interest after getting a gmail account.

    Short answer to your question: You're better off writing a utility that swaps Junk mail and the Inbox for hotmail users. Microsoft doesn't like PHP. Open up PHP and email in google, you'll find 100s of pages of Vulnerabilities, BEFORE coming to the functionality.
  • Two things :

    - Make sure you have a PTR record correctly set to your hostname so that reverse lookup work. Whoever have been assigned the block from which your IP is taken (most likely, your ISP) is the one to contact for that.

    - Make sure the HELO/EHLO greeting of your MTA match the FQDN in the PTR record for the IP your mail appear to be coming from. In other words, make sure the hostname is set correctly on your mail server.

    Sorry for the elitism, but if you don't quite understand the above, maybe you sho

  • simple (Score:2, Insightful)

    by firebus (49468)
    don't require users to activate the account via email.

    i work on a medium sized, event driven, community website, and year after year we had the same problem - tons of people signing up at once, and a sizeable percentage of them wouldn't receive an activation email no matter how hard they tried.

    this led to much customer support.

    so we stopped requiring activation.

    and it hasn't been a problem.

    when you think about it, activation is useless. what benefit do you get out of it? you proved that some guy had access

  • Address book (Score:3, Informative)

    by Ash-Fox (726320) on Friday June 23 2006, @01:44AM (#15587802) Homepage
    The best way to make sure people get the e-mail (provided it isn't thrown off with invalid SPF records), is to get them to add said e-mail address to their online address book.
  • It has a user registration system that sends a link via email to activate new accounts.

    Some ways of flagging spam involve analysing the content to see if it looks like a spam email. Does your email just contain a link, or a link and a very small amount of text? If so this could be one reason it is flagged as junk.

    Try adding some more infromative text (e.g. Welcome text, eplanation, help) and see if this helps any. As the email filter may well score emails to see if they qualify as spam, this may help you

  • The situation is actually MUCH worse than that (Score:3, Interesting)

    by robosmurf (33876) on Friday June 23 2006, @05:01AM (#15588295)
    Actually, sending mail to Hotmail is much worse than that.

    The Symantec BrightMail filters that Hotmail uses will silently delete mail. The sender will see no indication that the mail failed, but the message will be deleted; it will NOT necessarily appear in the Junk Mail folder.

    I've been using Hotmail for years, but have recently been having terrible trouble with it losing messages from mailing lists that I am on, even with spam protection set at its lowest level.

    Hotmail is NOT a reliable email system.

    As far as I can tell, the only real solution to this is to tell your recipients not to use Hotmail.
    • The only problem with this is that I don't have an ISP address. I buy my internet access as a 'business' account from my telco, which includes JUST the DSL signal, an IP address, and usage of their DNS for lookup purposes.

      I have my own personal domain, as well as owning a small business, and having a domain for it.

      Most sites that block free email also block my domains, since they don't recognize them as belonging to an ISP. Both domains are hosted by other companies, neither one a 'free email' domain. So
    • I don't know this guy's target audience, but a whole lot of people don't have an ISP but still get on the net at public terminals (library, school, net cafes). They rely on free email services to have a net presence, and I think it would be sad to discriminate against them for that.
      • From what I've seen, nearly everyone has a real email account. I ran an ecommerce site for a while where I blacklisted all free email accounts as well as any email account or purchase that routed back to AOL. Those two restrictions cut the fraud down to almost nothing. I can't remember a single case where someone complained about the restriction and found they had no "real" email account they could use. A lot of people would use their work email. I did wonder if banning AOL entirely was a bit much, but
        • Ditto here, we blocked all the free email providers once we realized pretty much all our fraud orders were using them and few if any legit signups used them. Gave up forwarding to the free providers abuse departments as well.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.