Sending Mail to Hotmail Users? 126
Cafesolo wonders: "I'm developing a web application using PHP. It has a user registration system that sends a link via email to activate new accounts. I've found that sending mails to Hotmail accounts is very difficult, because the spam filter is very strong and it filters lots of non-junk messages. I think the spam filter blocks any email whose domain isn't in an internal whitelist (which might contain popular domains, like hotmail.com itself, gmail.com, yahoo.com, msn.com, etc). Most of my users have Hotmail emails. I can't simply tell my users to read the junk folder because most of them are not computer-savvy and that seems to be a bit confusing to them. Has anyone managed to solve this problem? Did somebody try to contact Microsoft? Is there any way to get whitelisted? Can an independent programmer get his domain whitelisted?"
See slashdot article... (Score:3, Informative)
Also, have you tried sending the email spoofing the receivers email address? You can set the "from" header to their own address. Of course, this won't help ip based whitelists, but it will help many emails make it through for some mail hosts (few users block their own email address)
Re:See slashdot article... (Score:5, Informative)
Never do this. Forging the return address is one of the few things that actually is illegal.
Re:See slashdot article... (Score:3, Informative)
(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--
...
(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
So, it's only illegal if it's for commercial purposes, and unless I'm reading it wrong, you're fine even then as long as it's within your state and the affected business is also within state.
Re:See slashdot article... (Score:2)
Re:See slashdot article... (Score:2)
Oh, I'm definitely NAL, but anyone that gets legal advice from a Slashdot needs about 100mg of Thorazine every 6 hours.
I'm just sayin' it's not simply illegal to spoof headers. I do it all the time with my friends (From: Your Mom ) and don't want this to become something that brings gasps because of misinterpretation.
Re:See slashdot article... (Score:2)
God damn Slashdot eating angle brackets... it was From: Your Mom <yourmom@thebomb.com>
It wasn't funny to begin with, and now it's just annoying, but fuckin' a I'm posting it anyway.
Re:See slashdot article... (Score:5, Funny)
So are you a doctor then?
Re:See slashdot article... (Score:5, Funny)
No, but I am a liar.
Re:See slashdot article... (Score:3, Informative)
You're reading it wrong.
"Whoever, in or affecting interstate or foreign commerce, knowingly" is pretty close to boilerplate. Judicial precedent has interpreted it to mean "virtually everything except for very rare circumstances where there is no possible tangential connection that pushes it over state lines." A grain of sand is covered in this language because it could reasonably be caught in someone's shoe and carried to another state. No, really, how do you think the EPA gets it
Re:See slashdot article... (Score:1)
As for the interstate commerce part, some courts have basically found that when you thought about the act, your brain waves may have bounced
Automatic death sentence (Score:5, Interesting)
But for many of us forging headers is an automatic death sentence. I've walked away from existing business relationships where I had non-refundable credits because a customer support request was answered with a forged header.
On the other side of the table, it's one of the few actions where I would not hestiate to recommend immediate termination for cause if I caught a member of our staff pulling that stunt. (The other actions are using the computers to perform illegal acts or to distribute pr0n/warez.)
The reason it's so serious? It shows a culture that has a casual disregard to the consequences of identity fraud. If you forge mail that appears to come from me, then who else are you sending those forged messages to? Why should I believe your answer? Trust, once lost, is not easily recovered.
(BTW this doesn't even address the original point of getting past spam filters. Like many sites I have my MTA set up to reject incoming messages that claim (in the envelope) to come from my own domains. I know who I am and anyone claiming to be 'me' is, prima facie, making fradulent claims and should be treated accordingly. The last time I checked that test, by itself, was blocking about a third of inbound traffic.)
Re:Automatic death sentence (Score:2, Insightful)
We are talking about microsoft here. The company policy seems to be take out the little guys first.
Re:Automatic death sentence (Score:2)
Maybe I'm not understanding the level this occurs at, but doesn't that lock out any of your employees sending work email from a home account using their work return address? Or an employee without VPN access emailing the company from the road?
Re:Automatic death sentence (Score:2)
Why are employees sending work emails from a home account? Offer them a HTTPS webmail server to deal with those cases. (IOW, there are technical fixes for the border cases such as webmail, VPN, 800 number dial-up access or using a dial-up ISP account.)
Don't some
Re:Automatic death sentence (Score:2)
Why are employees sending work emails from a home account? Offer them a HTTPS webmail server to deal with those cases.
There's plenty of small businesses that can't afford a HTTPS webmail server, or even an authenticated SMTP server. It's not that uncommon for these businesses to have people working from home, so there's a legitimate need to have the from: address be the business address, even though the email wasn't sent from the business, or one of the businesses computers.
Is that "forgery"? Frankly I do
Re:Automatic death sentence (Score:2)
Heck, one of the A2 plans is only $3/mo.
Some hosting companies even thrown in spam/virus filtering for free.
Re:Automatic death sentence (Score:2)
There is no "M" in HTTP (Score:2)
This kind of "medicine" is worse, than the decease. There are two modern e-mail protocols: IMAP for reading, and SMTP for sending.
Various "Webmail" implemements are nothing but either excuses for advertisers (like Google, MSN, Yahoo! "e-mail" services), or hacks and works around moronic firewall policies.
As I say in the subject, there is no "Mail" in Hyper Text Transfer Protocol...
What you wanted to write, was something like:
Re:See slashdot article... (Score:2)
It's easy with PHP mail() because it's just one parameter
Re:See slashdot article... (Score:2)
Regardless of the legality of it, most people with spam filters have them configured to block email that comes from an external source using an internal address, so I doubt that would help any. I know that everywhere I have ever worked had such messages blocked.
Re:See slashdot article... (Score:2, Informative)
The CAN-SPAM Act [wikipedia.org], actually. Deliberately falsifying headers is a direct violation.
Don't be such an insufferable smartass ... when you're wrong.
Re:See slashdot article... (Score:1)
Re:See slashdot article... (Score:5, Informative)
Re:See slashdot article... (Score:2, Insightful)
Re:See slashdot article... (Score:2)
Re:See slashdot article... (Score:3, Interesting)
Re:See slashdot article... (Score:1)
Re:See slashdot article... (Score:2)
Re:See slashdot article... (Score:3, Informative)
Re:See slashdot article... (Score:2)
Tools are available (Score:5, Informative)
MSN Smart Network Data Services: http://postmaster.msn.com/snds/ [msn.com]
This will let you put in your SMTP's IP address and it will give you consolidated stats on how much mail was received, and how much was filtered as spam.
Sender Score Certified: http://www.senderscorecertified.com/ [senderscorecertified.com]
This company will "certify" you as a safe sender, and Hotmail will let your emails in unfiltered. The catch is you have to pay for this.
Good luck. It isn't easy, but at least there are some tools at your use.
Re:Tools are available (Score:5, Informative)
http://wiki.apache.org/spamassassin/AvoidingFpsFo
http://www.senderbase.org/ [senderbase.org]
http://www.truste.org/ [truste.org]
http://www.bondedsender.org/ [bondedsender.org]
Re:Tools are available (Score:2)
The only thing that gets into my inbox that isn't specifically added to my whitelist is the Hotmail Staff messages, so even if this guy pays some service to get him "certified" with Hotmail, that won't do the trick.
Re:Tools are available (Score:1)
In that case, it would seem that hotmail itself is not particularly functional as a useful or reliable place to address communication. If people insist on using a broken email service, they have no business complaining when they don't get any mail. Their problem.
Re:Tools are available (Score:2)
Re:Tools are available (Score:4, Insightful)
Re:Tools are available (Score:2)
To clarify, it's not that these users don't matter. It's that if a user only allows whitelisted addresses through and doesn't whitelist your address/domain then you won't get through. That's not a problem with Hotmail, it's a problem with users only allowing whitelisted addres
Re:Tools are available (Score:2)
BLAH BLAH BLAH.
Do yourself a favour (Score:5, Informative)
Grab something like SpamAssassin, and set it up to add headers telling you what rules have been triggered. Then send an email from your web application to that account, and examine the headers. While Hotmail probably don't use the exact same rules as SpamAssassin, it's an easy way to spot obvious stuff for you to fix. For example, using too much HTML, particular phrases, too many capital letters, being on blacklists, etc, can all be remedied by you without Microsoft's involvement.
I also seem to remember that Hotmail strongly discriminates against senders who don't have SPF set up, so it's probably a good idea to enable that for your domain.
Re:Do yourself a favour (Score:1)
While you're at it, send them all Gmail invites, and explain to them that it's Hotmail's fault for treating their mail as spam. Tell them how to give feedback to Hotmail about that particular mail. It's a lot easier to let your shock troops^W^Wusers complain for you than it is to try to deal with Microsoft.
Re:Do yourself a favour (Score:4, Insightful)
The kind of user that pays you money? And there are a lot of people that don't understand spam filtering. Unlike most other email concepts, this one doesn't really have a snail-mail analogue.
I already do this. Without fail, every single Hotmail user that I have sent an invite to has either signed up and not switched, or not bothered signing up at all. Hotmail users are happy with crap. Think about it - if they weren't, they wouldn't be with Hotmail in the first place, would they?
Re:Do yourself a favour (Score:2)
How about this;
You know how some people have a sign on their letterbox saying 'no circulars'?
Well imagine if the people who delivered 'circulars' actually respected this.
Now imagine having two letterboxes, one labelled 'circulars only'.
So if you ask someone to send you a newsletter and you don't find it
delivered in your regular mailbox, where would you look
Add a SPF record. (Score:5, Informative)
See:
http://www.microsoft.com/mscorp/safety/content/te
&
http://openspf.org/wizard.html [openspf.org]
Re:Add a SPF record. (Score:2, Informative)
Re:Add a SPF record. (Score:1)
Re:Add a SPF record. (Score:2)
As long as you control the mail servers for your domain, why not publish SPF records? (Note that SPF is about anti-forgery, not anti-spam.)
Solution (Score:2)
Re:Solution (Score:1)
Re:Solution (Score:2)
Re:Solution (Score:2)
Yeah, right. I've had a Hotmail Plus account ($20/yr for a 2GB Inbox, no ads, offline access) for some time now (before Gmail was launched), and I must say bar some real idiocy on the part of MS I'm going to keep renewing, primarily for the spam protection (2-3 a day) and good customer service.
> I myself use yahoomail
Right now Yahoo's name == mud with me because they deactivated my Yahoo Mail account for 'non-use' (and delet
Re:Solution (Score:2)
If you pick a category of ads for Yahoo to send you, they will also let you use then POP3 to retrieve your email, which counts as a login. I haven't actually logged into my Yahoo webmail account for years but daily connections from my email client keep it from being deleted.
Re:Solution (Score:2)
SSL { Webmail / IMAP / POP3 }
Screw 'em... (Score:1)
Re:Screw 'em... (Score:1)
Re:Screw 'em... (Score:2)
Very big assumptions. (Score:5, Insightful)
Re:Very big assumptions. (Score:2)
Re:Very big assumptions. (Score:3, Informative)
Exactly. When I need to do a mass-mailing from my PHP apps, I use a custom class that emulates some of the sendmail interface by opening a socket to a SMTP host. See 'fsockopen' in the PHP docs -- SMTP is super-simple, and if you want, I'll share my class source with you.
You just have to make sure that your production server has a trusted connection to the MTA, or write a few lines of code to authenticate against the server. Also remember that one thing that really pisses SPAM filters off is when you tr
Re:Very big assumptions. (Score:2)
Re:Very big assumptions. (Score:2)
Re:Very big assumptions. (Score:2, Informative)
Trial and error works. (Score:5, Insightful)
Re:Trial and error works. (Score:2)
That said, I think that if you do this, you should be aware that I think that if you send out emails marked as junk, then future emails are more likely to be marked as junk. As I understand it, a lot of spam filters work by assigning various point values to different things in t
Re:Trial and error works. (Score:2, Interesting)
It's Probably Your Headers (Score:3, Informative)
$PlainMailHeaders= "MIME-Version: 1.0\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Transfer-Encoding: 7bit\r\n"
Hope it helps.
Helpful suggestions (Score:3, Informative)
2. Process the bounces. Hotmail notices and ranks the source accordingly.
3. Make sure the reverse DNS for your server matches the forward DNS and that both resolve to a server name that is not obviously a dynamic IP address. Mail from a machine named customer43.dsl.bigisp.com tends to get weighted as spam for reasons which should be obvious.
Re:Helpful suggestions (Score:2)
Re:Helpful suggestions (Score:2)
Hmm, how about this? (Score:2)
2. Code PHP to send emails through it to your Hotmail customers.
Occasional black-hole routing? (Score:2, Interesting)
Re:Occasional black-hole routing? (Score:2)
Re:Occasional black-hole routing? (Score:2)
Tracing the path to 65.54.245.72 on TCP port 25 (smtp), 20 hops max
3 core2.ge0-0-0-bbnet1.sef.pnap.net (63.251.160.2) 0.583 ms 0.609 ms 0.741 ms
4 10ge-3-3.r01.sttlwa01.us.bb.verio.net (209.168.94.241) 0.627 ms 0.560 ms 0.574 ms
5 129.250.8.66 176.046 ms 1.564 ms 0.629 ms
6 ten8-3.wst-76cb-1a.ntwk.msn.net (207.46.35.105) 171.988 ms 0.891 ms 200.322 ms
7 pos4-1.pax-76cb-1a.ntwk.msn.net (207.46.33
My inbox (Score:5, Funny)
Re:My inbox (Score:1)
Contact List workaround (Score:1)
Most people have several accounts (Score:2)
As a hotmail user.... (Score:2)
So while other user's may have problems, I guess I'm just lucky and I've never really had a problem with Hotmail. To the extent that it has been my primary email provider since '97 (pre-MS days).
-Rick
From someone who knows... (Score:1, Insightful)
Domain Keys are also an excellent addition to having SPF. Different people trust different technologies, so using both is always a good idea.
To increase your chances of mail delivery to Hotmail, have a look at this: http://postmaster.msn.com/Services.aspx#JMRPP [msn.com]
You'll figure out why your messages are being junked. Most of the biggies have some sort of feedback loop/whitelisting procedure. If you business d
Re:From someone who knows... (Score:1)
And thanks to your ESP, you know what the people don't want without having to ask them.
Re:From someone who knows... (Score:2)
Do like FEMA (Score:1)
Don't allow free emails (Score:1, Troll)
Re:Don't allow free emails (Score:2)
I have my own personal domain, as well as owning a small business, and having a domain for it.
Most sites that block free email also block my domains, since they don't recognize them as belonging to an ISP. Both domains are hosted by other companies, neither one a 'free email' domain. So
Re:Don't allow free emails (Score:2, Insightful)
Re:Don't allow free emails (Score:3, Interesting)
Re:Don't allow free emails (Score:3, Interesting)
Re:Don't allow free emails (Score:2)
David Coursey was delivered in my junk mail folder (Score:3)
1. For the first year, 90% junk mails, only 10% proper mails.
2. For the second to fourth years, 50 - 50.
3. Three years back, proper mails got landed in the Junk mail folder, and junk mail in the Inbox... that's when David Coursey's (Chief Microsoft aplogist, then at ZDNet Anchordesk) mail got delivered in the Junk folder.... on second thoughts it seems sorta right now!
4. I lost interest a year ago, just 2MB box-size.. didn't check my account - and boom! all mails lost.
5. NOW: There's more than 25 MB, but it's been months since I checked my hotmail. Not much spam, but I've lost interest after getting a gmail account.
Short answer to your question: You're better off writing a utility that swaps Junk mail and the Inbox for hotmail users. Microsoft doesn't like PHP. Open up PHP and email in google, you'll find 100s of pages of Vulnerabilities, BEFORE coming to the functionality.
Re:David Coursey was delivered in my junk mail fol (Score:1)
> lost.
> 5. NOW: There's more than 25 MB, but it's been months since I checked my hotmail. Not much spam,
> but I've lost interest after getting a gmail account.
Keep checking your Gmail account if you don't want to lose everything. Once every 9 months, I think it is.
OH, and spam filtering in Gmail has got a *lot* worse in the last couple of months. It used to be faultless, but now I get 5 or 10 spam
PTR record and hostname in HELO (Score:2)
- Make sure you have a PTR record correctly set to your hostname so that reverse lookup work. Whoever have been assigned the block from which your IP is taken (most likely, your ISP) is the one to contact for that.
- Make sure the HELO/EHLO greeting of your MTA match the FQDN in the PTR record for the IP your mail appear to be coming from. In other words, make sure the hostname is set correctly on your mail server.
Sorry for the elitism, but if you don't quite understand the above, maybe you sho
Re:PTR record and hostname in HELO (Score:1)
Shared
Hosting
Account
simple (Score:2, Insightful)
i work on a medium sized, event driven, community website, and year after year we had the same problem - tons of people signing up at once, and a sizeable percentage of them wouldn't receive an activation email no matter how hard they tried.
this led to much customer support.
so we stopped requiring activation.
and it hasn't been a problem.
when you think about it, activation is useless. what benefit do you get out of it? you proved that some guy had access
Re:simple (Score:2)
I disagree! Activation is very important! With
Comment removed (Score:3, Informative)
Content could be flagged as spam (Score:2)
Some ways of flagging spam involve analysing the content to see if it looks like a spam email. Does your email just contain a link, or a link and a very small amount of text? If so this could be one reason it is flagged as junk.
Try adding some more infromative text (e.g. Welcome text, eplanation, help) and see if this helps any. As the email filter may well score emails to see if they qualify as spam, this may help you
PHPMailer with SMTP (and less spammy emails) (Score:2)
Maybe your signup message/test messages look too much like spam? Try to avoid use of exclamation marks, mispellings, ALL CAPS, etc.
We have an e-commerce package that sends emails to HoTMaiL, AOL mail, yahoo, gmail and lots more fine using nothing more than the PHPMailer class.
One quick suggestion, do you use PHPMailer with the mail method or with the smtp method? We use smtp as using the PHP mail() function does sometimes end up getting you flagged as spam, no idea why though! PHPMailers SMTP client
The situation is actually MUCH worse than that (Score:3, Interesting)
The Symantec BrightMail filters that Hotmail uses will silently delete mail. The sender will see no indication that the mail failed, but the message will be deleted; it will NOT necessarily appear in the Junk Mail folder.
I've been using Hotmail for years, but have recently been having terrible trouble with it losing messages from mailing lists that I am on, even with spam protection set at its lowest level.
Hotmail is NOT a reliable email system.
As far as I can tell, the only real solution to this is to tell your recipients not to use Hotmail.
Shared server's IP blacklisted (Score:1)
Stupid blacklists seem to blacklist by IP (or sometimes IP range!) instead of domain, which means that if one spammer is using your box, then all domains on that box will get blacklisted.
This is why my Email gets marked as spam by Yahoo. Sometimes it happens due to reverse DNS too (if you don't have complete control of your DNS, your reverse lookup may be a different domain - usually your host or ISP).
The best option is to colocate your own server, but it's too pricey for
Have you entered an SPF record? (Score:2)
http://www.openspf.org/ [openspf.org]
"Strong" spam filter, "dumb" more likely... (Score:2)