Non Standard Web Address Format - warnings

We sent mails to customers in our application which has a link in it. In yahoo and Hotmail, whenever the customer clicks on the link it displays following warning
alt text http://img691.imageshack.us/img691/5402/warningp.jpg
The URL is long encrypted query string.
Is there any way to suppress this popup?
Or How to intimate the mail server that this is not a harmful site.

Sri, that's the problem - Yahoo, Hotmail, etc. don't like IP addresses in URLs because they're non-standard and spammers who create spoof emails often use them.
See http://www.myp2pforum.eu/website-forum/10495-when-i-confirmed-my-registration-why-did-i-get-security-warning.html for someone else who had a similar problem to you.
If you're still in testing, you can add a hostname entry for that IP address on your local machine(s) (see http://en.wikipedia.org/wiki/Hosts_file), then you can essentially use a dummy hostname for testing until you get into production.

Related

Why Google's SMTP changes FROM field value

We use Google Apps' account to send site-generated mail from support#oursite.com. It was fine until some point (between April and June) the settings got changed and now when they click "Reply" they see support#oursite.com instead of user's email.
in April's letters both Reply-To and To headers are filled out with user's email;
in June's ones, Reply-To contains user's email but To header contains support#oursite.com.
In all cases FROM headers contain support#oursite.com; we try to put user's email into it but (supposedly) Google SMTP replaces it to support#oursite.com somehow.
The question is:
has anyone else encountered such a problem? (yes, I've searched, not the same cases found)
what solution did you find?
UPD: the behavior described above is for Gmail (both free and GApps) web client only. In any other client (e.g., Gmail for Android/Apple, etc.) hitting "Reply" results in the correct email in the "To" field.
I believe GMail has been doing this for a while - I'm surprised that this started happening to you just recently.
However, there may be a solution. See http://lifehacker.com/111166/how-to-use-gmail-as-your-smtp-server and read 'Update 3' at the bottom of the page.
Google Enterprise support says the following on this subject :
If the From address is your own account (either your primary or an
alias custom from) the 'Reply-to' address is changed to the To
address. This is implemented for replying to sent messages. If you
reply to a message you just sent, you are, in effect, sending another
message to all the To addresses. If you change the From address to a
non-sending address (not the primary and not an alias custom from) and
the reply-to should begin to work as expected without any further
problems.

Provide email certificate in html mailto link

I would like to know if it's possible to provide an email certificate (signed by a recognised CA) so the user clicking on the mailto link can send encrypted email to the owner of the cert ?
hello#gmail.com
Is there any way to do that using the mailto link or using some JS ? Given the mailto link is handled by a local email client, should be possible ?
If there is no direct way to do this, how to make it?
One option is a web form for message sending, served via HTTPS. The server-side handler of the form would compose an encrypted mail on the server and then send it via SMTP. This provides almost the same level of security as direct encryption (given that your server is secure). Unfortunately there's no other simple way to do what you want. Of course, you can put a link for your .cer file download and tell the user to download the .cer file and use it to compose an encrypted mail, but how would you deal with GMail users and mobile users? Web form is more flexible and easier to use for the sender.
You can look up what you according to the current specification can do with a mailto URL in RFC 2368. You'll see that it only refers to the construction of the mail text and headers, not their encoding or encryption. There may be extensions for some mail clients, but that's not something one should generally count on.
Furthermore, Web mail users generally will have problems with such links anyways. Thus, for a solution that has to be usable by anyone, a scheme counting on some client side program is not a good choice.
Thus, some Web form as mentioned by #Eugene accessable only via https would best serve your requirements.

browsers mailto issue?

i have an application that has to return emails to a user with his email client, but in some cases I have to pass around 1000 emails.
I'm using mailto on href, something like this:
mailto:info#useremail.com?bcc=email1#test.com,email2#other.net,anotherone#dfsf...
Why am I returning to his email client instead using PHP mail() function?
Because the user sender email depends on which computer he is using, and he needs to archive thoose emails.
The problem:
Some browsers, if the email list is bigger than X, it won't send to his preferred email client.
You could output the full BCC list and ask the user to copy-paste it in. But maybe you should just rethink your entire strategy if you want to pass thousands of e-mail addresses to a user.
That's because the length of a GET request (and such a link is a GET request) has a maximum. On some browsers it might only be 2083 characters. So any email address behind that limit will not be send to the client email program. And thousand of email adresses will break the limit.
For anything other than a simple mailto:address with no parameters, mailto: URLs are massively unreliable and should be avoided. URL-length issues are only the beginning.
on some cases i have to pass around 1000 emails...
Even if a mailer could cope with getting the URL, a user's residential ISP is unlikely even to allow them to send that.
Give up. Send the mails yourself from PHP. Send a copy to the user for the archival purposes.
Passing a user thousands of email addresses is very unusual.
Generally, a more typical application would use PHP mail() on the server side, and then allow browsing the archives of whatever notifications have been sent out. The mail stays on and is sent from the web server, but allows the user to see what's gone out in the past.
On the minus side, that's a good bit more code, but probably the only way to fix the problem you're having; mailto: wasn't meant for large volume.

HTML email not received in gmail, but succeeds with yahoo, msn, aim, and work domain. Is it my HTML?

I have tried sending and HTML formatted email using ACYmailing for Joomla AND Mailchimp. It works for yahoo, msn, aim, my work domain but not for gmail.
I can send plain emails from my server to gmail but the HTML formatted newsletter doesn't work.
Someone suggested it may be my HTML code ~~~> Pastebin
I couldn't find a problem with it.
Some ideas:
Maybe GMail recognizes it as spam. Try some different content
Did you set the headers of the email correctly?
Did you specify a correct sender / sender name?
Are you receiving a rejection or failed email response? If it is being rejected you should get an email explaining why which will be sent (although you will need to specify a correct from / reply-to email address to receive this).
The first thing I would check is if the IP you are sending from has been blacklisted by any spam services - most deliverability issues I have experienced have been due to this. You can check a fairly extensive list of spam blacklists (together with some additional email validation services) at MX Toolbox
If everything appears fine there it may be due to Gmail's fairly strict antispam criteria. To be accepted, an email should contain in the headers a valid email address for Return-Path. If this is not valid then there must be a Reply-To header with a valid email address.
Another important weapon in Googles antispam arsenal is SPF record checking - essentially a way of validating that an IP address is authorised to send email for a particular domain. This is worth checking however as far as I am aware a missing SPF record will only cause the mail to go into spam rather than not be delivered.
Gmail has three tabs now, especially if you're part of their partner network. I encountered the same issue until I noticed the three tabs. They are "Primary", "Social", and "Promotions". All of my MailChimp email wound up under the Promotions tab. Check there for your emails from MailChimp and possibly other e-blast emails. I don't have the solution yet on how to get MailChimp emails to go directly to the Primary area of the inbox.
Just in case you're actually sending the HTML you reference in your question, note that it's invalid - you haven't wrapped it in the necessary <html> and <body> tags.
I realize it's likely you just forgot to include those tags in the pastebin reference, but just in case. Note that the w3c validator found several (minor) errors in the referenced fragment.

E-mail in the source : a no-go?

I have a contact form where the email is actually accessible in the source, because I'm using a cgi file to process it. My concern are the mail crawlers, and I was wondering if this is a no-go and I should switch to another more secure form. Or, if there was some tricks to 'confuse' the crawlers ? Thanks for your ideas.
If you're putting the destination address of the email in the HTML form, then not only is it a problem for mail crawlers, but spammers will use your contact form for spamming other people. All they would have to do is submit the same form with a different address in that field, and your mail server will happily send their message to a third party. You do not want to do this, as your server will quickly become blacklisted for sending spam.
If by source you mean the HTML source, then absolutely that's a problem. Can you edit the cgi file to hardcode it there?
I always convert the characters of email addresses (including the mailto statement if applicable) into character entities. This seems to work nicely, I have yet to receive automated spam on certain email addresses which are available in this manner on different websites. This converter illustrates what I mean.
Yes, you should avoid that to minimize spamming.
An easy way would be to just obfuscate the e-mail, replacing . with -dot- and # with -at- etc.
If a human needs the address, he knows what that he has to perform
If your CGI script takes this address as input, it has to de-obfuscate first, reverting all obfuscations.