Thursday, January 28, 2010

Sending Valid Emails from Website

E-mails are one of the key elements of a website/web application. They are used in contact forms, sign-ups, notifications, newsletters, etc.

It is a common experience that sometimes e-mails sent from websites go to the junk folders or never reach.

Although it is not always possible to detect the reasons for this, there are several things that we can do to minimize the risk. Here they are:

  • Send E-mails Through A Valid E-mail Server With Authentication

This is the most important one which you may be automatically offering all the tips below.

It is mostly a good idea to send website e-mails through the e-mail server that will require authentication rather than the web server's SMTP server. Servers that are specifically set to send e-mails generally have Reverse DNS & SPF records, support greylisting ,etc.

Every scripting language offers methods to send e-mails with authentication.

On the other hand, sometimes, using e-mail servers are not enough as you may need to send lots of e-mails but the hosting provider may be applying limits, etc. In such cases, if you'll be sending e-mails through your web server, make sure to check these all:

  • Reverse DNS (rDNS)

As every domain resolves to an IP address, optionally, IPs can resolve to domain names which is called reverse DNS.

Many spammers use non-existing or dynamic e-mails without reverse DNS records. E-mail servers generally check if the sender IP has a reverse DNS record or not.

How to add reverse DNS records?: reverse resolving uses the pointer DNS record type (PTR record) which you should be asking your hosting provider to create it (check if it exists).

  • SPF Records

Sender Policy Framework is being used by more & more e-mail providers everyday (Gmail, Hotmail & Yahoo uses it) as a criteria to detect if a message is spam or not.

It simply allows the owner of a domain to specify their mail sending policy, (like which mail servers they use to send mail from their domain).

SPF records are DNS TXT records which an online setup wizard can help you creating it (you'll need to create new DNS records).

  • Using A SMTP Server That Supports Greylisting

A very powerful spam prevention method used by mail servers is called greylisting.

When you send an e-mail, the server receiving it can say to your SMTP server: "send it to me again in x minutes" which is mostly not supported by the methods spammers use.

So, you need a smart SMTP server who can understand this command (IIS SMTP can not) that will re-send the e-mails when requested.

  • No Bulk Mailing

Both the SMTP server you'll be sending e-mails & the servers that will receive them generally have rules to define an IP/e-mail as spammer who sends x number of mails in y seconds.

So, if you have a large userbase to send e-mail, it will be a good idea to send them in intervals.

  • No Sending Of E-mails In Alphabetical Order

Again, if you'll be sending e-mails to a large userbase, don't send them in alphabetical order of e-mails as mail servers can mark them as a dictionary attack.

  • Check If The Server IP Is Blacklisted

Blacklists are systems, that are used by most of the e-mail service providers, that has bot or human e-mail accounts which analyze the common e-mail traffic & can blacklist IPs according to e-mails sent from them.

The server you're using to send e-mails can be shared by many other users. And, a spam that is sent by anyone on that server can lead to a "blocking" by e-mail blacklists which will damage the communication of every account on it.

You can check if you IP is blacklisted from different resources.

I'll be updating if I get and experience any other tips for it.