RE: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-12 Thread Peter Lauri 
Thanks, that was very clear :)

-Original Message-
From: Roman Neuhauser [mailto:[EMAIL PROTECTED] 
Sent: Friday, October 13, 2006 6:32 AM
To: Richard Lynch
Cc: Peter Lauri; php-general@lists.php.net
Subject: Re: [PHP] PHP Mailer and SMTP = SPAM?

# [EMAIL PROTECTED] / 2006-10-12 11:23:52 -0500:
> On Wed, October 11, 2006 11:28 pm, Peter Lauri wrote:
> > [snip]
> > Unless the email is coming "from" somebody the recipient knows/trusts,
> > then you're going to get marked by them as a spammer -- which will
> > report back to some of the lists marking you as a spammer.
> > [/snip]
> >
> > But is it not a problem sending from the SMTP server thedomain.com
> > using something else then the email [EMAIL PROTECTED] I am
> > planning to send from an existing email from the domain.
> 
> Not really -- at least not in my limited experience.
> 
> There are so many OTHER factors that the DNS resolution of the return
> address and the actual SMTP machine not matching up are probably not a
> deciding factor...

Sender, client.example.org, IP 1.2.3.4 connects to the receiver
(server.example.org).

1. DNS - PTR RR. If 4.3.2.1.in-addr.arpa doesn't exist (the value
   would be client.example.org), server refuses the connection
2. DNS - A RR. If client.example.org doesn't exist or doesn't
   resolve to 1.2.3.4, server refuses the connection
3. DNS - RBL. If 1.2.3.4 is in any of a number of possible
   RBLs, server refuses the connection
4. DNS - RHSBL. If example.org is in any of a number of possible
   RHSBLs, server refuses the connection 
 
If the client passed all checks, the server accepts the connection:

S: 220 server.example.org ESMTP
C: HELO client.example.org
S: 250 Ok

5. SMTP - If client doesn't say HELO with a FQDN argument, or
6. SMTP - If the HELO command argument doesn't resolve to the client
   IP address, the server responds with a 4xx or 5xx.

C: MAIL FROM: [EMAIL PROTECTED]

7. DNS - MX or A RR. If neither of these records exists for
   elsewhere.org, server replies with 5xx, permanent error.

S: 450 Greylisted
C: QUIT

server replied with a 4xx temporary error code, the client (rightly)
disconnected. server in turn tries to send a message back to
[EMAIL PROTECTED] to see if it accepts email:

E: 220 erwin.elsewhere.org ESMTP
S: HELO server.example.org
E: 250 Ok
S: MAIL FROM: <>
E: 250 Ok
S: RCPT TO: <[EMAIL PROTECTED]>
E: 250 Ok
S: QUIT

The empty FROM address is the special null address used to send
bounce messages.

Should erwin reply with 5xx to any of the commands from server,
[EMAIL PROTECTED] will be stored in a nondeliverables database, and
when client returns it'll be rejected:

C: MAIL FROM: <[EMAIL PROTECTED]>
S: 550 Sender rejected

I'm sure I forgot something or screwed the description here and
there, but you get the idea.

-- 
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man.  You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-12 Thread Roman Neuhauser 
# [EMAIL PROTECTED] / 2006-10-12 11:23:52 -0500:
> On Wed, October 11, 2006 11:28 pm, Peter Lauri wrote:
> > [snip]
> > Unless the email is coming "from" somebody the recipient knows/trusts,
> > then you're going to get marked by them as a spammer -- which will
> > report back to some of the lists marking you as a spammer.
> > [/snip]
> >
> > But is it not a problem sending from the SMTP server thedomain.com
> > using something else then the email [EMAIL PROTECTED] I am
> > planning to send from an existing email from the domain.
> 
> Not really -- at least not in my limited experience.
> 
> There are so many OTHER factors that the DNS resolution of the return
> address and the actual SMTP machine not matching up are probably not a
> deciding factor...

Sender, client.example.org, IP 1.2.3.4 connects to the receiver
(server.example.org).

1. DNS - PTR RR. If 4.3.2.1.in-addr.arpa doesn't exist (the value
   would be client.example.org), server refuses the connection
2. DNS - A RR. If client.example.org doesn't exist or doesn't
   resolve to 1.2.3.4, server refuses the connection
3. DNS - RBL. If 1.2.3.4 is in any of a number of possible
   RBLs, server refuses the connection
4. DNS - RHSBL. If example.org is in any of a number of possible
   RHSBLs, server refuses the connection 
 
If the client passed all checks, the server accepts the connection:

S: 220 server.example.org ESMTP
C: HELO client.example.org
S: 250 Ok

5. SMTP - If client doesn't say HELO with a FQDN argument, or
6. SMTP - If the HELO command argument doesn't resolve to the client
   IP address, the server responds with a 4xx or 5xx.

C: MAIL FROM: [EMAIL PROTECTED]

7. DNS - MX or A RR. If neither of these records exists for
   elsewhere.org, server replies with 5xx, permanent error.

S: 450 Greylisted
C: QUIT

server replied with a 4xx temporary error code, the client (rightly)
disconnected. server in turn tries to send a message back to
[EMAIL PROTECTED] to see if it accepts email:

E: 220 erwin.elsewhere.org ESMTP
S: HELO server.example.org
E: 250 Ok
S: MAIL FROM: <>
E: 250 Ok
S: RCPT TO: <[EMAIL PROTECTED]>
E: 250 Ok
S: QUIT

The empty FROM address is the special null address used to send
bounce messages.

Should erwin reply with 5xx to any of the commands from server,
[EMAIL PROTECTED] will be stored in a nondeliverables database, and
when client returns it'll be rejected:

C: MAIL FROM: <[EMAIL PROTECTED]>
S: 550 Sender rejected

I'm sure I forgot something or screwed the description here and
there, but you get the idea.

-- 
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man.  You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-12 Thread Peter Lauri 
Thanks for your answer. I better think about this one more time, read some
more about it, and then execute :) I will let you know if it flops...

-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 12, 2006 11:24 PM
To: Peter Lauri
Cc: php-general@lists.php.net
Subject: RE: [PHP] PHP Mailer and SMTP = SPAM?

On Wed, October 11, 2006 11:28 pm, Peter Lauri wrote:
> [snip]
> Unless the email is coming "from" somebody the recipient knows/trusts,
> then you're going to get marked by them as a spammer -- which will
> report back to some of the lists marking you as a spammer.
> [/snip]
>
> But is it not a problem sending from the SMTP server thedomain.com
> using
> something else then the email [EMAIL PROTECTED] I am planning to
> send
> from an existing email from the domain.

Not really -- at least not in my limited experience.

There are so many OTHER factors that the DNS resolution of the return
address and the actual SMTP machine not matching up are probably not a
deciding factor...

I could be wrong on this -- I don't run SMTP servers, and *most* of my
email is coming out from the same server, but I also have a "contact
them" link, and it seems to work fine, and is most certainly not using
return addresses whose DNS matches the sending server.

> So even that I send from thedomain.com SMTP server I should to set the
> FROM
> and REPLY TO to the person who is referring? Our main idea was to send
> the
> email from the author of the book as it comes from him, but that is
> maybe
> not a great idea?

Send the email "From: " the person who actually typed it.

Anything else is more likely to trip you up in some other way, I
should think.

> So I am in the middle of two suggestions:
>
> 1. Make sure that the email is in the domain that you are sending from
> 2. Make sure that the emails is from the referring persons email so it
> won't
> be marked as spam at their point.

In an ideal world, you have a limited number of authors, and you can
configure YOUR SMTP server as a relay for them, thus meeting both
conditions.

rasmus AT dwsasia.com would a valid email, forwarding to a known valid
email for Rasmus the PHP Pocket Guide author.

So, you get the best of all worlds -- Custom emails on your site with
the correct DNS resolution to "match" the sender, the author's name in
the email address, even using the "First Last" <[EMAIL PROTECTED]>
format.

This satisfies all the conditions, at the minimal expense of setting
up an email forward for each author/recipient.

If I had easy access to control email setup, I'd do that on my site,
but I don't, so I just send them out with the return address of
whomever sent them.

Course I also throttle it so it can only send 4 emails per day from
one IP, and have a few other measures in place to limit spam abuse.

NOTE:
If the authors aren't typing the actual email, you do NOT want to be
sending it "from" them without their prior explicit review and consent
of the outgoing email.  Authors in particular are very picky about
what words you put in their mouth. :-)

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-12 Thread Richard Lynch 
On Wed, October 11, 2006 11:28 pm, Peter Lauri wrote:
> [snip]
> Unless the email is coming "from" somebody the recipient knows/trusts,
> then you're going to get marked by them as a spammer -- which will
> report back to some of the lists marking you as a spammer.
> [/snip]
>
> But is it not a problem sending from the SMTP server thedomain.com
> using
> something else then the email [EMAIL PROTECTED] I am planning to
> send
> from an existing email from the domain.

Not really -- at least not in my limited experience.

There are so many OTHER factors that the DNS resolution of the return
address and the actual SMTP machine not matching up are probably not a
deciding factor...

I could be wrong on this -- I don't run SMTP servers, and *most* of my
email is coming out from the same server, but I also have a "contact
them" link, and it seems to work fine, and is most certainly not using
return addresses whose DNS matches the sending server.

> So even that I send from thedomain.com SMTP server I should to set the
> FROM
> and REPLY TO to the person who is referring? Our main idea was to send
> the
> email from the author of the book as it comes from him, but that is
> maybe
> not a great idea?

Send the email "From: " the person who actually typed it.

Anything else is more likely to trip you up in some other way, I
should think.

> So I am in the middle of two suggestions:
>
> 1. Make sure that the email is in the domain that you are sending from
> 2. Make sure that the emails is from the referring persons email so it
> won't
> be marked as spam at their point.

In an ideal world, you have a limited number of authors, and you can
configure YOUR SMTP server as a relay for them, thus meeting both
conditions.

rasmus AT dwsasia.com would a valid email, forwarding to a known valid
email for Rasmus the PHP Pocket Guide author.

So, you get the best of all worlds -- Custom emails on your site with
the correct DNS resolution to "match" the sender, the author's name in
the email address, even using the "First Last" <[EMAIL PROTECTED]>
format.

This satisfies all the conditions, at the minimal expense of setting
up an email forward for each author/recipient.

If I had easy access to control email setup, I'd do that on my site,
but I don't, so I just send them out with the return address of
whomever sent them.

Course I also throttle it so it can only send 4 emails per day from
one IP, and have a few other measures in place to limit spam abuse.

NOTE:
If the authors aren't typing the actual email, you do NOT want to be
sending it "from" them without their prior explicit review and consent
of the outgoing email.  Authors in particular are very picky about
what words you put in their mouth. :-)

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-11 Thread Peter Lauri 
[snip]
Unless the email is coming "from" somebody the recipient knows/trusts,
then you're going to get marked by them as a spammer -- which will
report back to some of the lists marking you as a spammer.
[/snip]

But is it not a problem sending from the SMTP server thedomain.com using
something else then the email [EMAIL PROTECTED] I am planning to send
from an existing email from the domain.

So even that I send from thedomain.com SMTP server I should to set the FROM
and REPLY TO to the person who is referring? Our main idea was to send the
email from the author of the book as it comes from him, but that is maybe
not a great idea?

So I am in the middle of two suggestions:

1. Make sure that the email is in the domain that you are sending from
2. Make sure that the emails is from the referring persons email so it won't
be marked as spam at their point.

This is what I got from "Rick". What are you thoughts on this?

[snip]
when you do a dns lookup (from a machine not on the same network) on the
ipnumber of the sending mail server does it show a name? if you do a forward
lookup on that name, does that resolve to the (same) ipnumber? 

the answer to the first part must be "yes", and ideally the second will be
"yes". if the first is "no", then don't bother sending from that machine
until that issue has been dealt with. 

sending html substantially increases the probability that your messages will
be tagged as spam. certain things will increase that probability. 

your point "2." is mostly irrelevant. an smtp server simply needs to be
configured so it is not an open relay. that is generally the default
configuration (of any MTA that's worth using), and is achievable without
smtp auth.
[/snip]

Best regards,
Peter Lauri

www.lauri.se - personal website
www.dwsasia.com - company website

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-11 Thread Google Kreme 

On 10 Oct 2006, at 12:37 , Richard Lynch wrote:

Very simple to code/implement/maintain.


Oh?  How simple is it?

(yes, this is an oblique request for code :)

--  
Nothing like grilling a kosher dog over human hair to bring out the  
subtle flavors.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-11 Thread tedd 

At 5:30 PM + 10/10/06, Roman Neuhauser wrote:

How many Vietnam vets does it take to screw in a light bulb?
You don't know, man.  You don't KNOW.
Cause you weren't THERE.


Troll.

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-10 Thread David Giragosian 

-- Forwarded message --
From: Roman Neuhauser <[EMAIL PROTECTED]>
Date: Oct 10, 2006 5:11 PM
Subject: Re: [PHP] PHP Mailer and SMTP = SPAM?
To: David Giragosian <[EMAIL PROTECTED]>

# [EMAIL PROTECTED] / 2006-10-10 12:49:11 -0500:

Do you realize how many Vietnam war veterans you're offending with what I
guess is supposed to be a joke?


  Surely not. How could I know how many of those who spilled blood in
  Vietnam, Cambodia or Laos cannot reflect on their deeds almost 40
  years later?

  I know it's easy for the older parts of our behavioral equipment to
  take hold esp. in difficult situations, and 18-20 years old guys
  aren't exactly known as a group with the closest obedience of
  so-called moral norms (that's quite natural and I would have to damn
  myself if I weren't forgiving about it). But don't complain it was
  tough if you were there to murder other people.

  Sure, we (humans) are weaklings, and easily fall prey to whatever
  bullshit any drunkard and/or Hitler-wannabe says if they repeat it
  long enough, but if those Americans who fought in Vietnam didn't
  elect the government that sent them there then it was their parents,
  and grandparents. If you get agitated by a joke referring to the US
  movie and TV cliche they fed us with for 20 years or so, complain to
  those Americans who voted for the war. The "GM" children born today
  in Vietnam, mutilated by defoliants sprayed on their parents 35
  years ago are shame of those who elected Nixon.


You're in the Czech Republic, I'm guessing by your country code, so maybe

I

should have cut you some slack, but it isn't funny to those of us who went
to war or lived through it.


  Yes, I'm a citizen of a country that takes part in the running US
  raid on Middle East. I'm living through a war myself, mind you.
  Although much closer to the shit than you I'm much calmer these days
  than when the US Army was raging full-auto all over Europe (the
  bombing of Bulgaria[!] during the deathmatch in Yugoslavia in the
  92-4 or so). Back then it could also have been /my/ roof.

  If I wanted to have a combative signature I'd be using something
  like "How many American soldiers does it take to kick a tied-up POW
  to death in Guantanamo?" or perhaps "American cars run on blood of
  Iraqi people.", "Operation Enduring Oil" or a variant.  But it's
  just a joke.

  I freely admit you're not the first to bitch about this signature.
  You're second.  I'm surprised that you're only the second guy to
  whine!  Given how much the situation in Iraq reminds the 1968
  invasion of Czechoslovakia by the "brother" armies of several
  communist countries led by the USSR, how devastated the soldiers
  were when they realized they weren't the saviors their /politruks/
  made them believe... I'm quite surprised the morale is so high.

  So much for the topic of my signature. It will stay there of course,
  at least until your country, which BTW recently passed a bill that
  basically negates the Geneva conventions, attacks my country. Czech
  republic is lucky enough to have no large amounts of strategic
  minerals, but will probably be one of the last pieces of land when
  the US industry and DMCA-controlled SUV-driving consumers unbound by
  the Kyoto protocol produce enough smog to melt the Antarctida, and
  land becomes more important than oil. Until then...


Boomers, as in Baby Boomers, were the generation of Americans who fought

in

Vietnam. The folks your closing lines refer to.  Do you get it now?


  Yeah, Baby Boom is a term known to me. I'm was born in 1975, during
  a baby boom in Czechoslovakia, predecessor of Czech rep. I'm not
  used to the capitalization though, and wasn't sure if Boomer wasn't
  meant as the surname of a person relevant to the rest of your
  message. Thanks for the clarification.

Re: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-10 Thread Richard Lynch 
On Tue, October 10, 2006 7:06 am, Peter Lauri wrote:
> 1.We have setup an email that do have an inbox and is REAL. We have
> an
> mailbox connected to it and can send and read emails from it via
> webmail and
> pop
> 2.We have an SMTP server that requires authentication
> 3.We are going to use PHP Mailer
>
> Using PHP Mailer and the SMTP sending function should make the emails
> look
> pretty real, am I right? On that we make sure that the HTML that we
> create
> is good, check that with http://spamcheck.sitesell.com
>   or similar.

If it's HTML "enhanced" email, you've already blown it.

It will get you marked as a spammer.

> Shouldn't I be pretty good to go? We are not talking about millions of
> emails per day here, maybe a few thousands. What are the risks of
> ending up
> being a spam marked ip?

Unless the email is coming "from" somebody the recipient knows/trusts,
then you're going to get marked by them as a spammer -- which will
report back to some of the lists marking you as a spammer.

So you have to have the From: and Reply-to: coming FROM the person
recommending the product for starters.

You also have a huge gaping hole, or completely forgot to mention,
that anybody could script your site to send out the product
recommendations to a million people as a prank.

There is a singular lack as well of a mention of cleansing the "To:"
address, which hopefully you do to avoid header injection.

One nice technique to limit spammers is to put in a "throttle" on any
given IP address using the form to send out the product
recommendations.  While IP sucks for authentication/identification,
you *know* something is wrong if more than 4 mails are being sent out
by the same IP address surfing to your site within X minutes.  Bam! 
Slam the door in their face.  Very simple to code/implement/maintain. 
Most bad guys will just go find some other wide-open form to use to
send their spam instead of dinking around with their IP all the time.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-10 Thread David Giragosian 


How many Vietnam vets does it take to screw in a light bulb?
You don't know, man.  You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991


How many Boomer wannabes does it take to pollute a mailing list?
Just one, <[EMAIL PROTECTED]>, MAN!

David

Re: [PHP] PHP Mailer and SMTP = SPAM?

2006-10-10 Thread Roman Neuhauser 
# [EMAIL PROTECTED] / 2006-10-10 19:06:53 +0700:
> I am developing a "tell-a-friend" application for one of my customers. We
> are going to have it all located on their server, and want to make sure we
> take the right decisions on the road so that we don't spam mark our server
> and don't end up in the SPAM inbox of the recipients.

Submit your mail submission form and your mail server for tests
by a few RBLs, check the results, fix them, resubmit, repeat.
That should help you arrive at a bulletproof app.

As for testing the messages: a bayesian spam filter will help you
identify most of problems.

-- 
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man.  You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php