Entries Tagged as 'Email'

SPF / DKIM

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are two methods to help indentify email which is likely not SPAM.  SPF was originally proposed in 2003 by Meng Weng Wong and Wayne Schlitt (SPFv1 RFC4408) as an open standard (SPF is backed by the Sender Policy Framework Council); DKIM originally merged and enhanced DomainKeys from Yahoo and Identified Internet Mail from Cisco (RFC4870 superseded by RFC4871) forming an open standard (DKIM is backed by an industry consortium).

Both SPF and DKIM attempt to provide information to receiving SMTP servers about whether or not a particular email message is authentic.

SPFv1 uses a very simple approach where a domain’s DNS server provides a root level TXT record that supplies information about SMTP mail servers that are permitted to originate domain email.

DKIM uses a more complex digital signature on each message (information about which is stored in a sub-domain in domains DNS containing self-signed keys).

You can read up on the specifics of each through the reference links provided below.


SPF (Wikipedia)

Microsoft SPF Record Wizard · OpenSPF Wizard

DKIM (Wikipedia)

Originally posted 2010-03-06 02:00:56.

Report Fraud

Each and every time you encounter someone trying to defraud you make sure you report it.

Phishing scams, money scams, premium SMS message, suspicious phone calls, un-authorized phone charges, un-authorized credit card charges, etc — go ahead and visit the IC3 (Internet Crime Complaint Center; a partnership between the Federal Bureau of Investigation [FBI], the National White Collar Crime Center [NW3C], and the Bureau of Justice Assistance [BJA]) and file a report.

Take action and let the law enforcement community decide what’s a threat and what’s not – but DO NOT remain silent or these problems will continue.

http://www.ic3.gov/

 

NOTE:  If you have an un-authorized charge on any of your bills you will also want to contact your billing company and dispute the charge with them; the IC3 will not do this for you.

Originally posted 2008-10-24 13:00:38.

Does your mail provider really want to eliminate SPAM?

I’ve been actively working to stop SPAM (that’s also known as UCE – Unsolicited Commercial Email) for a very long time, and it’s great to see how many of the “free” email providers talk about preventing SPAM and provide users with filters to prevent SPAM from reaching their inbox.

But, the bottom line is, that unless you actively report SPAMmers nothing will ever really change.

Some providers (very few) actually will generate automated SPAM reports for you [that’s great, more email providers should make it that easy]; however, most will do nothing more than use an email that you mark as SPAM to refine their filters [which might prevent you from seeing the SPAM, but it doesn’t stop the SPAMmer].

The really interesting thing is that many of the “free” email providers actually inhibit you from reporting SPAM by preventing you from accessing the “raw message” (you need all the headers and the body of the email to file an abuse report with most carriers).  What’s really funny is that some of the providers who are most vocal have actually changed their web-mail interfaces to prevent you from accessing the raw message [essentially insuring that you cannot take action against a SPAMmer].

Now if you can access you email via POP3 or IMAP4 or load it into an email client using a proprietary connector (well, at least the only ones I could test) you can access the raw message and file a report; but remember, many of the free email providers don’t give you that type of access to your email unless you pay them.

What a great message… it’s OK to SPAM free email subscribers because they can’t do anything about it!

I’m not going to provide an extensive list of those providers that do and do not actually enable you to report SPAM; I’ll just mention that Yahoo! (one of the largest free email providers, but waning) doesn’t allow free subscribers to access raw message (or if they do, I certainly couldn’t figure out how); and of course Google (GMail) and Microsoft (MSN/HotMail/Live/Bing) do allow access.

One other thing to keep in mind… there’s no such thing as free email — you’re paying for it some how some way.

Originally posted 2009-08-17 01:00:04.

Free Hosted Email

If you have your own domain and you really don’t need web hosting you might want to consider hosted email servers from Microsoft or Google.

Both of them provide free hosted email services; limited to 500 accounts (which can actually be increased — but for free hosted email that’s probably fine).

I generally recommend that you consider just getting a hosting package that gives you a free domains, web space, and email — often on the order of $1.99 per month.

Microsoft Live Hosted Email (Free):  http://domains.live.com/

Goolge GMail Hosted Email (Free):  http://www.google.com/a/

Originally posted 2008-08-12 23:12:04.

GMail POP / IMAP / SMTP Settings

If you have a GMail account or a GMail hosted mail service you can use the information below to setup your local mail client after you enable access via the web interface.

 

POP:
 
host: pop.gmail.com
port: 995, use SSL
 
 
 
IMAP:
 
host: imap.gmail.com
port: 993, use SSL
 
 
 
SMTP:
 
host: smtp.gmail.com (requires authentication)
port: 465, use SSL
port: 587, use TLS

 

If you have a GMail hosted email server, you’ll need to sign in via:

     http://mail.google.com/a/<domain name>

or the URL provided by your administrator to make the changes, if you just have a regular GMail account sign in via

     http://www.gmail.com/

Originally posted 2008-05-19 14:18:26.

A new host…

I’ve mentioned before that I was considering moving my web sites to another hosting company, not that there’s anything really wrong with my previous hosting company, but more so because I wanted some features that were just too expensive for me to justify.

My new hosting company — JustHost.com — offers fairly attractive prices, has a fairly good reputation, and has the features I most wanted on an unlimited hosting package.

It’s still too soon for me to give them a recommendation; but I have placed an advertising link on the side panel of my site and blog to them (and yes I will get a referral fee if you use it).

A couple things…

I’m not hosting any domains with them; their registration price isn’t bad, but private registration is extra (and I really don’t like my personal and confidential information published on the web to be harvested by those who will not benefit me).

The cPanel interface they use is fairly common at hosting companies (I guess vDeck is the other big competitor) — but it’s totally different from what I’m used to.

Keep in mind, you should evaluate a web hosting company against your personal needs and requirements.  Remember, most hosting companies packages like this are not suitable for companies that have a great deal of web traffic and would suffer should their web site not be able to deliver information to customers.

Originally posted 2010-01-31 01:00:06.

Windows Live Essential 2011 – Live Mail

Or perhaps better titled: Why I continue to use a product I hate.

When Outlook Express debuted many years ago Microsoft showed the possibility of creating a email reader for Windows that was clean,simple, and powerful… and for all the problems of Outlook Express it worked.

When Microsoft shipped Windows Vista they abandoned Outlook Express in favor of Windows Mail; largely it appeared to be the same program with a few changes to make it more Vista-like.

But not long after Windows Mail hit the street, Microsoft decided to launch Windows Live Mail, and what appears to be a totally new program modeled after Outlook Express / Windows Mail was launched.  I say it was new because many of the bugs that were present in the BETA of Windows Live Mail were bugs that had been fixed in the Outlook Express code line years before (as an interesting note, several of the bugs I personally reported during the BETA of Windows Live Mail are still present in the newest version – 2011).

The previous version of Live Mail was tolerable; most of the things that were annoying about it had fairly simple ways to resolve them — and in time, maybe we’ll all figure out ways to work around the headaches in 2011; but I just don’t feel like putting so much effort into a POS software package time and time again…

And for those of you who say it’s “FREE” so you get what you get, I’d say, no — it’s not exactly free… Microsoft understands that software like this is necessary in order to have any control over user’s internet habits, so it isn’t free — you’re paying a “price” for it.

Plus, there are other alternatives… Thunderbird for one.

Why don’t I use Thunderbird… simple, there is one “feature” lacking in Thunderbird that prevents me from embracing it.  You cannot export account information and restore it.  Sure Mozbackup will let you backup a complete profile and transfer it to another machine — but I want access to individual email accounts.

Why?  Well, here’s the scenario that I always hit.

I travel, and I tend to take my netbook with me when I travel — and often I’m using my cell phone to access the internet… while it’s “fast” by some standards… if you were to re-sync fifty email accounts each with a dozen IMAP folders, you’d take all day.  Further, most of those email accounts are uninteresting on a day-to-day basis, particularly when I travel — I only want to access a couple of those accounts for sure, but I might want to load an account on demand (you never know).  What I do with Live Mail is I have all the IAF files for all my email accounts stored on the disk (I sync them from my server), and I setup the mail program by loading the three or four that I use routinely, the others I only load as I need them, and I remove them from Live Mail when done.

OK — so that doesn’t fit you… here’s another.

You’ve got several computers, and you’d like to setup your email quickly and painlessly on all of them… but you don’t need all your email accounts on everyone of them — plus you add and remove accounts over time.  Again, Live Mail and it’s import/export handles this nicely.  You simply export a set of IAF files, and then import the ones you want on each machine.

The question is why doesn’t Thunderbird have this ability?

Well, there was a plug in for an older version of Thunderbird that did kinda this; of course it didn’t work that well for the version it was written for, and it doesn’t work at all for newer versions.

One more that I consider an annoyance (but it’s probably slightly more than that) is that there is no easy way in Thunderbird to change the order of accounts in the account window — and they’re not order alphabetically (that would make too much sense), they’re ordered chronologically (based on when you created them).  So you can re-order them, if you delete the accounts and add them back in the order you’d like them to appear; but wait, you can’t add an account any way in Thunderbird by type in all the information again.

And if you’re thinking, OK so write a plug-in that manages account ordering and import/export.  Sure, that would be the “right” thing to do if Thunderbird really had an interface to get to that information easily — but no, it appears you’d have to parse a javaScript settings file… oh joy.

These should be core features of Thunderbird; and in my mind they are huge barriers to wide acceptance.

Originally posted 2010-11-12 02:00:32.

Windows Mail (Vista)

Microsoft has several generations and families of email programs.

  • Outlook is targeted for the corporate market, and until recently the only viable choice for Windows if you wanted to keep “PIM” data (and still the only choice if you want to synchronize with a mobile device — but hopefully that will change).
  • Outlook Express became Windows Mail on Vista and Windows Live Mail if you want to run the same program on different operating systems (or you want to interface to Hotmail / MSN / Live accounts and don’t want to pay for enhanced services).
  • Entourage is the email program for the Macintosh.

I actually use all of the Microsoft email programs for different tasks:

I need Outlook to synchronize my Moto Q and Moto KRZR (actually I don’t have to use Outlook for the KRZR, but there aren’t any options for the Q).

I use Outlook Express, Windows Mail, and Windows Live Mail for various tasks; and I use Entourage on my Macs (I also use Apple iMail, but I’m haven’t drank Steve Job’s kool-aid, so I prefer to choose the program I like the best).

One of the downsides I’ve found with the Microsoft email programs in the Outlook Express, Windows Mail, Windows Live Mail family is that they’re so busy changing the name and interface that they don’t focus on making it work.

At one time Microsoft did IMAP much better than any other email reader; unfortunately, the bugs they had years ago, they still have — and most of the other email readers have gotten better.

The two problems I see over and over and over with Windows Mail (and the other’s in it’s family) deal with subscribing to IMAP folders.  Here’s some scenarios you might be familiar with:

You create a new mail folder and you get an error; you try to create it again and it tells you that it already exists, but can’t be shown.  I haven’t figured out what’s happening here, but I do know that the IMAP server creates the folder, and sets the subscribed FLAG (and that other email clients have no problem with the folder); but for some reason Windows Mail refuses to show it (and will continue to refuse to show it even if you delete the account and recreate it).

The only work around to this I’ve found is creating a folder with a single character in it’s name, and renaming it to what you want (that seems to always work — but if you recreate the account you might find that some folders aren’t listed any longer).

The other thing I’ve found that Microsoft hasn’t fixed is cleaning up the local message store (I have no clue what they do when the compact the database, but it doesn’t seem to really achieve the desired goal).  What I do here is I export my accounts, remove the accounts, shut down Windows Mail, then delete the left over message store.  Start up Windows Mail, import the accounts, and then let it re-download the information from the server.  This works well for me, since most of my messages are on a local server (for archival); and I don’t keep much on remote servers (so it really doesn’t take that long), and it keeps the size of the local cache down to something manageable (you will really notice what a poor job Microsoft does on cleaning up the local IMAP store when you defragment your disk with a tool that shows you what is going on).

To find your local data stores, you can use any of the following paths:

  • %USERPROFILE%\AppData\Local\Microsoft\Windows Mail
  • C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows Mail
  • %LOCALAPPDATA%\Microsoft\Windows Mail

 The folder for the IMAP store should match the display name (well — it may be what Windows Mail originally chose for you, but the first time you do an export / import you will get the name you chose — and that’s a good reason to do this once right after creating the account).

__________

If you want to know my opinion on which email program from Microsoft is the “best” — well hands down it’s Entourage.  Why they don’t use that as a model to build an email program for Windows is beyond me — and why they don’t use common code for all their email programs and actually fix the bugs they have rather than continuing to change the name and look is also beyond me.

I would say you’re better off using Mozilla Thunderbird, but it still crashes with an IMAP store as large as mine.

I guess I could just start using my Mac for all my email.  But seriously, if you know of good options I’d love to hear from you.

Originally posted 2009-02-09 01:00:35.

Disposable EMail Addresses

DEAs = Disposable EMail Addresses; they’re useful for you to provide to a vendor so that you can track the use of the email address and delete it if you find it’s abused or chose to no long do business with whom you gave it to.

Just like Virtual Credit Card numbers give you control over payment to merchants, Disposable EMail Addresses give you control over your inbox.

It’s a great way to fight SPAM and identify SPAMmers.

If you don’t happen to own your own domain were you can create “forwarding” addresses, there are a number of web sites that provide you with the ability to create and manage DEAs — just do an internet search.  If you can’t find one, let me know and I’ll give you some pointers.

Originally posted 2008-12-19 12:00:36.

Email Addresses

Ever go to a web site to enter your email address and find that it wouldn’t fit in the field they provided?

It’s amazing in a world of standards that companies (and individuals) continually ignore them and decide for themselves what’s acceptable.

HELLO!

User names (or local part of the address) can be 64 characters long, and domain names can be 255 characters long.

Here is an example of a reasonable well written validation for email addresses — if you want to see poorly done ones in action it doesn’t take too much effort to find ones that limit the entire email address to less than 30 characters!

<?php function isValidAddress( $email, $check = false )
{
##############################
# PHP Email Address Validator
# (C) Derrick Pallas
#
# Authors: Derrick Pallas
# Website: http://derrick.pallas.us/email-validator/
# License: Academic Free License 2.1
# Version: 2006-12-01a
if (!ereg(”
. ‘^’
. ‘[-!#$%&\’*+/0-9=?A-Z^_a-z{|}~]‘
. ‘(\\.?[-!#$%&\’*+/0-9=?A-Z^_a-z{|}~])*’
. ‘@’
. ‘[a-zA-Z](-?[a-zA-Z0-9])*’
. ‘(\\.[a-zA-Z](-?[a-zA-Z0-9])*)+’
. ‘$’
, $email
) ) return false;
list( $local, $domain ) = split( “@”, $email, 2 );
if ( strlen($local) > 64 || strlen($domain) > 255 ) return false;
if ( $check && !gethostbynamel( $domain ) ) return false;
return true;
# END
######
}

RFC822 superseded by RFC2822.

User names (for email) may contain:

  • A to Z letters, upper and lower case.
  • 0 through 9 digits
  • . (fullstop, period) but not as the first or last character
  • ! # $ % & ‘ * + – / = ? ^ _ ` { | } ~ – all are permitted.

The maximum length of the user is 64 characters; the domain is 255 characters; so with the @ a valid address could be up to 320 characters.

Further, did you know that user names are case sensitive (but domain names are not).  Of course many email systems treat user names as case insensitive.

For information on domain name limitation you should see IANA.

Now you know more than most developers who write code that accepts or uses email addresses!

Originally posted 2008-08-25 22:12:27.