|
How to keep your board from getting blacklisted as a spammer.
by
28 May 2008
Rating:
 (1 vote
- 5.00 average) If your board does not comply to the bulkmail rules of large email providers, then all email from your board to these email providers may get banned. The way you handle your email protocols and email subscriptions is vital to the well being of your board. Many boards are not even aware that they being punished by large email providers, for the way the boards are handling their email. Have you ever noticed that mail to a specific email provider often does not arrive? If so, then its likely that your site has been listed as a spammer. Email providers do share their spammers lists, with other email providers. If you want to resolve or prevent this, then lets inspect the bulk mail rules of the major email providers. I have extracted them and summed them up for you. My clarifications to the mail rules are in blue. Hotmail: There must be a simple method to terminate a subscription. Mailing list administrators must provide a simple method for subscribers to terminate their subscriptions, and administrators should provide clear and effective instructions for unsubscribing from a mailing list. Mailings from a list must cease promptly once a subscription is terminated. This can be by a link, the receiver has to click on, or a valid Re: address. *vBulletin has this function built in to terminate subscriptions, so this will not cause problems in this regard. However, there is no functionality to let members automatically unsubscribe themselves from admin mailings. Fortunately Kirk made this hack: Unsubscribe link in Administrative Mail (vb 3.7 and lower only) There should be alternative methods for terminating a subscription. Mailing list administrators should make an "out of band" procedure (e.g., an email address to which messages may be sent for further contact via email or telephone) available for those who wish to terminate their mailing list subscriptions but are unable or unwilling to follow standard automated procedures. *This is something you will need to fix yourself, by editing the template. A good way to resolve this is to add a text to the email message that explains how to remove subscriptions by going to the userCP. Undeliverable addresses must be removed from future mailings. Mailing list administrators must ensure that the impact of their mailings on the networks and hosts of others is minimized. One of the ways this is accomplished is through pruning invalid or undeliverable addresses. *This is a vital issue that needs to be resolved. Especially if you have a big board. If you are sending out large amount of subscriptions and other email, then there will be a lot of outdated and false emails in your database. If you keep sending email to inexistent email addresses, then the risk of getting banned by email providers is very large. Unfortunately vBulletin does not have a function for this and there is no hack that automatically resolves this problem. However; I highly recommend that you install Anti-Virus his EZ Bounced Email Management for Admins. Mail volume must take recipient systems into account. List administrators must take steps to ensure that mailings do not overwhelm less robust hosts or networks. For example, if the mailing list has a great number of addresses within a particular domain, the list administrator should contact the administrator for that domain to discuss mail volume issues. This only seems to be an issue for very large or local boards. Steps must be taken to prevent use of a mailing list for abusive purposes. The sad fact is that mailing lists are used by third parties as tools of revenge and malice. Mailing list administrators must take adequate steps to ensure that their lists cannot be used for these purposes. Administrators must maintain a "suppression list" of email addresses from which all subscription requests are rejected. The purpose of the suppression list would be to prevent forged subscription of addresses by unauthorized third parties. Such suppression lists should also give properly authorized domain administrators the option to suppress all mailings to the domains for which they are responsible. *vBulletin has this function built in, so this will not cause problems. The nature and frequency of mailings should be fully disclosed. List administrators should make adequate disclosures about the nature of their mailing lists, including the subject matter of the lists and anticipated frequency of messages. A substantive change in the frequency of mailings, or in the size of each message, may constitute a new and separate mailing list requiring a separate subscription. *You should describe in your email text to which email the email has been sent, why the recipient is receiving the email, from who(include your url) and how often. In addition, e-mail sent, or caused to be sent, to or through the Services may not: use or contain invalid or forged headers; use or contain invalid or non-existent domain names; employ any technique to otherwise misrepresent, hide or obscure any information in identifying the point of origin or the transmission path; use other means of deceptive addressing; use a third party's internet domain name, or be relayed from or through a third party's equipment, without permission of the third party; contain false or misleading information in the subject line or otherwise contain false or misleading content; fail to comply with additional technical standards described below; or otherwise violate the applicable Terms of Use for the Services. Basically this means that you need to make sure that the way you are sending your email makes sense. If the way your server, domain, url and your email address are set up are not consistent this may lead the email provider to throw your site on their spammers list. Some considerations: Is the domain on your server the same as the url of your website? Is the sender email address of the same extension as your website? Is the sender email address reachable? Is the bounce email address of the same extension as your website? Is the bounce email address reachable? Since vb 3.7 there is an option to define a bounce email address. Many thanks to Jelsoft for adding this! CAN-SPAM act: What the Law Requires Here's a rundown of the law's main provisions: It bans false or misleading header information. Your email's "From," "To," and routing information including the originating domain name and email address must be accurate and identify the person who initiated the email. It prohibits deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message. It requires that your email give recipients an opt-out method. You must provide a return email address or another Internet-based response mechanism that allows a recipient to ask you not to send future email messages to that email address, and you must honor the requests. You may create a "menu" of choices to allow a recipient to opt out of certain types of messages, but you must include the option to end any commercial messages from the sender. Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your commercial email. When you receive an opt-out request, the law gives you 10 business days to stop sending email to the requestor's email address. You cannot help another entity send email to that address, or have another entity send email on your behalf to that address. Finally, it's illegal for you to sell or transfer the email addresses of people who choose not to receive your email, even in the form of a mailing list, unless you transfer the addresses so another entity can comply with the law. *These 3 points has been discussed above. It requires that commercial email be identified as an advertisement and include the sender's valid physical postal address. Your message must contain clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial email from you. It also must include your valid physical postal address. *If you are sending advertisements or messages of commercial nature, you must include the above information in your email text message. Hotmail has a special programme for senders. More information and subscription can be found here: https://postmaster.msn.com/Services.aspx Yahoo! Remove email addresses that bounce. * As discussed above, this is a vital issue. See above for more information. Examine your retry policies. Your retry policies are: A. How often you resend email. Simply use common sense and do not send the same message to the same email twice unless it is essential to do so. B. How often your server retries to send email. Since this is a server setting consult your server admin or your hosting co to make sure settings are correct. Pay attention to the responses from our SMTP servers. *Responses from SMTP servers are sent as email to your bounce email address. Unfortunately vBulletin does not have functionality for this. I highly recommend installing Anti-Virus his EZ Bounced Email Management for Admins mod. Don't send unsolicited email. In this process, after you receive a subscription request, you send a confirmation email to that address which requires some affirmative action before that email address is added to the mailing list. *vBulletin has this function built in. Provide a method of unsubscribing from your list in each mail you send. *This is discussed above. Ensure that your mail servers are not open relays, and that your servers attempt to detect and deny connections to open proxies *This is a vital issue as well. Although (if properly configured) vbulletin will not allow open relays, there are addons that allow bots & spammers to send email/spam through your site, there are hacks & mods that do allow third parties to use your site for a spamming spree. This should be avoided in any case. Often these problems will come to light by examining your catchall email address. If a spammer is using your sites functions to send spam, then study each problem and resolve the vulnerability. Please alert the creator of the mod, so that others will not encounter the same problems. Explanation: Normally an open relay would mean that your smtp mail server accepts requests without authorization. i.e. anybody can access it and send email from it. This can be tested through many online sites. Google it. With vbulletin and its addons however, there are other open relay options, trough pages that have a function to send email. Make sure that guests can not use the 'Use Email to Friend' function anywhere on your site. I'd recommend turning this off for newbies as well. Then go to your catchall email address. This is the standard email address where all bounced email arrives at. Often this is email Ask your host if you do not know. Have a look at the emails that got bounced and should not have sent by you. You may see spam sent from your server, that was then bounced back to your catchall address, because the addressee does not exist. This is where it gets interesting. Review the message, the headers and the raw view. Find the path used to send the email and specifically the mail script that was used. The mail script often indicates that there is a script in one of your add-ons that allows spammers to send email through your site. See if you can identify the script and the addon it is part of. If so, then first see if you can correct this by changing the setting of that addon. If yes, then post about it in the relevant thread / site to give others a heads up. If not, then let the coder know that there may be a problem with the addon. Gmail: Authentication & Identification To ensure that Gmail can identify you: Use a consistent IP address to send bulk mail. Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain. *Please make sure your server admin has these settings right. Use the same address in the 'From:' header on every bulk mail you send. *This speaks for itself. We also recommend publishing an SPF record, and signing with DomainKeys. For SPF see: http://www.openspf.org/ *SPF is a very interesting and handy concept. Basically you register how your email is sent. So if there is email sent from another email address, IP, domain, protocol, etc, then email providers will disregard the email. This can come in mighty handy if a spammer is using your email address or domain for spamming. Subscription Each user on your distribution list should opt to receive messages from you in one of the following ways (opt-in): Through an email asking to subscribe to your list. By manually checking a box on a web form, or within a piece of software. We also recommend that you verify each email address before subscribing them to your list. *As discussed above. The following methods of address collection are not considered 'opt-in' and are not recommended: Using an email address list purchased from a third-party. *Speaks for itself. Setting a checkbox on a web form or within a piece of software to subscribe all users by default (requiring users to explicitly opt-out of mailings). *In other words; adminCP -> vbulletin options -> User registration options -> default registration options should not have automatic thread subscription set to receive email notification. Unsubscribing A user must be able to unsubscribe from your mailing list through one of the following means: A prominent link in the body of an email leading users to a page confirming his or her unsubscription (no input from the user, other than confirmation, should be required). *As described above. By replying to your email with the word 'unsubscribe' in the body of the message. *This can be done by keeping an eye on your webmaster email address. It is my experience that virtually no one uses this method. If your experience is different, then please let me know by posting here. To help ensure that your messages aren't flagged as spam, we also recommend that you: Automatically unsubscribe users whose addresses bounce multiple pieces of mail. *As described above. Periodically send confirmation messages to users. *Since members can unsubscribe in their userCP, this does not seem needed to me. There surely is no way for Gmail to check if you do this. Include each mailing list they are signed up for, and offer the opportunity to unsubscribe from those in which they are no longer interested. Provide a 'List-Unsubscribe' header which points to a web form where the user can unsubscribe easily from future mailings (Note: This is not a substitute method for unsubscribing). *As described above. It's possible that your users forward mail from other accounts, so we recommend that you: Explicitly indicate the email address subscribed to your list. *In your email message text you need to describe which email address the email is sent to. Support a URL method of unsubscribing from your mailing list (this is beneficial if your mailing list manager can't tell who is unsubscribing based on the 'Reply-to:' address). *Add a text to the email message that explains how to remove subscriptions by going to the userCP. |