Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sending Mail to Hotmail Users?

Cliff posted more than 8 years ago | from the ham-not-spam dept.

126

Cafesolo wonders: "I'm developing a web application using PHP. It has a user registration system that sends a link via email to activate new accounts. I've found that sending mails to Hotmail accounts is very difficult, because the spam filter is very strong and it filters lots of non-junk messages. I think the spam filter blocks any email whose domain isn't in an internal whitelist (which might contain popular domains, like hotmail.com itself, gmail.com, yahoo.com, msn.com, etc). Most of my users have Hotmail emails. I can't simply tell my users to read the junk folder because most of them are not computer-savvy and that seems to be a bit confusing to them. Has anyone managed to solve this problem? Did somebody try to contact Microsoft? Is there any way to get whitelisted? Can an independent programmer get his domain whitelisted?"

cancel ×

126 comments

Sorry! There are no comments related to the filter you selected.

See slashdot article... (2, Informative)

crazyjeremy (857410) | more than 8 years ago | (#15586689)

Did you see this article? http://yro.slashdot.org/yro/04/05/05/1237245.shtml [slashdot.org] ?
Also, have you tried sending the email spoofing the receivers email address? You can set the "from" header to their own address. Of course, this won't help ip based whitelists, but it will help many emails make it through for some mail hosts (few users block their own email address)

Re:See slashdot article... (5, Informative)

Spazmania (174582) | more than 8 years ago | (#15586696)

Also, have you tried sending the email spoofing the receivers email address?

Never do this. Forging the return address is one of the few things that actually is illegal.

Re:See slashdot article... (0)

Anonymous Coward | more than 8 years ago | (#15586958)

Parent wrote "illegal"

And what law may this be?

I see lots of people say somethigns "illegal" when it's merely not-to-spec or against-some-company's-policy.

Unless you can say _why_ it's illegal, it sounds more like FUD and veiled threats than anything informative.

Re:See slashdot article... (2, Informative)

Anonymous Coward | more than 8 years ago | (#15587031)

And what law may this be?

The CAN-SPAM Act [wikipedia.org] , actually. Deliberately falsifying headers is a direct violation.

Don't be such an insufferable smartass ... when you're wrong.

Re:See slashdot article... (1)

carlos92 (682924) | more than 8 years ago | (#15587126)

One might thing that spoofing the return address for a user that requested an email to be sent is not the same as falsifying headers, as the user himself requested the message to be sent.

Re:See slashdot article... (1)

baldass_newbie (136609) | more than 8 years ago | (#15588318)

And yet they're not actually the 'sender', are they? It's not originating from their domain (in this example, hotmail.com), is it?
So it would be falsifying headers.

Re:See slashdot article... (2, Informative)

19thNervousBreakdown (768619) | more than 8 years ago | (#15587084)

(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--
...
(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,

So, it's only illegal if it's for commercial purposes, and unless I'm reading it wrong, you're fine even then as long as it's within your state and the affected business is also within state.

Re:See slashdot article... (1)

jdray (645332) | more than 8 years ago | (#15587144)

IANAL and I'm betting YANAL either, so I would hesitate to take any advice such as this from someone of our ilk (non-lawyers). I wouldn't be willing to bet against an argument that the sending server and the receiving server were in different states, therefore it's interstate traffic. Given that Hotmail's servers could be just about anywhere, well...

Re:See slashdot article... (1)

19thNervousBreakdown (768619) | more than 8 years ago | (#15587205)

Oh, I'm definitely NAL, but anyone that gets legal advice from a Slashdot needs about 100mg of Thorazine every 6 hours.

I'm just sayin' it's not simply illegal to spoof headers. I do it all the time with my friends (From: Your Mom ) and don't want this to become something that brings gasps because of misinterpretation.

Re:See slashdot article... (1)

19thNervousBreakdown (768619) | more than 8 years ago | (#15587209)

God damn Slashdot eating angle brackets... it was From: Your Mom <yourmom@thebomb.com>

It wasn't funny to begin with, and now it's just annoying, but fuckin' a I'm posting it anyway.

Re:See slashdot article... (4, Funny)

Zugok (17194) | more than 8 years ago | (#15587394)

Oh, I'm definitely NAL, but anyone that gets legal advice from a Slashdot needs about 100mg of Thorazine every 6 hours.

So are you a doctor then? :P

Re:See slashdot article... (4, Funny)

19thNervousBreakdown (768619) | more than 8 years ago | (#15587850)

No, but I am a liar.

Re:See slashdot article... (2, Informative)

Spazmania (174582) | more than 8 years ago | (#15587162)

unless I'm reading it wrong

You're reading it wrong.

"Whoever, in or affecting interstate or foreign commerce, knowingly" is pretty close to boilerplate. Judicial precedent has interpreted it to mean "virtually everything except for very rare circumstances where there is no possible tangential connection that pushes it over state lines." A grain of sand is covered in this language because it could reasonably be caught in someone's shoe and carried to another state. No, really, how do you think the EPA gets its authority to regulate solid waste despite the supposed constitutional seperation?

"Multiple commercial electronic mail messages," reads as "more than one message that's neither personal nor from a registered tax exempt organization."

"Intentionally initiates the transmission," means it wasn't done by a hacker controlling your computer.

Re:See slashdot article... (1)

mrcaseyj (902945) | more than 8 years ago | (#15587213)

I think the "materially" part could be an excuse in this situation. It seems immaterial if an email to someone who asked for it, has the from header changed. But then the word "materially" probably has a precise legal definition. If you're not doing anything crooked I don't think a prosecutor would waste time on it. I don't think a jury would find against you either.

As for the interstate commerce part, some courts have basically found that when you thought about the act, your brain waves may have bounced off the moon and then down into another state and affected someone buying something, therefore affecting interstate commerce. Yes that's an exaggeration but seriously not by much.

Re:See slashdot article... (1)

m2pc (546641) | more than 8 years ago | (#15589526)

"(3) materially falsifies header information in multiple commercial electronic mail messages..."

Isn't this referring to "bulk" type email (AKA SPAM) where the same message is falsified and sent to MULTIPLE recipients?

I believe as long as the email clearly identifies itself as coming from a legitimate "opt-in" service, and there is a way to "opt-out" embedded in the email via link or other means, then there shouldn't be any legal issues. Then again I'm not a lawyer! :P

Re:See slashdot article... (1)

t3ch lawy3r (983780) | more than 8 years ago | (#15589860)

The key word there is affecting interstate commerce. Moreover, something need not be commercial in and of itself to affect commerce. You'd be surprised how far the courts and Congress have stretched the English language to serve their purposes. Not only is it likely that you are using mail servers in an interstate manner, but courts can look at the aggregate impact of intrastate activity akin to yours and decide that it could impact interstate activity collectively. For instance, they could say that thousands of users like you, acting solely within their own state have an aggregate affect on interstate commerce.

That said, so long as you're not harming/annoying anyone (e.g. the use who spoofs his friends with yourmom@thebomb.com), you probably don't have to worry about someone cracking down on your activities.

*Please be advised that the afore mentioned comments are not intended to represent legal advice, nor am I qualified to give any in this area, contrary to the implications of my nick.

Automatic death sentence (4, Interesting)

coyote-san (38515) | more than 8 years ago | (#15587256)

Falsifying headers is illegal, but I doubt anyone will actually pursue a small-time website operator who's sending otherwise legitimate traffic.

But for many of us forging headers is an automatic death sentence. I've walked away from existing business relationships where I had non-refundable credits because a customer support request was answered with a forged header.

On the other side of the table, it's one of the few actions where I would not hestiate to recommend immediate termination for cause if I caught a member of our staff pulling that stunt. (The other actions are using the computers to perform illegal acts or to distribute pr0n/warez.)

The reason it's so serious? It shows a culture that has a casual disregard to the consequences of identity fraud. If you forge mail that appears to come from me, then who else are you sending those forged messages to? Why should I believe your answer? Trust, once lost, is not easily recovered.

(BTW this doesn't even address the original point of getting past spam filters. Like many sites I have my MTA set up to reject incoming messages that claim (in the envelope) to come from my own domains. I know who I am and anyone claiming to be 'me' is, prima facie, making fradulent claims and should be treated accordingly. The last time I checked that test, by itself, was blocking about a third of inbound traffic.)

Re:Automatic death sentence (1, Insightful)

takeya (825259) | more than 8 years ago | (#15588424)

Falsifying headers is illegal, but I doubt anyone will actually pursue a small-time website operator who's sending otherwise legitimate traffic.

We are talking about microsoft here. The company policy seems to be take out the little guys first.

Re:Automatic death sentence (1)

jackbird (721605) | more than 8 years ago | (#15588998)

I have my MTA set up to reject incoming messages that claim (in the envelope) to come from my own domains. I know who I am and anyone claiming to be 'me' is, prima facie, making fradulent claims and should be treated accordingly.

Maybe I'm not understanding the level this occurs at, but doesn't that lock out any of your employees sending work email from a home account using their work return address? Or an employee without VPN access emailing the company from the road?

Re:Automatic death sentence (0)

Anonymous Coward | more than 8 years ago | (#15589029)

Also, isn't it a requirement that MTA's accept mail with a FROM of postmaster@YOURDOMAIN (where, of course, YOURDOMAIN is the domain that the MTA is hosting email services for)?

Re:Automatic death sentence (1)

WuphonsReach (684551) | more than 8 years ago | (#15589641)

Maybe I'm not understanding the level this occurs at, but doesn't that lock out any of your employees sending work email from a home account using their work return address? Or an employee without VPN access emailing the company from the road?

Why are employees sending work emails from a home account? Offer them a HTTPS webmail server to deal with those cases. (IOW, there are technical fixes for the border cases such as webmail, VPN, 800 number dial-up access or using a dial-up ISP account.)

Don't some industries have laws requiring them to keep track of all e-mail that is work-related? Kind of difficult to do if your employees are not routing their work e-mail through your central SMTP server.

Bottom-line, if you allow forgery of your domain in one case, there's no way to disprove other forgeries of your domain. (Well, maybe with a permissive SPF record.)

Re:See slashdot article... (0)

Anonymous Coward | more than 8 years ago | (#15588123)

How do I press charges against all the spammers, I somehow receive tons of email from myself which I do not send.

Re:See slashdot article... (1)

takeya (825259) | more than 8 years ago | (#15588418)

Haha really? I do that all the time... well, sometimes.

It's easy with PHP mail() because it's just one parameter

Re:See slashdot article... (1)

ocbwilg (259828) | more than 8 years ago | (#15588605)

Never do this. Forging the return address is one of the few things that actually is illegal.

Regardless of the legality of it, most people with spam filters have them configured to block email that comes from an external source using an internal address, so I doubt that would help any. I know that everywhere I have ever worked had such messages blocked.

Re:See slashdot article... (4, Informative)

Violet Null (452694) | more than 8 years ago | (#15586700)

I've run into this same sort of problem, and I've discovered that spoofing the from address is a really, really bad idea; there's a sizable chunk of mailservers that will reverse DNS the IP address they're receiving the email from, and if it doesn't match the domain in the from address, they'll reject it.

Re:See slashdot article... (2, Insightful)

dtdns (559328) | more than 8 years ago | (#15586857)

I agree that there are a lot of mail servers that reverse the IP address, but comparing the domain in the reverse entry to the domain in the SMTP FROM command or the From header doesn't make much sense. Any e-mail coming from a legitimate hosting company (like the one I work for) would be blocked. The reverse DNS entry for our IP address is valid and that host resolves back to the IP address (which is how it's supposed to be), but our e-mail server houses mail for upwards of 400 domain names. We certainly do not have a dedicated IP address and reverse entry for each domain. All outgoing e-mail leaves through the same IP address and I cannot recall a time when mail has ever been rejected because the FROM domin didn't match our reverse DNS entry. Sure, the reverse should resolve back to itself, and it's a good idea to have an MX record for the domain pointing to that host (but not required), but I think you're stretching a bit on that last part of your response. I'm sure there is some dumbass out there doing that, but likely few and far between. I'll bet they don't get a lot of mail, legitimate or otherwise based on that thinking.

Re:See slashdot article... (1)

lee1 (219161) | more than 8 years ago | (#15589384)

Actually I have encoutered one example: emails to colleagues at the government research laboratory where I work are sometimes rejected, depending on which server they happen to go through, if I use my laboratory email address in my From: header but am mailing from outside the lab (the server's error message complains about "spoof" email and specifically mentions the From: header). I don't know if they are using a custom made system here or (more likely) it's some off-the-shelf server product.

Re:See slashdot article... (2, Interesting)

CastrTroy (595695) | more than 8 years ago | (#15586901)

As far as I know, hotmail has 2 options for filtering your mail. You can either have them filter it with the spam filters, or you can have it set up to only receive mail from people in your address book. I currently use the first option, as I don't like unexpected email going in my junkbox. The result is hundreds of spam messages that get through the filter. I don't know why they can't get it right. My yahoo mail account doesn't use a white list, and blocks 99.9% of spam. I get maybe 1 spam message every 2 weeks. I've also never had it block an email I wanted to receive.

Re:See slashdot article... (1)

grim4593 (947789) | more than 8 years ago | (#15587512)

Yahoo spam filter is not that great. I use my account for everything I sign up for since I know that my email addresses will get sold out by sites anyways. Looking right now I have 1310 spam in my yahoo junk mail folder, and usually get 10-20 in my inbox every few days. No matter where you go you will always get spam.

Re:See slashdot article... (1)

CastrTroy (595695) | more than 8 years ago | (#15588756)

Well, it keeps your junk mail around for 1 month, assuming 30 days in a month, you get 43 messages blocked every day. And if you get 5 spam messages in you inbox (15 every 3 days) then I would say that Yahoo isn't doing too good a job. Hotmail on the other hand is much worse. 75% of it gets to your inbox. The only thing even resembling spam that shows up in my yahoo inbox is product announcements that I signed up for a long time ago, and don't bother to unsubscribe from. You will always get spam, but what percentage is filtered out makes a big difference. Just for comparisons sake, I have 1950 messages in my junk box.

Re:See slashdot article... (2, Informative)

kv9 (697238) | more than 8 years ago | (#15587371)

i had the exact same problem with yahoo mail ending up in the bulk folder (mailserver ip was X-YahooFilteredBulk). it was easily fixed by contacting support and filling out a hefty form. so, your best bet is (surprisingly enough) tech support. i'm sure even MS has people that can help you with that.

Tools are available (5, Informative)

Anonymous Coward | more than 8 years ago | (#15586698)

Welcome to my world. I work on email deliverability for a financial services company, so no, I'm not a spammer. Hotmail makes two tools available to you to help you get your email delivered:

MSN Smart Network Data Services: http://postmaster.msn.com/snds/ [msn.com]
This will let you put in your SMTP's IP address and it will give you consolidated stats on how much mail was received, and how much was filtered as spam.

Sender Score Certified: http://www.senderscorecertified.com/ [senderscorecertified.com]
This company will "certify" you as a safe sender, and Hotmail will let your emails in unfiltered. The catch is you have to pay for this.

Good luck. It isn't easy, but at least there are some tools at your use.

Re:Tools are available (1)

TopShelf (92521) | more than 8 years ago | (#15586855)

This all depends on how the user has their Hotmail account set up. I got mine back in the ancient past, and still use it as my primary email. The filter is set to allow only my Safe List members to send email to my inbox, the rest goes to Junk.

The only thing that gets into my inbox that isn't specifically added to my whitelist is the Hotmail Staff messages, so even if this guy pays some service to get him "certified" with Hotmail, that won't do the trick.

Re:Tools are available (1)

BrokenHalo (565198) | more than 8 years ago | (#15586922)

...so even if this guy pays some service to get him "certified" with Hotmail, that won't do the trick.

In that case, it would seem that hotmail itself is not particularly functional as a useful or reliable place to address communication. If people insist on using a broken email service, they have no business complaining when they don't get any mail. Their problem.

Re:Tools are available (1)

linvir (970218) | more than 8 years ago | (#15586953)

In a perfect world, it would be their problem, but I bet Mr. Cafesolo would rather put an "I didn't get my email: Check you spam settings here is how"-type warning somewhere prominent just in case all the same.

Re:Tools are available (3, Insightful)

TopShelf (92521) | more than 8 years ago | (#15587093)

Hotmail is perfectly fine, it's just that the parent of this thread made it sound like a service could guarantee that this guy's message could get into user's Inboxes. Hotmail has the option of having a whitelist-only Inbox, so I was pointing out that those services won't do.

Re:Tools are available (1)

bedroll (806612) | more than 8 years ago | (#15587189)

I would assume that a user that set their account up this way would understand what they're doing. Otherwise they would miss a lot of mail of this sort. As such I wouldn't even take these users into account, they're not the problem.

To clarify, it's not that these users don't matter. It's that if a user only allows whitelisted addresses through and doesn't whitelist your address/domain then you won't get through. That's not a problem with Hotmail, it's a problem with users only allowing whitelisted addresses/domains. You can't change it, so you shouldn't concern yourself with that problem when you're trying to address problems that affect those who don't do this.

Do yourself a favour (4, Informative)

Bogtha (906264) | more than 8 years ago | (#15586723)

Grab something like SpamAssassin, and set it up to add headers telling you what rules have been triggered. Then send an email from your web application to that account, and examine the headers. While Hotmail probably don't use the exact same rules as SpamAssassin, it's an easy way to spot obvious stuff for you to fix. For example, using too much HTML, particular phrases, too many capital letters, being on blacklists, etc, can all be remedied by you without Microsoft's involvement.

I also seem to remember that Hotmail strongly discriminates against senders who don't have SPF set up, so it's probably a good idea to enable that for your domain.

Re:Do yourself a favour (0)

SanityInAnarchy (655584) | more than 8 years ago | (#15586941)

Why bother? I mean, what user is worth keeping who isn't "computer-savvy" enough to understand what a Junk Mail folder is?

While you're at it, send them all Gmail invites, and explain to them that it's Hotmail's fault for treating their mail as spam. Tell them how to give feedback to Hotmail about that particular mail. It's a lot easier to let your shock troops^W^Wusers complain for you than it is to try to deal with Microsoft.

Re:Do yourself a favour (3, Insightful)

Bogtha (906264) | more than 8 years ago | (#15587019)

what user is worth keeping who isn't "computer-savvy" enough to understand what a Junk Mail folder is?

The kind of user that pays you money? And there are a lot of people that don't understand spam filtering. Unlike most other email concepts, this one doesn't really have a snail-mail analogue.

send them all Gmail invites

I already do this. Without fail, every single Hotmail user that I have sent an invite to has either signed up and not switched, or not bothered signing up at all. Hotmail users are happy with crap. Think about it - if they weren't, they wouldn't be with Hotmail in the first place, would they?

Re:Do yourself a favour (1)

myowntrueself (607117) | more than 8 years ago | (#15588483)

And there are a lot of people that don't understand spam filtering. Unlike most other email concepts, this one doesn't really have a snail-mail analogue.

How about this;

You know how some people have a sign on their letterbox saying 'no circulars'?

Well imagine if the people who delivered 'circulars' actually respected this.

Now imagine having two letterboxes, one labelled 'circulars only'.

So if you ask someone to send you a newsletter and you don't find it
delivered in your regular mailbox, where would you look for it?

Re:Do yourself a favour (1)

Cafesolo (983349) | more than 8 years ago | (#15589181)

My website is ad-supported. There are no complex actions or special knowledge required to use my web application. I get visitors with the help of an invite system, so it is very important to get invite emails delivered correctly.

Add a SPF record. (4, Informative)

Utopia (149375) | more than 8 years ago | (#15586729)

My domain has a SPF record and I never had issues sending email to anyone on hotmail or other services.

See:
http://www.microsoft.com/mscorp/safety/content/tec hnologies/senderid/wizard/ [microsoft.com]

&
http://openspf.org/wizard.html [openspf.org]

Re:Add a SPF record. (2, Informative)

Keeper (56691) | more than 8 years ago | (#15586905)

I'll second that. Awhile back there was a big broohaha about how Hotmail was going to crank up the sensativity of spam filters run on mail from domains without SPF records.

Re:Add a SPF record. (1)

Cafesolo (983349) | more than 8 years ago | (#15587871)

My domain has a SPF record but my emails are still being marked as spam.

Re:Add a SPF record. (1)

WuphonsReach (684551) | more than 8 years ago | (#15589835)

Same here, I publish a very restricted SPF record for my personal domains and a more relaxed one for the work domains. Some of the work domains have very strict options though (since they're used by more technical users).

As long as you control the mail servers for your domain, why not publish SPF records? (Note that SPF is about anti-forgery, not anti-spam.)

Solution (1)

MrSquirrel (976630) | more than 8 years ago | (#15586731)

Punch them in the face for using hotmail and get them a REAL email account. No, but seriously... I don't know if there's any (reasonable) way you're going to easily get around hotmail's "security". You could try contacting hotmail support about the problem... lord knows how much good that will do you :D. You could find a trusted host that it accepts links from, set up a mail account there, and have the mail automatically forwarded (though if you don't want it to be a mass [i.e. all the same] email you would have to create a different account for each person). That's all I can think of (other people mentioned spoofing the "from"... that probably won't get you far, most spam filters reject anything that doesn't have a matching reverse DNS lookup... but I've never tried it with hotmail, so I guess you could give it a go).

Re:Solution (1)

xerxesdaphat (767728) | more than 8 years ago | (#15587252)

`A REAL email account'... what's that? Are you just Microsoft bashing again, or do you think that everybody should have a proper POP3/IMAP account with their ISP? Webmail is unavoidable these days; I personally use my gmail account exclusively. If your problem is with Hotmail specifically, then I'm not sure why. Hotmail is one of the more old-fashioned webmail systems (Yahoo and gmail are much nicer in terms of UI) but there are far far more dodgy and poor webmail systems out there. I'm sure somebody will reply with stacks of reasons why Hotmail is awful, but it simply isn't /that/ bad. I would, for instance, feel far more secure using Hotmail than Windows (to compare apples with oranges)...

Re:Solution (1)

MrSquirrel (976630) | more than 8 years ago | (#15587307)

I myself use yahoomail (was going gmail but my yahoo account is 11 years old so everyone knows it -- plus I have no need for the gmail amounts of storage) and I have no problems with webmail (not even hotmail, except when MS was a bag of douche and routed gmail invites to the spam folder) -- I was jokingly referring to getting them all SMTP/POP3/etc server/accounts of their own.

Re:Solution (1)

cygnusx (193092) | more than 8 years ago | (#15588452)

> Punch them in the face for using hotmail and get them a REAL email account.

Yeah, right. I've had a Hotmail Plus account ($20/yr for a 2GB Inbox, no ads, offline access) for some time now (before Gmail was launched), and I must say bar some real idiocy on the part of MS I'm going to keep renewing, primarily for the spam protection (2-3 a day) and good customer service.

> I myself use yahoomail

Right now Yahoo's name == mud with me because they deactivated my Yahoo Mail account for 'non-use' (and deleted all my email). This was 3 weeks *after* I joined the Yahoo Mail Beta program and was using it regularly. And their customer support treats free webmail users like crap, dishing out form answers whatever you say to them. If you're using Yahoo, more power to you and good luck-- but don't expect much support if bad things happen to your account and you're a free user.

Frankly, Yahoo's rather callous attitude brought home for me the point that you can't really trust free web services. At least Google does the right thing and allows POP3 export, they get marks for that -- if you really don't want to be your own ISP or pay for webmail, give Gmail a go.

Re:Solution (1)

Jaseoldboss (650728) | more than 8 years ago | (#15588749)

they deactivated my Yahoo Mail account for 'non-use' (and deleted all my email).

If you pick a category of ads for Yahoo to send you, they will also let you use then POP3 to retrieve your email, which counts as a login. I haven't actually logged into my Yahoo webmail account for years but daily connections from my email client keep it from being deleted.

Re:Solution (1)

DrSkwid (118965) | more than 8 years ago | (#15588250)

https://www.fastmail.fm/ [fastmail.fm]

SSL { Webmail / IMAP / POP3 }

Screw 'em... (0)

msauve (701917) | more than 8 years ago | (#15586793)

if they're producing false positives, they're doing a disservice to their customers. Their problem, not yours. Eventually their customers will figure it out and leave.

Re:Screw 'em... (1)

pretorious (905586) | more than 8 years ago | (#15587377)

I don't really agree. many of the non-technical people I have dealt with are so afraid of trying anything new that they will deal with somthing even as extreme as this. If you cannot check your spam folder, I doubt you can set up another email account (as a son/ daughter probly set this one up for them). Why do you think AOL still has coustomers when you can get almost everything they offer for free elsewhere? because they got people hooked early on, when there was not many choices. Prehaps if enough people on hotmail hit the "this is not junk mail" button for your messages, it will whitelist you. but this may take many more emails then you are generating....

Re:Screw 'em... (1)

joe 155 (937621) | more than 8 years ago | (#15588226)

no they won't, they'll leave his company because they have an un-natural level of trust in MS. Some people think that MS can do no wrong, and they are the majority of computer users...

Very big assumptions. (4, Insightful)

Vellmont (569020) | more than 8 years ago | (#15586797)

You sound like you're making some very large assumptions about what's actually triggering the spam filters at hotmail. What makes you think it's your domain, and not the crappy MTA you're using? Spammers often use non-standard MTAs that anti-spam programs have learned to identify through header analysis. Have you tested sending mail from a standard mailer like sendmail or postfix to a hotmail account? You obviously need to confirm what's actually causing hotmail to tag your mail as spam and stop making assumptions.

Re:Very big assumptions. (1)

CXI (46706) | more than 8 years ago | (#15586933)

Ditto. For one example, if your MTA does not have correct delivery retry settings you'll get "blocked" by certain anti-spam methods. I've run into the issue several times where someone thought it was a good idea to set their retry interval to under *five minutes* even though their delay notification was still set to four hours! It tried delivery twice in five minute then gave up. Heck, forget anti-Spam, that might not even get you into a heavily loaded server. Obviously they didn't really know what they were doing.

Re:Very big assumptions. (2, Informative)

Jasin Natael (14968) | more than 8 years ago | (#15588404)

Exactly. When I need to do a mass-mailing from my PHP apps, I use a custom class that emulates some of the sendmail interface by opening a socket to a SMTP host. See 'fsockopen' in the PHP docs -- SMTP is super-simple, and if you want, I'll share my class source with you.

You just have to make sure that your production server has a trusted connection to the MTA, or write a few lines of code to authenticate against the server. Also remember that one thing that really pisses SPAM filters off is when you try to forge headers to make it look like your mail came from a desktop mail client like Outlook or Thunderbird. If your message says "I came from Outlook", and then doesn't put the headers in the same order as Outlook, or uses encodings or MIME organization that Outlook wouldn't, expect it to get dumped pretty quickly by Bayesian algorithms.

Re:Very big assumptions. (1)

Anomie-ous Cow-ard (18944) | more than 8 years ago | (#15588804)

They won't tell you. Like so much else at Microsoft, they use security-through-obscurity for their spam filter too. Pretty much all they do is suggest paying money and screwing around with your DNS [tesco.net] .

Trial and error works. (4, Insightful)

The MAZZTer (911996) | more than 8 years ago | (#15586803)

Get yourself a hotmail account and have PHP fire off e-mails to it. Tweak as needed until you get one through that's not marked as spam.

Re:Trial and error works. (1)

miyako (632510) | more than 8 years ago | (#15587499)

I don't know a great deal about how various filtering algorithms work, and even less about the filtering that hotmail has in place, so if I'm completely on the wrong track on this, then someone more in the know please set me strait
That said, I think that if you do this, you should be aware that I think that if you send out emails marked as junk, then future emails are more likely to be marked as junk. As I understand it, a lot of spam filters work by assigning various point values to different things in the email- like all caps might be 5 points- malformed headers might be 10 points. If all the points for an email add up to over a certain amount, then the email gets flagged as spam. I think that having email sent from your domain before that has been marked as junk is usually one of those things that has a fairly high point value attached to it. The theory being that someone sending spam is unlikely to also send legitimate mail from that domain- and especially that email address.

Re:Trial and error works. (2, Interesting)

Cafesolo (983349) | more than 8 years ago | (#15587905)

I did. I created two Hotmail accounts for testing. I tried sending mails from PHP using the mail() function and through the PHPMailer library (http://phpmailer.sf.net/ [sf.net] ). I also tried sending mails through Thunderbird and through my hosting service's webmail interface. My messages always have been marked as spam.

It's Probably Your Headers (3, Informative)

Anonymous Coward | more than 8 years ago | (#15586839)

I've noticed that Hotmail is very particular about the headers you send along with the message. If you send the message as a content-type: text/plain and specify a valid Message-ID, it should get through. Here is what I use for extra headers:

$PlainMailHeaders= "MIME-Version: 1.0\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Transfer-Encoding: 7bit\r\n" ."Message-ID: \r\n";

Hope it helps.

Helpful suggestions (2, Informative)

Spazmania (174582) | more than 8 years ago | (#15586862)

1. Publish an SPF record. For a custom setup like yours, you can choose a subdomain just for your application and publish a record just for it, even if you don't want to use SPF for the main domain.

2. Process the bounces. Hotmail notices and ranks the source accordingly.

3. Make sure the reverse DNS for your server matches the forward DNS and that both resolve to a server name that is not obviously a dynamic IP address. Mail from a machine named customer43.dsl.bigisp.com tends to get weighted as spam for reasons which should be obvious.

Hmm, how about this? (1)

SloppyElvis (450156) | more than 8 years ago | (#15586888)

1. Obtain a Hotmail, Gmail, or Yahoo! email account.
2. Code PHP to send emails through it to your Hotmail customers.

Occasional black-hole routing? (2, Interesting)

Doobian Coedifier (316239) | more than 8 years ago | (#15586890)

Anyone else ever find themselves without a route to any of hotmail's MXes? Once or twice per month, my mail server can't make a connection to any of the hotmail MXes. The outage typically lasts 12-72 hours, but never long enough to cause a bounce (5 days). I run tcptraceroute to port 25, and it dies at a msn.net router (the last hop that responds is 207.46.37.161). I'm on a Tier-1 ISP (Internap) sending 500-1500 messages daily to hotmail (and another 10-15k to other ISPs, with no problem). I submit to Hotmail support (gesthm@microsoft.com)... they always claim the problem must be on my end, and refuse to escalate. Just grabbing straws here to see if I'm not the only one...

Re:Occasional black-hole routing? (1)

C_Kode (102755) | more than 8 years ago | (#15588883)

I bet they happen after MS releases a patch. The servers are rebooting! Come on, we all know the drill!

My inbox (5, Funny)

Anonymous Coward | more than 8 years ago | (#15586907)

My hotmail inbox seems to only get mail about c14lis and v14gra. Perhaps you should use these keywords in your mail to help it get through?

Re:My inbox (1)

Qwell (684661) | more than 8 years ago | (#15586956)

/. needs a "sad but true" mod. You would have just gotten a +1 from me.

Contact List workaround (1)

warewolfe (877477) | more than 8 years ago | (#15586914)

A site I developed was having similar problems. In the end we had a confimation page that said that a reply was being sent automatically, and if they didn't receive a message, then to add the site address to their contact list and try again.

Most people have several accounts (1)

smitty_one_each (243267) | more than 8 years ago | (#15586919)

Why not just let them enter another, in addition to Hotmail? Maybe Google could set you up with infinite invites. I bet losing traffic to Google would get them to whitelist you post-haste.

As a hotmail user.... (1)

RingDev (879105) | more than 8 years ago | (#15587009)

I have never had a problem getting an automated response for a sign up verification. I get maybe 5-10 unsolicited spams a day (all of which go directly to a junk mail folder) and 20+ solicited spams (email lists, tech groups, companies I deal with, etc...) emails a day (once again, it all goes to junk mail).

So while other user's may have problems, I guess I'm just lucky and I've never really had a problem with Hotmail. To the extent that it has been my primary email provider since '97 (pre-MS days).

-Rick

From someone who knows... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15587045)

I work for an ESP, and frankly, I spend all day making sure people don't get things they don't want...

Domain Keys are also an excellent addition to having SPF. Different people trust different technologies, so using both is always a good idea.

To increase your chances of mail delivery to Hotmail, have a look at this: http://postmaster.msn.com/Services.aspx#JMRPP [msn.com]

You'll figure out why your messages are being junked. Most of the biggies have some sort of feedback loop/whitelisting procedure. If you business depends on these people recieving your mail, you're doing stakeholders a terrible disservice in not using them.

Re:From someone who knows... (1)

Assassin17 (60351) | more than 8 years ago | (#15587118)

I work for an ESP, and frankly, I spend all day making sure people don't get things they don't want...

And thanks to your ESP, you know what the people don't want without having to ask them.

Re:From someone who knows... (1)

Anomie-ous Cow-ard (18944) | more than 8 years ago | (#15588815)

Tried that. Didn't work, besides that I'm not using MS-sponsored technologies.

Re:From someone who knows... (1)

WuphonsReach (684551) | more than 8 years ago | (#15589896)

I'm amused by DomainKeys... all of the spam that slips through into my Yahoo! mailbox is validated by DomainKeys.

Do like FEMA (1)

gbobeck (926553) | more than 8 years ago | (#15587104)

You can do what FEMA does on their Independent Study Program - after you sumbit information, they display on the confirmation page something to the effect of "Users of Hotmail, Yahoo... please add the following address to your whitelist."

Don't allow free emails (0, Troll)

CaptainTux (658655) | more than 8 years ago | (#15587109)

I've noticed a lot of signups don't allow you to use free email services like Hotmail, GMail, Yahoo, etc for your email address. Force them to use their ISPs' address.

Re:Don't allow free emails (1)

Anonymous Freak (16973) | more than 8 years ago | (#15587262)

The only problem with this is that I don't have an ISP address. I buy my internet access as a 'business' account from my telco, which includes JUST the DSL signal, an IP address, and usage of their DNS for lookup purposes.

I have my own personal domain, as well as owning a small business, and having a domain for it.

Most sites that block free email also block my domains, since they don't recognize them as belonging to an ISP. Both domains are hosted by other companies, neither one a 'free email' domain. So it's not just that they're self-hosted. One is even by one of the big domain hosts, GoDaddy. (The email is actually handled through secureserver.net.)

Re:Don't allow free emails (2, Insightful)

horn_in_gb (856751) | more than 8 years ago | (#15587277)

I don't know this guy's target audience, but a whole lot of people don't have an ISP but still get on the net at public terminals (library, school, net cafes). They rely on free email services to have a net presence, and I think it would be sad to discriminate against them for that.

Re:Don't allow free emails (2, Interesting)

OhPlz (168413) | more than 8 years ago | (#15589020)

From what I've seen, nearly everyone has a real email account. I ran an ecommerce site for a while where I blacklisted all free email accounts as well as any email account or purchase that routed back to AOL. Those two restrictions cut the fraud down to almost nothing. I can't remember a single case where someone complained about the restriction and found they had no "real" email account they could use. A lot of people would use their work email. I did wonder if banning AOL entirely was a bit much, but I couldn't argue with the results. It elimated tens of thousands of dollars of fraud each week and cost us very in legit sales.

Re:Don't allow free emails (1)

electronerdz (838825) | more than 8 years ago | (#15589300)

Of course you never heard about it. It's because they went somewhere else. I would have.

David Coursey was delivered in my junk mail folder (2)

jkrise (535370) | more than 8 years ago | (#15587259)

I've been using a Hotmail account for about 9 years now... things were okay until Microsoft took over control. My experiences have varied after MS came in:
1. For the first year, 90% junk mails, only 10% proper mails.
2. For the second to fourth years, 50 - 50.
3. Three years back, proper mails got landed in the Junk mail folder, and junk mail in the Inbox... that's when David Coursey's (Chief Microsoft aplogist, then at ZDNet Anchordesk) mail got delivered in the Junk folder.... on second thoughts it seems sorta right now!
4. I lost interest a year ago, just 2MB box-size.. didn't check my account - and boom! all mails lost.
5. NOW: There's more than 25 MB, but it's been months since I checked my hotmail. Not much spam, but I've lost interest after getting a gmail account.

Short answer to your question: You're better off writing a utility that swaps Junk mail and the Inbox for hotmail users. Microsoft doesn't like PHP. Open up PHP and email in google, you'll find 100s of pages of Vulnerabilities, BEFORE coming to the functionality.

Re:David Coursey was delivered in my junk mail fol (1)

Threni (635302) | more than 8 years ago | (#15588055)

> 4. I lost interest a year ago, just 2MB box-size.. didn't check my account - and boom! all mails
> lost.
> 5. NOW: There's more than 25 MB, but it's been months since I checked my hotmail. Not much spam,
> but I've lost interest after getting a gmail account.

Keep checking your Gmail account if you don't want to lose everything. Once every 9 months, I think it is.

OH, and spam filtering in Gmail has got a *lot* worse in the last couple of months. It used to be faultless, but now I get 5 or 10 spam a day in my inbox (in addition to my Spam folder, which my random checks show no false positives).

PTR record and hostname in HELO (1)

Etyenne (4915) | more than 8 years ago | (#15587476)

Two things :

- Make sure you have a PTR record correctly set to your hostname so that reverse lookup work. Whoever have been assigned the block from which your IP is taken (most likely, your ISP) is the one to contact for that.

- Make sure the HELO/EHLO greeting of your MTA match the FQDN in the PTR record for the IP your mail appear to be coming from. In other words, make sure the hostname is set correctly on your mail server.

Sorry for the elitism, but if you don't quite understand the above, maybe you should not be running a mail server in the first place ...

Re:PTR record and hostname in HELO (1)

VxJasonxV (792809) | more than 8 years ago | (#15588197)

Three words for you:
Shared
Hosting
Account

simple (2, Insightful)

firebus (49468) | more than 8 years ago | (#15587577)

don't require users to activate the account via email.

i work on a medium sized, event driven, community website, and year after year we had the same problem - tons of people signing up at once, and a sizeable percentage of them wouldn't receive an activation email no matter how hard they tried.

this led to much customer support.

so we stopped requiring activation.

and it hasn't been a problem.

when you think about it, activation is useless. what benefit do you get out of it? you proved that some guy had access to some email account at single point of time in the past. so what? anyone who wants to get an account can sidestep your activation requirement with a throwaway email address. you're putting up a barrier to your less technically inclined customers without providing ANY benefit in return.

Re:simple (1)

heikkile (111814) | more than 8 years ago | (#15587948)

don't require users to activate the account via email. when you think about it, activation is useless. what benefit do you get out of it? you proved that some guy had access to some email account at single point of time in the past. so what? anyone who wants to get an account can sidestep your activation requirement with a throwaway email address. you're putting up a barrier to your less technically inclined customers without providing ANY benefit in return.

I disagree! Activation is very important! Without it, any practical joker can sign me up to what ever lists he wants. And since I have not given consent to this, the list owner is in fact guilty of sending me unsolicited mail. This is likely to get him across the European spam laws, and may result in large fines. Not to speak of various blacklists and other uncomfortable things.

Do require activation, or count yourself as a spammer!

Re:simple (0)

Anonymous Coward | more than 8 years ago | (#15588078)

Without email confirmation you cannot know that email addresses you have are valid subscribers. As long as you don't send out emails you don't need the email address, and your point is valid.
But if you send out any email (reminders, notifications) you should have verified that the email at least doesn't belong to someone else.

The point of verifying the email is to prevent becoming a spammer :)

Address book (2, Informative)

Ash-Fox (726320) | more than 8 years ago | (#15587802)

The best way to make sure people get the e-mail (provided it isn't thrown off with invalid SPF records), is to get them to add said e-mail address to their online address book.

Content could be flagged as spam (1)

Jumbo Jimbo (828571) | more than 8 years ago | (#15587846)

It has a user registration system that sends a link via email to activate new accounts.

Some ways of flagging spam involve analysing the content to see if it looks like a spam email. Does your email just contain a link, or a link and a very small amount of text? If so this could be one reason it is flagged as junk.

Try adding some more infromative text (e.g. Welcome text, eplanation, help) and see if this helps any. As the email filter may well score emails to see if they qualify as spam, this may help you you raise your score and get int the user's main mailbox.

you're doing two things wrong (0, Flamebait)

dJOEK (66178) | more than 8 years ago | (#15588193)


A. you're re-inventing the wheel. php login systems are plenty and better tested than yours. Don't be arrogant.

B. you're developing a website that attracts a crowd in which the majority uses hotmail.

change your ways while you still can

Re:you're doing two things wrong (0)

Anonymous Coward | more than 8 years ago | (#15588554)

A. So these people must be arrogant? No other possible explanation?

B. And people that use hotmail must be idiots?

Talk about being arrogant.

PHPMailer with SMTP (and less spammy emails) (1)

Phil John (576633) | more than 8 years ago | (#15588251)

Maybe your signup message/test messages look too much like spam? Try to avoid use of exclamation marks, mispellings, ALL CAPS, etc.

We have an e-commerce package that sends emails to HoTMaiL, AOL mail, yahoo, gmail and lots more fine using nothing more than the PHPMailer class.

One quick suggestion, do you use PHPMailer with the mail method or with the smtp method? We use smtp as using the PHP mail() function does sometimes end up getting you flagged as spam, no idea why though! PHPMailers SMTP client seems to do a much better job (albeit with slightly increased server load)

The situation is actually MUCH worse than that (2, Interesting)

robosmurf (33876) | more than 8 years ago | (#15588295)

Actually, sending mail to Hotmail is much worse than that.

The Symantec BrightMail filters that Hotmail uses will silently delete mail. The sender will see no indication that the mail failed, but the message will be deleted; it will NOT necessarily appear in the Junk Mail folder.

I've been using Hotmail for years, but have recently been having terrible trouble with it losing messages from mailing lists that I am on, even with spam protection set at its lowest level.

Hotmail is NOT a reliable email system.

As far as I can tell, the only real solution to this is to tell your recipients not to use Hotmail.

Shared server's IP blacklisted (1)

BestNicksRTaken (582194) | more than 8 years ago | (#15588302)

I expect you're on a shared server.

Stupid blacklists seem to blacklist by IP (or sometimes IP range!) instead of domain, which means that if one spammer is using your box, then all domains on that box will get blacklisted.

This is why my Email gets marked as spam by Yahoo. Sometimes it happens due to reverse DNS too (if you don't have complete control of your DNS, your reverse lookup may be a different domain - usually your host or ISP).

The best option is to colocate your own server, but it's too pricey for the average PHP hacker.

Or you could try complaining to e.g. Spamhaus and your host every time your IP gets blacklisted.

email() (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15588394)

Probably a little late to actually be read by anyone, but I find that the script at http://poss.sf.net/email [sf.net] always manages to get my mail through the filter as it meets Microsoft's requirments to send the mail to Hotmail accounts by default, well, unless you are being blocked because the mail you send is actually very spam like... "8Uy \/i4gr4 |\|0w!!!"

Simple solution (1)

conlaw (983784) | more than 8 years ago | (#15588797)

Send a message to your Hotmail users by snail mail. In that message, have them send you an email from their hotmail account. When they send that message, they'll have the option to add you to their Hotmail contacts by just clicking a check box and "ADD." Once you're one of their contacts, you should be able to send them mail as often as you want.

Have you entered an SPF record? (1)

Ucklak (755284) | more than 8 years ago | (#15589798)

I've had this issue with Hotmail and AOL users. Once I put in the SPF record in the DNS, all mail went through.
http://www.openspf.org/ [openspf.org]
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>