77 Matching Annotations
  1. Jan 2024
    1. A simple survey should be offered during the unsubscribe process to allow customers to provide feedback about why they are leaving.
    2. Do not send a confirmation email as it can be a violation of CAN-SPAM and you risk further alienating consumers.
  2. Sep 2023
    1. You must include at least the mailto portion of the List-Unsubscribe header, since some services only support this portion (iOS, for example). However, many inbox providers and mail clients honor both methods. To ensure that the greatest number of your recipients have the ability to unsubscribe from your emails, thus protecting your reputation as a sender, we recommend including both mailto and http.
    2. You must include at least the mailto portion of the List-Unsubscribe header, since some services only support this portion (iOS, for example). However, many inbox providers and mail clients honor both methods. To ensure that the greatest number of your recipients have the ability to unsubscribe from your emails, thus protecting your reputation as a sender, we recommend including both mailto and http.
    3. List-Unsubscribe is a small piece of text that can be inserted in the header section of your email. The List-Unsubscribe header will insert an “unsubscribe” button, or link, next to the From address at the top of your email. A recipient can click this link to notify you that they would like to unsubscribe from your emails.
    1. List-unsubscribe can help reduce spam complaints.If subscribers can’t find the unsubscribe link, they may click the spam reporting button instead. This could hurt your email deliverability and sender reputation. To mailbox providers, a spam complaint is a spam complaint, regardless of whether the recipient actually perceived the message as malicious.
    2. Support for list-unsubscribe varies across email clients.
    1. Apparently, Google uses some additional heuristics to decide whether the link should be displayed or not. The List-Unsubscribe header could be abused by spammers to validate that their target got the message, and thus, GMail only shows the unsubscribe link if the source of the message has accumulated sufficient trust.

      Shouldn't it be controllable by the end user, in the same way that they can press a button to show all images if images are blocked by default for security/privacy reasons??

  3. May 2023
    1. Please can we (a) retain case information from the email address the student uses to set up their account (in case their mailbox is case sensitive), and use that when sending password reset emails, etc., but also (b) when checking credentials for login or setting up an account, treat the email address as non-case-sensitive. The upshot would be if someone registered with Student@City.ac.uk, all emails would go to Student@City.ac.uk, but the student would be able to log in with student@city.ac.uk, and if someone later tried to set up an account with student@city.ac.uk they'd be told that the user already exists.
    2. Although there's an argument for keeping case sensitivity for the local mailbox (as they can be case sensitive, depending on how they're set up, though I haven't come across case sensitivity in university emails), the domain part of the email address is not case sensitive and should not be treated as such. Please can we (a) retain case information from the email address the student uses to set up their account (in case their mailbox is case sensitive), and use that when sending password reset emails, etc., but also (b) when checking credentials for login or setting up an account, treat the email address as non-case-sensitive. The upshot would be if someone registered with Student@City.ac.uk, all emails would go to Student@City.ac.uk, but the student would be able to log in with student@city.ac.uk, and if someone later tried to set up an account with student@city.ac.uk they'd be told that the user already exists.
    1. If you are storing email addresses then you probably should store them in their original case (the recipient at least) to be safe. However, always compare them case-insensitively in order to avoid duplicates.
    1. However, it's difficult to rely on a case-sensitive email address in the real world because many systems (typically ones that have to handle data merging) don't preserve case. Notably systems that use email addresses for user IDs, or any system that has to collate data from multiple sources (CRMs, email broadcast systems, etc) will either normalise case or treat them case-insensitively.
    2. However, for all practical purposes in the modern age, I believe you can consider email addresses to be case insensitive.
    1. a SHOULD is always trumped in RFCs by a MUST. The fact that hosts SHOULD do something means that they might not and I just wanted reassurance that, in reality, the SHOULD is a bit more widely adopted than its definition implies.
    1. While email addresses are only partially case-sensitive, it is generally safe to think of them as case insensitive. All major providers, such as Gmail, Yahoo Mail, Hotmail, and others, treat the local parts of email addresses as case insensitive.
    2. According to RFC 5321, the local part of the email address is case sensitive. This means that, in theory, SoMething@something.com is not the same as something@something.com. However, email providers have the liberty to treat the local parts as both case sensitive and case insensitive.
    1. Are Email Addresses Case Sensitive? Technically, the answer is yes. However, email addresses are typically not case sensitive; if you type your email address into a form and accidentally capitalize one or two letters, it probably won’t prevent the sender from emailing you.
    2. The local part does, in fact, take the case into account, as per RFC 5321. However, Email Service Providers (ESPs) are aware of the potential confusion that could result from allowing upper-case letters.
    1. In short, while it’s technically possible to make the part before @ case sensitive, most popular email servers do not allow that. 
    2. Most big email providers like Gmail, Outlook and even company email address hosted on Google Suite are not case sensitive. Just to avoid any unnecessary confusion. However, in extreme cases, some large companies, implement case sensitivity on their server as some people can often have the same first and last name. But in general, this creates more confusion, than the usability, which is why most standard email providers avoid case sensitivity. 
    1. Either way, at some point almost everyone started treating addresses as case-insensitive.
    2. Despite it being commonplace to “fix up” email addresses by lowercasing them — or, in financial/government contexts, uppercasing them — email addresses are clearly defined as case-sensitive in the only standard that matters.
    1. Since using case insensitivity is so widespread, take their sign up email address and make it lower case. Whenever they try to log in, convert that to lowercase as well, for comparison purposes, when you go to see if the user exists. As far as sign up and sign in go, do a case insensitive comparison. If the person signs up as Steve@example.com, you'll still want to allow them to sign in later with steve@example.com or sTeVE@example.com.
    2. But you should also keep track of the email address that they signed up with in a case sensitive fashion. Any time you send an email to them, be sure to send it with that original casing. This allows the email server to handle it however it feels like it needs to. So even though the person may always be signing in to your site with steve@example.com, if they signed up as Steve@example.com, you'll always send email to Steve@example.com, just to be safe.
    3. The de facto standard is to treat local mailboxes as case insensitive, but the official standard says case matters (though even the official standard mentions the de facto standard).
    1. So yes, the part before the "@" could be case-sensitive, since it is entirely under the control of the host system. In practice though, no widely used mail systems distinguish different addresses based on case.
    2. In short, you are safe to treat email addresses as case-insensitive.
    1. Since the case sensitivity of email addresses can create confusion and delivery problems, most email providers and clients either fix the case if the email address is entered in the wrong case, or they ignore upper-case entries. Not many email services or ISPs enforce case-sensitive email addresses.
  4. Apr 2023
    1. By default SMTP offers very little protection against interception. Traffic may be encrypted between servers but there are no guarantees.

      And how likely is it that the attacker actually owns one of the servers that is a hop on the way from mail sender to mail recipient?? Seems extremely unlikely.

    2. email as a transmission mechanism isn't secure.
  5. Mar 2023
    1. What are transactional emails? Typically any email that is triggered by or sent automatically from your application.
    2. Welcome emails Actionable emails Password resets Receipts Monthly invoices Support requests App error alerts Reminders etc.
    1. for instance, when the recipient’s address is full (a soft bounce: just wait and re-send) or worst, when it’s non-existent (a hard bounce: you need to remove the account from your list)
  6. Dec 2022
    1. Let’s say, you’ve set up the list-unsubscribe header to you email campaign. Check out whether it works by sending an email to a test inbox. For Gmail, you’ll see the unsubscribe option in the header right next to the sender name
    1. Errors-To is deprecated, so mail servers will typically ignore this header - most servers will bounce will to the 'envelope sender'. This is the email address that your mail client sends as part of the connection to the SMTP server (not necessarily the From address - though it typically is the same).
    1. Postmark separates email traffic through Message Streams, meaning that transactional and broadcast traffic never intersects in Postmark, including IP ranges. This is a longstanding best practice for ensuring optimal deliverability. Transactional message streams are for messages that are usually unique and triggered by a user action like a password reset, opted-into weekly digest, or receipts. Transactional streams do not support bulk messages. Broadcast message streams are for bulk messages that sent to multiple recipients at once like announcements, newsletters, or other application email.
    1. The best at transactional email because we never let them mix with bulk messages. You might say that Postmark has serious street cred with inbox providers. To protect the delivery of your transactional emails, it’s crucial to separate them from your bulk or promotional emails. With Message Streams, we’ve built a parallel but completely separate sending infrastructure for these two different types of emails. We don’t let them mix. Ever.
    1. List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: <https://solarmora.com/unsubscribe/example>
    2. Here are some recommended unsubscribe methods: Include a prominent link in the message that takes recipients to a page for unsubscribing. Let recipients review the individual mailing lists they’re subscribed to. Let them unsubscribe from lists individually, or all lists at once. Automatically unsubscribe recipients who have multiple bounced messages. Periodically send a confirmation message to recipients to make sure they still want to get your messages.
    3. Let recipients easily unsubscribe Always give recipients a way to unsubscribe from your messages. Make unsubscribing easy. Letting people opt out of your messages can improve message open rates, click-through rates, and sending efficiency.
    4. Make sure recipients can easily subscribe
    1. Many mail systems allow recipients to report mail as spam or junk, and mail streams from senders whose mail is often reported as junk tend to have poor deliverability. Hence, the mailers want to make it as easy as possible for recipients to unsubscribe; if an unsubscription process is too difficult, the recipient's alternative is to report mail from the sender as junk until the mail no longer appears in the recipient's inbox.
    2. Operators of recipient mail systems are aware that their users do not make a clear distinction between unsubscription and junk.
  7. Nov 2022
    1. You can definitely set the Return-Path header as a sender. But yes, some receivers might rewrite it (But not always ), or depending on who you're sending through, it might be re-written by them. For instance when using MailGun to send bulk email you have to do things just right in order to set a Return-Path that will be preserved. I know this contradicts the RFC you cite, but it's in practice true.
    2. Return-Path header is written by the receiving server, not by the sending server. And as per the RFC 5321, it is the same as the address supplied in MAIL FROM command.
  8. Oct 2022
    1. eMail hat tatsächlich nicht mehr den Stellenwert wie früher - als es wirklich noch wie schnellerer Briefverkehr genutzt wurde und deutlich förmlicher und verbindlicher war. Heute sehe ich das auch die Kundschaft eMail schon auf SMS-Niveau benutzt, was mir in der Seele wehtut, weil das eine völlig unwürdige Form der Kommunikation ist.
    1. Importante fornecer um e-mail válido para a solicitação da nota fiscal.
  9. Sep 2022
    1. Snail mail can be too slow, and email isn't secure. So that leaves us with the decades-old, but still reliable, fax.

      email is secure enough. Why do people keep perpetuating this myth?

  10. Feb 2022
    1. Hence an email address/mailbox/addr-spec is "local-part@domain"; "local-part" is composed of one or more of 'word' and periods; "word" can be an "atom" which can include anything except "specials", control characters or blank/space; and specials (the *only* printable ASCII characters [other than space, if you call space "printable"] *excluded* from being a valid "local-part") are: ()<>@,;:\".[] Therefore by the official standard for email on the internet, the plus sign is as much a legal character in the local-part of an email address as "a" or "_" or "-" or most any other symbol you see on the main part of a standard keyboard.
    2. There's a common design flaw on many many websites that require an email address to register; most recently I came across this bug on CNet's download.com site: for some reason they don't accept me when I try to register an email address containing a "+", and they then send me back saying my address is invalid. It isn't!
    3. "+" is a completely valid character in an email address; as defined by the internet messaging standard published in 1982(!) RFC 822 (page 8 & 9)... Any website claiming anything else is wrong by definition, plus they are prohibiting me and many fellow anti-spam activists from tracking where inbound spam comes from:
  11. Aug 2021
  12. Feb 2021
    1. URI::MailTo::EMAIL_REGEXP

      First time I've seen someone create a validator by simply matching against URI::MailTo::EMAIL_REGEXP from std lib. More often you see people copying and pasting some really long regex that they don't understand and is probably not loose enough. It's much better, though, to simply reuse a standard one from a library — by reference, rather than copying and pasting!!

  13. Mar 2019
    1. Carson Farmer noted that GMAIL is fundamentally a better user experience because individuals didn’t need to run their own protocols or set up their own servers.

      If so, why then not use ProtonMail that does not serve ads, abuse your data, and gives you the option for built-in e-mail encryption?