Naming personal email address with own domain - naming

I am planning to host my own mail server at a personal website with my name as the domain name. What is the naming convention for such personal email address at a personal domain? my_name#my_name.com sounds silly and is repetitive.

The biggest downside of using conventions for emails (contact# webmaster# admin# and others) is that it's more likely you'll receive spam. I suggest thinking out of the box here and coming up with something you like hello#my_name.com
As a side note, you probably have a very unique first name if you managed to get it with a .com :)

i use firstname#lastname.com for my personal email, this leaves room for other people (brother, sister, son, daughter, ...) to get their own emails in the domain as well.
I also use Google Apps for this which is a lot easier, probably a lot cheaper, and a lot less fuss than running my own mail server.

Related

How to stop fake members from signing up? These are not bots

I have an old dating site and I'm having some real problems lately with fake members signing up. The problem is these are NOT bots, they are real people (but scammers) browsing throughout the site, signing up and trying to contact our real members, which is a real pain.
Here is what I have implemented:
reCaptcha
IP logging - Banning IPs
Email Verification
User is required to fill out entire profile
I can see based from IP addresses that many of these fake members are usually from various countries in Africa (Nigeria, Ghana, etc), but they will state in their profiles that they are from America. Or there will be a US profile that says they are from Arizona, but their IP will show New York. These members are easy to find and block. (Yet after all the work they have to do to get a profile set up on my site and have it banned, they keep coming back)
PROBLEM:
Some members are really experienced scammers and their IP addresses match their user profile US-based location exactly. In some cases, I know they are fake members, but in other cases I'm not so sure. The only other tool I have is to manually search for their profile descriptions line-by-line on Google to find their profiles on other sites, to see if there is anything suspicious.
Sometimes this works, but sometimes their profiles are the same on other sites and nothing seems "off", and sometimes their profiles are completely unique to my site and cannot be found anywhere else. Yet their profile and photo seems "off" (super model photo?), they'll still attempt to contact other members immediately...
Any advice on what to do about combating these type of advanced fake members? Help is greatly appreciated.
It is common for their IP location to not match their address. These people maybe behind VPNs. This means they are somewhat savvy and do spend money.
You can try requiring a phone number. This helps contacting them and gage trust.
How I see the problem, your time is better spent servicing these new members. Incorporate features like a helpdesk and use a customer centric strategy. Bad behavior can be discourage with expiring bans and holding back site features.

IIS SMTP used to relay Contact Us form messages to Gmail has been blacklisted by Google

I have 2 Windows 2008 R2 boxes running in Microsoft Azure. My ASP.NET 4.0 site (let's imagine it's running at "example.com") has a standard Contact Us form.
When a user sends a Contact Us message, I use System.Net.Mail and SmtpDeliveryMethod.Network to deliver mail to an IIS6 SMTP server running on each box, which sends the mail to a Google Apps "enquiries#example.com" account, using the email address the user entered into the Contact Us form as the "From" address.
This was working beautifully for a year until I checked it today, and found this error in a .BDP file in the \Badmail folder:
550-5.7.1 Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been blocked. Please visit http://www.google.com/mail/help/bulk_mail.html to review our Bulk Email Senders Guidelines.
Obviously Google upped their anti-spam strategies in the last 6 months - last time it worked was Feb 2013 (yeah, we don't get much mail luckily... yet).
I've read the Bulk Senders Guidelines linked above, but they're not really suited to my use case. My case is not sending emails from our server to users of our site (I simply use the Gmail API and send from our enquiries#example.com for that), but rather to collect users' enquiries so that we can easily respond by clicking Reply in that inbox.
I am looking for the easiest solution here. In response to the ones in Google's Bulk Senders Guidelines:
Use a consistent IP address to send bulk mail: I already do, doesn't seem to help
Reverse DNS: Godaddy, my domain and DNS provider doesn't seem to support them: http://support.godaddy.com/groups/domains-management-and-services/forum/topic/how-do-i-setup-reverse-dns/ Anyone know if there's a way?
Use the same address in the 'From:' header on every bulk mail you send: This is totally not my use case. I'll have different From headers in every email
SPF record: I think this only works if I am sending From ...#example.com every time. Is that right? My feeling is SPF doesn't help me here. Would love someone to enlighten me.
DKIM: This looks hellishly complicated, but I'll pursue it if someone thinks it can work in this case. Specifically is it OK that the From address doesn't match the "signing domain"? Anyone got any good "how to" links? And will this be sufficient for Google to un-blacklist me?
Sendgrid: Azure's preferred mail sending app. This means signing up, code changes, testing, and unknowns like "does Sendgrid allow any From address? It's non-trivial, and I'd like to avoid this, but again, will go there if it's what people think is the sanest option.
As a general answer to your questions, sending email on behalf of many different domains from one IP (e.g. example.net, example.org, and ex.co from 10.0.0.1) is generally seen as spammy behavior (and therefor not recommended).
Your points 1-5 only apply if you're sending from one domain. rDNS, SPF, and DKIM only improve delivery for one IP to one domain (in a generally 1:1) relationship.
Generally, the best way to avoid getting marked as spam in a situation like this is to set the From email as a consistent one that you actually control (e.g. enquery-sender#example.com), and then setting the Reply-To as the entered address (e.g. enquirer#someprovider.com). This way you consistently send from one domain, while still getting the benefit of replies going to the message originator (for example LinkedIn does it this way). Doing this will allow you to setup rDNS, SPF, and DKIM with benefit.
That said, if you decide that you don't want to use the recommended Reply-To method, you can use SendGrid to send from any arbitrary domain. It should not require any significant code change (just switching your current SMTP credentials to SendGrid's).
Disclaimer: I am a SendGrid employee.

How does MSN filter spam?

I am trying to create a newsletter for our business.
The last few days have been spent testing, and one of things I have noticed is that MSN seemingly randomly filters out some of my test messages.
This is super-frustrating.
I like the PEAR Mail MIME-package, and have been using that. I may send one email from one of our servers, resulting in the message getting through, and in the next minute, the same message sent from our other server ends up in the junk folder. Then if I add an attachment to the email, and the same message passes though the filter from the server that was previously blocked. I think. What the ####? Is this like throwing a dice, without me having any control over what is trash, and what isn't?
I have sent email from several servers, all of which are shared. But I am unsure this is the problem. The problem is that it is seemingly random how MSN filters email. Some emails get through, and some other don't for seemingly irrational reasons.
I am running out of ideas, but I am not giving up. Therefore I am writing to you for HARDCORE technical info on how MSN filters spam.
First of all, this is probably better suited for ServerFault. The problem is more infrastructure related than application related.
This is a common problem and isn't completely solvable especially if you are using shared mail servers. But there are things you can do to increase the likelihood that your mail will be accepted by mail services.
Run your own mail server, do not use a shared server. This way you will have better control over the mail server's reputation. Mail server reputation is important, as others using the server can cause its reputation to drop, which makes your mail to be less likely to be accepted. The important thing is to have your own dedicated IP number.
Make sure you have reverse DNS set up for your mail server. Not having reverse DNS properly configured is a great way to have your mail rejected.
Use SPF, SenderId, DomainKeys, and DKIM. I believe MSN uses SenderId. These provide you with a way to tell the other mail server that the sending mail server is an approved server for sending mail from your domain name. If these pass, then the mail is much less likely to be spam. Here is an article on these things:
http://www.digitalsanctuary.com/tech-blog/debian/setting-up-spf-senderid-domain-keys-and-dkim.html
Don't send spam! If you do all these things and still send spam, you'll still have troubles.
Monitor for bounces, possibly using VERP.
Make sure to provide a means to opt-out of your list.
Additional advice can be found here:
https://serverfault.com/questions/48428/how-to-send-emails-and-avoid-them-being-classified-as-spam
Here's an example of the SPF configuration I use:
https://serverfault.com/questions/122121/dns-zone-file-spf-configuration-to-support-sending-mail-from-multiple-servers-and
Newsletters especially can easily look like spam. You might consider using a service like MailChimp or similar that specializes in email marketing and mass emailing. They will make sure to tend to all the technical details, remove their servers from blocklists if they get blocked, and so forth. They also provide you with opt-out features, CAN-SPAM compliance, and more.
I've found the Spamtacular blog to have good information as well (it looks like they are having some technical issue right now - hopefully it will be online when you view this).

How to validate the ownership of the website?

e.g. Google Webmaster Console does it by asking website owners to upload a file with specific name. Other services use the same approach.
Is there any reason why not verify ownership by simply asking people to confirm by clicking the email that was sent to the email under that particular domain? (provided that website does not give out its users email addresses like gmail etc)
Because it is the most direct and 100% bulletproof way to find out if the guy has the control over the site in question.
Email address "under" the domain can belong to the admin while the site is actually managed by the developer.
Also, many use anonymous registration, in which case email will be sent to the registrar address (though it will usually forward to your real address or at least notify you).
I have a GMail account doesn't mean I own the gmail.com domain. Like 'Developer Art' said, uploading a file shows that you have access to web-hosting portion of the domain.
How would they know that you are the person at that domain responsible for the website unless you modify it in some way? I have a company e-mail address - that doesn't mean I'm responsible for the company website.
I can prove that I "own" Yahoo, Hotmail, Gmail, and many others with your proposed verification technique. What's so hard about uploading a file to a server for someone doing web work?
I think the intent is, "If you own the site, please place this verification file in your site's root directory." Once the verification system sees the file there, ownership is verified. At the very least, it confirms the ability to post to a site's root folder. Not having this expectation of your users might open you up to folks doing malicious activities as someone else's site because you didn't properly verify ownership. In legal circles, we call that, "due diligence."
E-mail... you know, I keep receiving messages from banks I don't have accounts with, the British Lottery and even more from a guy in Nigeria. They look real. Now that I think about it, maybe I should forward all of their e-mails to each other. The lottery guys and the Nigerian guy can put all their money into the fake bank accounts. Spam problem solved!

Getting back control of a domain taken by the "Domain Registry of America" scam

One of my clients ended up getting sucked into the "Domain Registry of America" scam letters that they send out and has now effectively lost the domain to them. My clients name is still the registrant, admin and technical contact but all the other details - address, phone, email - are for the DRoA. I expect we will not be able to get the domain back because of this. Anyone have any possible solutions other then waiting for the domain to expire?
Thanks
I think your client might possibly want to pursue this with his lawyer. It's possible that DRoA acted fraudelently. No doubt that DRoA has their scam all figured out, so it's unlikely that your client will get his domain back without ponying up some cash, but a nice legal nasty-gram might shake them up a bit.

Resources