Slashdot Mirror
Sending Mail to Hotmail Users?
Cafesolo wonders: "I'm developing a web application using PHP. It has a user registration system that sends a link via email to activate new accounts. I've found that sending mails to Hotmail accounts is very difficult, because the spam filter is very strong and it filters lots of non-junk messages. I think the spam filter blocks any email whose domain isn't in an internal whitelist (which might contain popular domains, like hotmail.com itself, gmail.com, yahoo.com, msn.com, etc). Most of my users have Hotmail emails. I can't simply tell my users to read the junk folder because most of them are not computer-savvy and that seems to be a bit confusing to them. Has anyone managed to solve this problem? Did somebody try to contact Microsoft? Is there any way to get whitelisted? Can an independent programmer get his domain whitelisted?"
Did you see this article? http://yro.slashdot.org/yro/04/05/05/1237245.shtml ?
Also, have you tried sending the email spoofing the receivers email address? You can set the "from" header to their own address. Of course, this won't help ip based whitelists, but it will help many emails make it through for some mail hosts (few users block their own email address)
Funnypics
Welcome to my world. I work on email deliverability for a financial services company, so no, I'm not a spammer. Hotmail makes two tools available to you to help you get your email delivered:
MSN Smart Network Data Services: http://postmaster.msn.com/snds/
This will let you put in your SMTP's IP address and it will give you consolidated stats on how much mail was received, and how much was filtered as spam.
Sender Score Certified: http://www.senderscorecertified.com/
This company will "certify" you as a safe sender, and Hotmail will let your emails in unfiltered. The catch is you have to pay for this.
Good luck. It isn't easy, but at least there are some tools at your use.
Grab something like SpamAssassin, and set it up to add headers telling you what rules have been triggered. Then send an email from your web application to that account, and examine the headers. While Hotmail probably don't use the exact same rules as SpamAssassin, it's an easy way to spot obvious stuff for you to fix. For example, using too much HTML, particular phrases, too many capital letters, being on blacklists, etc, can all be remedied by you without Microsoft's involvement.
I also seem to remember that Hotmail strongly discriminates against senders who don't have SPF set up, so it's probably a good idea to enable that for your domain.
Bogtha Bogtha Bogtha
My domain has a SPF record and I never had issues sending email to anyone on hotmail or other services.
c hnologies/senderid/wizard/
See:
http://www.microsoft.com/mscorp/safety/content/te
&
http://openspf.org/wizard.html
Punch them in the face for using hotmail and get them a REAL email account. No, but seriously... I don't know if there's any (reasonable) way you're going to easily get around hotmail's "security". You could try contacting hotmail support about the problem... lord knows how much good that will do you :D. You could find a trusted host that it accepts links from, set up a mail account there, and have the mail automatically forwarded (though if you don't want it to be a mass [i.e. all the same] email you would have to create a different account for each person). That's all I can think of (other people mentioned spoofing the "from"... that probably won't get you far, most spam filters reject anything that doesn't have a matching reverse DNS lookup... but I've never tried it with hotmail, so I guess you could give it a go).
A computer once beat me at chess, but it was no match for me at kick boxing.
if they're producing false positives, they're doing a disservice to their customers. Their problem, not yours. Eventually their customers will figure it out and leave.
"National Security is the chief cause of national insecurity." - Celine's First Law
You sound like you're making some very large assumptions about what's actually triggering the spam filters at hotmail. What makes you think it's your domain, and not the crappy MTA you're using? Spammers often use non-standard MTAs that anti-spam programs have learned to identify through header analysis. Have you tested sending mail from a standard mailer like sendmail or postfix to a hotmail account? You obviously need to confirm what's actually causing hotmail to tag your mail as spam and stop making assumptions.
AccountKiller
Get yourself a hotmail account and have PHP fire off e-mails to it. Tweak as needed until you get one through that's not marked as spam.
I've noticed that Hotmail is very particular about the headers you send along with the message. If you send the message as a content-type: text/plain and specify a valid Message-ID, it should get through. Here is what I use for extra headers:
."Message-ID: \r\n";
$PlainMailHeaders= "MIME-Version: 1.0\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Transfer-Encoding: 7bit\r\n"
Hope it helps.
1. Publish an SPF record. For a custom setup like yours, you can choose a subdomain just for your application and publish a record just for it, even if you don't want to use SPF for the main domain.
2. Process the bounces. Hotmail notices and ranks the source accordingly.
3. Make sure the reverse DNS for your server matches the forward DNS and that both resolve to a server name that is not obviously a dynamic IP address. Mail from a machine named customer43.dsl.bigisp.com tends to get weighted as spam for reasons which should be obvious.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
1. Obtain a Hotmail, Gmail, or Yahoo! email account.
2. Code PHP to send emails through it to your Hotmail customers.
Anyone else ever find themselves without a route to any of hotmail's MXes? Once or twice per month, my mail server can't make a connection to any of the hotmail MXes. The outage typically lasts 12-72 hours, but never long enough to cause a bounce (5 days). I run tcptraceroute to port 25, and it dies at a msn.net router (the last hop that responds is 207.46.37.161). I'm on a Tier-1 ISP (Internap) sending 500-1500 messages daily to hotmail (and another 10-15k to other ISPs, with no problem). I submit to Hotmail support (gesthm@microsoft.com)... they always claim the problem must be on my end, and refuse to escalate. Just grabbing straws here to see if I'm not the only one...
My hotmail inbox seems to only get mail about c14lis and v14gra. Perhaps you should use these keywords in your mail to help it get through?
A site I developed was having similar problems. In the end we had a confimation page that said that a reply was being sent automatically, and if they didn't receive a message, then to add the site address to their contact list and try again.
Then again, I could be wrong.
Why not just let them enter another, in addition to Hotmail? Maybe Google could set you up with infinite invites. I bet losing traffic to Google would get them to whitelist you post-haste.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
I have never had a problem getting an automated response for a sign up verification. I get maybe 5-10 unsolicited spams a day (all of which go directly to a junk mail folder) and 20+ solicited spams (email lists, tech groups, companies I deal with, etc...) emails a day (once again, it all goes to junk mail).
So while other user's may have problems, I guess I'm just lucky and I've never really had a problem with Hotmail. To the extent that it has been my primary email provider since '97 (pre-MS days).
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I work for an ESP, and frankly, I spend all day making sure people don't get things they don't want...
Domain Keys are also an excellent addition to having SPF. Different people trust different technologies, so using both is always a good idea.
To increase your chances of mail delivery to Hotmail, have a look at this: http://postmaster.msn.com/Services.aspx#JMRPP
You'll figure out why your messages are being junked. Most of the biggies have some sort of feedback loop/whitelisting procedure. If you business depends on these people recieving your mail, you're doing stakeholders a terrible disservice in not using them.
You can do what FEMA does on their Independent Study Program - after you sumbit information, they display on the confirmation page something to the effect of "Users of Hotmail, Yahoo... please add the following address to your whitelist."
Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
I've noticed a lot of signups don't allow you to use free email services like Hotmail, GMail, Yahoo, etc for your email address. Force them to use their ISPs' address.
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
Falsifying headers is illegal, but I doubt anyone will actually pursue a small-time website operator who's sending otherwise legitimate traffic.
But for many of us forging headers is an automatic death sentence. I've walked away from existing business relationships where I had non-refundable credits because a customer support request was answered with a forged header.
On the other side of the table, it's one of the few actions where I would not hestiate to recommend immediate termination for cause if I caught a member of our staff pulling that stunt. (The other actions are using the computers to perform illegal acts or to distribute pr0n/warez.)
The reason it's so serious? It shows a culture that has a casual disregard to the consequences of identity fraud. If you forge mail that appears to come from me, then who else are you sending those forged messages to? Why should I believe your answer? Trust, once lost, is not easily recovered.
(BTW this doesn't even address the original point of getting past spam filters. Like many sites I have my MTA set up to reject incoming messages that claim (in the envelope) to come from my own domains. I know who I am and anyone claiming to be 'me' is, prima facie, making fradulent claims and should be treated accordingly. The last time I checked that test, by itself, was blocking about a third of inbound traffic.)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
I've been using a Hotmail account for about 9 years now... things were okay until Microsoft took over control. My experiences have varied after MS came in:
1. For the first year, 90% junk mails, only 10% proper mails.
2. For the second to fourth years, 50 - 50.
3. Three years back, proper mails got landed in the Junk mail folder, and junk mail in the Inbox... that's when David Coursey's (Chief Microsoft aplogist, then at ZDNet Anchordesk) mail got delivered in the Junk folder.... on second thoughts it seems sorta right now!
4. I lost interest a year ago, just 2MB box-size.. didn't check my account - and boom! all mails lost.
5. NOW: There's more than 25 MB, but it's been months since I checked my hotmail. Not much spam, but I've lost interest after getting a gmail account.
Short answer to your question: You're better off writing a utility that swaps Junk mail and the Inbox for hotmail users. Microsoft doesn't like PHP. Open up PHP and email in google, you'll find 100s of pages of Vulnerabilities, BEFORE coming to the functionality.
If you keep throwing chairs, one day you'll break windows....
Two things :
...
- Make sure you have a PTR record correctly set to your hostname so that reverse lookup work. Whoever have been assigned the block from which your IP is taken (most likely, your ISP) is the one to contact for that.
- Make sure the HELO/EHLO greeting of your MTA match the FQDN in the PTR record for the IP your mail appear to be coming from. In other words, make sure the hostname is set correctly on your mail server.
Sorry for the elitism, but if you don't quite understand the above, maybe you should not be running a mail server in the first place
:wq
don't require users to activate the account via email.
i work on a medium sized, event driven, community website, and year after year we had the same problem - tons of people signing up at once, and a sizeable percentage of them wouldn't receive an activation email no matter how hard they tried.
this led to much customer support.
so we stopped requiring activation.
and it hasn't been a problem.
when you think about it, activation is useless. what benefit do you get out of it? you proved that some guy had access to some email account at single point of time in the past. so what? anyone who wants to get an account can sidestep your activation requirement with a throwaway email address. you're putting up a barrier to your less technically inclined customers without providing ANY benefit in return.
The best way to make sure people get the e-mail (provided it isn't thrown off with invalid SPF records), is to get them to add said e-mail address to their online address book.
Change is certain; progress is not obligatory.
Some ways of flagging spam involve analysing the content to see if it looks like a spam email. Does your email just contain a link, or a link and a very small amount of text? If so this could be one reason it is flagged as junk.
Try adding some more infromative text (e.g. Welcome text, eplanation, help) and see if this helps any. As the email filter may well score emails to see if they qualify as spam, this may help you you raise your score and get int the user's main mailbox.
> 4. I lost interest a year ago, just 2MB box-size.. didn't check my account - and boom! all mails
> lost.
> 5. NOW: There's more than 25 MB, but it's been months since I checked my hotmail. Not much spam,
> but I've lost interest after getting a gmail account.
Keep checking your Gmail account if you don't want to lose everything. Once every 9 months, I think it is.
OH, and spam filtering in Gmail has got a *lot* worse in the last couple of months. It used to be faultless, but now I get 5 or 10 spam a day in my inbox (in addition to my Spam folder, which my random checks show no false positives).
A. you're re-inventing the wheel. php login systems are plenty and better tested than yours. Don't be arrogant.
B. you're developing a website that attracts a crowd in which the majority uses hotmail.
change your ways while you still can
Exercise caution when modding this message up: the author acts like a jerk when his karma is excellent.
Maybe your signup message/test messages look too much like spam? Try to avoid use of exclamation marks, mispellings, ALL CAPS, etc.
We have an e-commerce package that sends emails to HoTMaiL, AOL mail, yahoo, gmail and lots more fine using nothing more than the PHPMailer class.
One quick suggestion, do you use PHPMailer with the mail method or with the smtp method? We use smtp as using the PHP mail() function does sometimes end up getting you flagged as spam, no idea why though! PHPMailers SMTP client seems to do a much better job (albeit with slightly increased server load)
I am NaN
Actually, sending mail to Hotmail is much worse than that.
The Symantec BrightMail filters that Hotmail uses will silently delete mail. The sender will see no indication that the mail failed, but the message will be deleted; it will NOT necessarily appear in the Junk Mail folder.
I've been using Hotmail for years, but have recently been having terrible trouble with it losing messages from mailing lists that I am on, even with spam protection set at its lowest level.
Hotmail is NOT a reliable email system.
As far as I can tell, the only real solution to this is to tell your recipients not to use Hotmail.
I expect you're on a shared server.
Stupid blacklists seem to blacklist by IP (or sometimes IP range!) instead of domain, which means that if one spammer is using your box, then all domains on that box will get blacklisted.
This is why my Email gets marked as spam by Yahoo. Sometimes it happens due to reverse DNS too (if you don't have complete control of your DNS, your reverse lookup may be a different domain - usually your host or ISP).
The best option is to colocate your own server, but it's too pricey for the average PHP hacker.
Or you could try complaining to e.g. Spamhaus and your host every time your IP gets blacklisted.
#include <sig.h>
Probably a little late to actually be read by anyone, but I find that the script at http://poss.sf.net/email always manages to get my mail through the filter as it meets Microsoft's requirments to send the mail to Hotmail accounts by default, well, unless you are being blocked because the mail you send is actually very spam like... "8Uy \/i4gr4 |\|0w!!!"
Send a message to your Hotmail users by snail mail. In that message, have them send you an email from their hotmail account. When they send that message, they'll have the option to add you to their Hotmail contacts by just clicking a check box and "ADD." Once you're one of their contacts, you should be able to send them mail as often as you want.
I've had this issue with Hotmail and AOL users. Once I put in the SPF record in the DNS, all mail went through.
http://www.openspf.org/
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
Why don't you make a hotmail account and try testing your message by sending it to yourself, if it gets put into the junk, try again. If you have a whole bunch of words like "promotion" and "vacation" methinks it will be blocked, but if you make the email say "hey bob, just wondering what you did on your first day of summer" then it might let it though. Experement with it. I don't think that there are IP whitelists, because before it found the wonder that is Gmail I would get emails from support and they had random domains that i don't think that hotmail would whitelist.
Help Me! I'm trapped in the tubes! Oh noes! Here comes a internet!
I disagree. If anything, more people should be better educated that those fields are untrustworthy, that way fewer people will believe them if they are socially engineered.
People should digitally sign their emails, too, but few bother...
I sent several messages to my brother's Hotmail account over the past five months. For some of those messages, I also sent them to his Gmail account.
Surprisingly, only the messages that were sent to Gmail at the same time managed to be delivered to his Hotmail inbox.
If you send a message to a Hotmail user only (no other recipients), don't expect to find it. If you want it to be delivered, CC the message to at least one other account with another mail provider, and voila -- it's magic.
Maybe the competition with Gmail is keeping Hotmail honest.
> No, but I am a liar.
:-)
How do I know that you're telling the truth when you tell me that?
I get several emails from "University of Phoenix" a week, always mark them as junk, but Hotmail's filter never seems to learn how to recognize them. Makes me wonder what do they actually do with the messages flagged as junk? Seems like all they do is move them into your junk folder, and do not update any recognition capabilities based on that... In fact, I get dozens of repeat spams a week that I all mark as junk and the filter never gets any better. I've concluded that the Hotmail spam filter is next to useless... And at the same time, as the OP said, mail responses from login registrations often are caught in the filter...
How about piggy-backing a real mail server like Sendmail. If you configure your mail server properly, it should greatly reduce the number of problems you have in sending mail. Plus you can configure the queues in Sendmail to speed up the entire process and increase you chances of successfully sending out email. I know that's a really hazy explaination, but I haven't written an application that sends out mail in a while.
What do you mean my sig is repetitive? What do you mean my sig is repetitive? What do you mean....
This kind of "medicine" is worse, than the decease. There are two modern e-mail protocols: IMAP for reading, and SMTP for sending.
Various "Webmail" implemements are nothing but either excuses for advertisers (like Google, MSN, Yahoo! "e-mail" services), or hacks and works around moronic firewall policies.
As I say in the subject, there is no "Mail" in Hyper Text Transfer Protocol...
What you wanted to write, was something like:
In Soviet Washington the swamp drains you.
Hotmail uses Sender_id verification on all emails. If you do not have an SPF record properly set up your email will go into the Junk box. Hotmail does not have its own whitelist but uses a third party whitelist such as bonded sender.
u pe.asp
You can also sign up for a service that gives you information if your email was marked as SPAM due to content at:
http://postmaster.msn.com/SNDS/
Hotmail's postmaster site is.
http://advertising.msn.com/adproducts/Email_BulkD