Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sending Mail to Hotmail Users?

Posted by ryuzaki0 on from the ham-not-spam dept.

Cafesolo wonders: "I'm developing a web application using PHP. It has a user registration system that sends a link via email to activate new accounts. I've found that sending mails to Hotmail accounts is very difficult, because the spam filter is very strong and it filters lots of non-junk messages. I think the spam filter blocks any email whose domain isn't in an internal whitelist (which might contain popular domains, like hotmail.com itself, gmail.com, yahoo.com, msn.com, etc). Most of my users have Hotmail emails. I can't simply tell my users to read the junk folder because most of them are not computer-savvy and that seems to be a bit confusing to them. Has anyone managed to solve this problem? Did somebody try to contact Microsoft? Is there any way to get whitelisted? Can an independent programmer get his domain whitelisted?"

35 of 126 comments (clear)

  1. See slashdot article... by crazyjeremy · · Score: 2, Informative

    Did you see this article? http://yro.slashdot.org/yro/04/05/05/1237245.shtml ?
    Also, have you tried sending the email spoofing the receivers email address? You can set the "from" header to their own address. Of course, this won't help ip based whitelists, but it will help many emails make it through for some mail hosts (few users block their own email address)

    --
    Funnypics
    1. Re:See slashdot article... by Spazmania · · Score: 5, Informative

      Also, have you tried sending the email spoofing the receivers email address?

      Never do this. Forging the return address is one of the few things that actually is illegal.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    2. Re:See slashdot article... by Violet+Null · · Score: 4, Informative

      I've run into this same sort of problem, and I've discovered that spoofing the from address is a really, really bad idea; there's a sizable chunk of mailservers that will reverse DNS the IP address they're receiving the email from, and if it doesn't match the domain in the from address, they'll reject it.

    3. Re:See slashdot article... by dtdns · · Score: 2, Insightful

      I agree that there are a lot of mail servers that reverse the IP address, but comparing the domain in the reverse entry to the domain in the SMTP FROM command or the From header doesn't make much sense. Any e-mail coming from a legitimate hosting company (like the one I work for) would be blocked. The reverse DNS entry for our IP address is valid and that host resolves back to the IP address (which is how it's supposed to be), but our e-mail server houses mail for upwards of 400 domain names. We certainly do not have a dedicated IP address and reverse entry for each domain. All outgoing e-mail leaves through the same IP address and I cannot recall a time when mail has ever been rejected because the FROM domin didn't match our reverse DNS entry. Sure, the reverse should resolve back to itself, and it's a good idea to have an MX record for the domain pointing to that host (but not required), but I think you're stretching a bit on that last part of your response. I'm sure there is some dumbass out there doing that, but likely few and far between. I'll bet they don't get a lot of mail, legitimate or otherwise based on that thinking.

    4. Re:See slashdot article... by CastrTroy · · Score: 2, Interesting

      As far as I know, hotmail has 2 options for filtering your mail. You can either have them filter it with the spam filters, or you can have it set up to only receive mail from people in your address book. I currently use the first option, as I don't like unexpected email going in my junkbox. The result is hundreds of spam messages that get through the filter. I don't know why they can't get it right. My yahoo mail account doesn't use a white list, and blocks 99.9% of spam. I get maybe 1 spam message every 2 weeks. I've also never had it block an email I wanted to receive.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    5. Re:See slashdot article... by Anonymous Coward · · Score: 2, Informative
      And what law may this be?

      The CAN-SPAM Act, actually. Deliberately falsifying headers is a direct violation.

      Don't be such an insufferable smartass ... when you're wrong.

    6. Re:See slashdot article... by 19thNervousBreakdown · · Score: 2, Informative

      (a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--
      ...
      (3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,

      So, it's only illegal if it's for commercial purposes, and unless I'm reading it wrong, you're fine even then as long as it's within your state and the affected business is also within state.

      --
      <xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
    7. Re:See slashdot article... by Spazmania · · Score: 2, Informative

      unless I'm reading it wrong

      You're reading it wrong.

      "Whoever, in or affecting interstate or foreign commerce, knowingly" is pretty close to boilerplate. Judicial precedent has interpreted it to mean "virtually everything except for very rare circumstances where there is no possible tangential connection that pushes it over state lines." A grain of sand is covered in this language because it could reasonably be caught in someone's shoe and carried to another state. No, really, how do you think the EPA gets its authority to regulate solid waste despite the supposed constitutional seperation?

      "Multiple commercial electronic mail messages," reads as "more than one message that's neither personal nor from a registered tax exempt organization."

      "Intentionally initiates the transmission," means it wasn't done by a hacker controlling your computer.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    8. Re:See slashdot article... by kv9 · · Score: 2, Informative

      i had the exact same problem with yahoo mail ending up in the bulk folder (mailserver ip was X-YahooFilteredBulk). it was easily fixed by contacting support and filling out a hefty form. so, your best bet is (surprisingly enough) tech support. i'm sure even MS has people that can help you with that.

      --
      Stop Computers/Cars Analogies on S
    9. Re:See slashdot article... by Zugok · · Score: 4, Funny
      Oh, I'm definitely NAL, but anyone that gets legal advice from a Slashdot needs about 100mg of Thorazine every 6 hours.

      So are you a doctor then? :P
      --
      "I just can't sit while people are saying nonsense in a meeting without saying it's nonsense" J Watson, Sci Am 288:(4)51
    10. Re:See slashdot article... by 19thNervousBreakdown · · Score: 4, Funny

      No, but I am a liar.

      --
      <xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
  2. Tools are available by Anonymous Coward · · Score: 5, Informative

    Welcome to my world. I work on email deliverability for a financial services company, so no, I'm not a spammer. Hotmail makes two tools available to you to help you get your email delivered:

    MSN Smart Network Data Services: http://postmaster.msn.com/snds/
    This will let you put in your SMTP's IP address and it will give you consolidated stats on how much mail was received, and how much was filtered as spam.

    Sender Score Certified: http://www.senderscorecertified.com/
    This company will "certify" you as a safe sender, and Hotmail will let your emails in unfiltered. The catch is you have to pay for this.

    Good luck. It isn't easy, but at least there are some tools at your use.

    1. Re:Tools are available by doti · · Score: 5, Informative

      Also check:
      http://wiki.apache.org/spamassassin/AvoidingFpsFor Senders
      http://www.senderbase.org/
      http://www.truste.org/
      http://www.bondedsender.org/

      --
      factor 966971: 966971
    2. Re:Tools are available by TopShelf · · Score: 3, Insightful

      Hotmail is perfectly fine, it's just that the parent of this thread made it sound like a service could guarantee that this guy's message could get into user's Inboxes. Hotmail has the option of having a whitelist-only Inbox, so I was pointing out that those services won't do.

      --
      Stop by my site where I write about ERP systems & more
  3. Do yourself a favour by Bogtha · · Score: 4, Informative

    Grab something like SpamAssassin, and set it up to add headers telling you what rules have been triggered. Then send an email from your web application to that account, and examine the headers. While Hotmail probably don't use the exact same rules as SpamAssassin, it's an easy way to spot obvious stuff for you to fix. For example, using too much HTML, particular phrases, too many capital letters, being on blacklists, etc, can all be remedied by you without Microsoft's involvement.

    I also seem to remember that Hotmail strongly discriminates against senders who don't have SPF set up, so it's probably a good idea to enable that for your domain.

    --
    Bogtha Bogtha Bogtha
    1. Re:Do yourself a favour by Bogtha · · Score: 3, Insightful

      what user is worth keeping who isn't "computer-savvy" enough to understand what a Junk Mail folder is?

      The kind of user that pays you money? And there are a lot of people that don't understand spam filtering. Unlike most other email concepts, this one doesn't really have a snail-mail analogue.

      send them all Gmail invites

      I already do this. Without fail, every single Hotmail user that I have sent an invite to has either signed up and not switched, or not bothered signing up at all. Hotmail users are happy with crap. Think about it - if they weren't, they wouldn't be with Hotmail in the first place, would they?

      --
      Bogtha Bogtha Bogtha
  4. Add a SPF record. by Utopia · · Score: 4, Informative

    My domain has a SPF record and I never had issues sending email to anyone on hotmail or other services.

    See:
    http://www.microsoft.com/mscorp/safety/content/tec hnologies/senderid/wizard/

    &
    http://openspf.org/wizard.html

    1. Re:Add a SPF record. by Keeper · · Score: 2, Informative

      I'll second that. Awhile back there was a big broohaha about how Hotmail was going to crank up the sensativity of spam filters run on mail from domains without SPF records.

  5. Very big assumptions. by Vellmont · · Score: 4, Insightful

    You sound like you're making some very large assumptions about what's actually triggering the spam filters at hotmail. What makes you think it's your domain, and not the crappy MTA you're using? Spammers often use non-standard MTAs that anti-spam programs have learned to identify through header analysis. Have you tested sending mail from a standard mailer like sendmail or postfix to a hotmail account? You obviously need to confirm what's actually causing hotmail to tag your mail as spam and stop making assumptions.

    --
    AccountKiller
    1. Re:Very big assumptions. by Jasin+Natael · · Score: 2, Informative

      Exactly. When I need to do a mass-mailing from my PHP apps, I use a custom class that emulates some of the sendmail interface by opening a socket to a SMTP host. See 'fsockopen' in the PHP docs -- SMTP is super-simple, and if you want, I'll share my class source with you.

      You just have to make sure that your production server has a trusted connection to the MTA, or write a few lines of code to authenticate against the server. Also remember that one thing that really pisses SPAM filters off is when you try to forge headers to make it look like your mail came from a desktop mail client like Outlook or Thunderbird. If your message says "I came from Outlook", and then doesn't put the headers in the same order as Outlook, or uses encodings or MIME organization that Outlook wouldn't, expect it to get dumped pretty quickly by Bayesian algorithms.

      --
      True science means that when you re-evaluate the evidence, you re-evaluate your faith.
    2. Re:Very big assumptions. by bogeskov · · Score: 2, Informative

      I don't know if this is the one you are referring to, but I use http://dnsreport.com/ for the quick list of problems, and http://www.dnsstuff.com/ for the rest.

      --

  6. Trial and error works. by The+MAZZTer · · Score: 4, Insightful

    Get yourself a hotmail account and have PHP fire off e-mails to it. Tweak as needed until you get one through that's not marked as spam.

    1. Re:Trial and error works. by Cafesolo · · Score: 2, Interesting

      I did. I created two Hotmail accounts for testing. I tried sending mails from PHP using the mail() function and through the PHPMailer library (http://phpmailer.sf.net/). I also tried sending mails through Thunderbird and through my hosting service's webmail interface. My messages always have been marked as spam.

  7. It's Probably Your Headers by Anonymous Coward · · Score: 3, Informative

    I've noticed that Hotmail is very particular about the headers you send along with the message. If you send the message as a content-type: text/plain and specify a valid Message-ID, it should get through. Here is what I use for extra headers:

    $PlainMailHeaders= "MIME-Version: 1.0\r\n"
    . "Content-Type: text/plain\r\n"
    . "Content-Transfer-Encoding: 7bit\r\n" ."Message-ID: \r\n";

    Hope it helps.

  8. Helpful suggestions by Spazmania · · Score: 2, Informative

    1. Publish an SPF record. For a custom setup like yours, you can choose a subdomain just for your application and publish a record just for it, even if you don't want to use SPF for the main domain.

    2. Process the bounces. Hotmail notices and ranks the source accordingly.

    3. Make sure the reverse DNS for your server matches the forward DNS and that both resolve to a server name that is not obviously a dynamic IP address. Mail from a machine named customer43.dsl.bigisp.com tends to get weighted as spam for reasons which should be obvious.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  9. Occasional black-hole routing? by Doobian+Coedifier · · Score: 2, Interesting

    Anyone else ever find themselves without a route to any of hotmail's MXes? Once or twice per month, my mail server can't make a connection to any of the hotmail MXes. The outage typically lasts 12-72 hours, but never long enough to cause a bounce (5 days). I run tcptraceroute to port 25, and it dies at a msn.net router (the last hop that responds is 207.46.37.161). I'm on a Tier-1 ISP (Internap) sending 500-1500 messages daily to hotmail (and another 10-15k to other ISPs, with no problem). I submit to Hotmail support (gesthm@microsoft.com)... they always claim the problem must be on my end, and refuse to escalate. Just grabbing straws here to see if I'm not the only one...

  10. My inbox by Anonymous Coward · · Score: 5, Funny

    My hotmail inbox seems to only get mail about c14lis and v14gra. Perhaps you should use these keywords in your mail to help it get through?

  11. Automatic death sentence by coyote-san · · Score: 4, Interesting

    Falsifying headers is illegal, but I doubt anyone will actually pursue a small-time website operator who's sending otherwise legitimate traffic.

    But for many of us forging headers is an automatic death sentence. I've walked away from existing business relationships where I had non-refundable credits because a customer support request was answered with a forged header.

    On the other side of the table, it's one of the few actions where I would not hestiate to recommend immediate termination for cause if I caught a member of our staff pulling that stunt. (The other actions are using the computers to perform illegal acts or to distribute pr0n/warez.)

    The reason it's so serious? It shows a culture that has a casual disregard to the consequences of identity fraud. If you forge mail that appears to come from me, then who else are you sending those forged messages to? Why should I believe your answer? Trust, once lost, is not easily recovered.

    (BTW this doesn't even address the original point of getting past spam filters. Like many sites I have my MTA set up to reject incoming messages that claim (in the envelope) to come from my own domains. I know who I am and anyone claiming to be 'me' is, prima facie, making fradulent claims and should be treated accordingly. The last time I checked that test, by itself, was blocking about a third of inbound traffic.)

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  12. David Coursey was delivered in my junk mail folder by jkrise · · Score: 2

    I've been using a Hotmail account for about 9 years now... things were okay until Microsoft took over control. My experiences have varied after MS came in:
    1. For the first year, 90% junk mails, only 10% proper mails.
    2. For the second to fourth years, 50 - 50.
    3. Three years back, proper mails got landed in the Junk mail folder, and junk mail in the Inbox... that's when David Coursey's (Chief Microsoft aplogist, then at ZDNet Anchordesk) mail got delivered in the Junk folder.... on second thoughts it seems sorta right now!
    4. I lost interest a year ago, just 2MB box-size.. didn't check my account - and boom! all mails lost.
    5. NOW: There's more than 25 MB, but it's been months since I checked my hotmail. Not much spam, but I've lost interest after getting a gmail account.

    Short answer to your question: You're better off writing a utility that swaps Junk mail and the Inbox for hotmail users. Microsoft doesn't like PHP. Open up PHP and email in google, you'll find 100s of pages of Vulnerabilities, BEFORE coming to the functionality.

    --
    If you keep throwing chairs, one day you'll break windows....
  13. Re:Don't allow free emails by horn_in_gb · · Score: 2, Insightful

    I don't know this guy's target audience, but a whole lot of people don't have an ISP but still get on the net at public terminals (library, school, net cafes). They rely on free email services to have a net presence, and I think it would be sad to discriminate against them for that.

  14. simple by firebus · · Score: 2, Insightful

    don't require users to activate the account via email.

    i work on a medium sized, event driven, community website, and year after year we had the same problem - tons of people signing up at once, and a sizeable percentage of them wouldn't receive an activation email no matter how hard they tried.

    this led to much customer support.

    so we stopped requiring activation.

    and it hasn't been a problem.

    when you think about it, activation is useless. what benefit do you get out of it? you proved that some guy had access to some email account at single point of time in the past. so what? anyone who wants to get an account can sidestep your activation requirement with a throwaway email address. you're putting up a barrier to your less technically inclined customers without providing ANY benefit in return.

  15. Address book by Ash-Fox · · Score: 2, Informative

    The best way to make sure people get the e-mail (provided it isn't thrown off with invalid SPF records), is to get them to add said e-mail address to their online address book.

    --
    Change is certain; progress is not obligatory.
  16. The situation is actually MUCH worse than that by robosmurf · · Score: 2, Interesting

    Actually, sending mail to Hotmail is much worse than that.

    The Symantec BrightMail filters that Hotmail uses will silently delete mail. The sender will see no indication that the mail failed, but the message will be deleted; it will NOT necessarily appear in the Junk Mail folder.

    I've been using Hotmail for years, but have recently been having terrible trouble with it losing messages from mailing lists that I am on, even with spam protection set at its lowest level.

    Hotmail is NOT a reliable email system.

    As far as I can tell, the only real solution to this is to tell your recipients not to use Hotmail.

  17. Re:Don't allow free emails by OhPlz · · Score: 2, Interesting

    From what I've seen, nearly everyone has a real email account. I ran an ecommerce site for a while where I blacklisted all free email accounts as well as any email account or purchase that routed back to AOL. Those two restrictions cut the fraud down to almost nothing. I can't remember a single case where someone complained about the restriction and found they had no "real" email account they could use. A lot of people would use their work email. I did wonder if banning AOL entirely was a bit much, but I couldn't argue with the results. It elimated tens of thousands of dollars of fraud each week and cost us very in legit sales.

  18. Re:Don't allow free emails by Tripster · · Score: 2, Interesting

    Ditto here, we blocked all the free email providers once we realized pretty much all our fraud orders were using them and few if any legit signups used them. Gave up forwarding to the free providers abuse departments as well.