Good post to occasionally be posted to this list..
Everyone can use refreshers.. Thanks Grant..
But I almost think it a truism, smaller players go the extra mile to do
things right, and the larger players who should know better, don't put
in the extra effort ;)
For instance, 'authorize.net', a Visa affiliate ..
Sends emails from: nore...@mail.authorize.net
You would think that they would WANT replies if anything up with a
banking alert, and you would think they would use @authorize.net, eg
ends up in the wrong email box because of a typo..
(I get that they probably want a different SPF subset for that domain
though, strictly for alerts)
Subject: Merchant Email Receipt
Anyone sending this type of message should be EXTRA careful following
best practices .. As you KNOW they are going to be a target for
'spoofing' and 'phishing' attempts..
X-Mailer: Microsoft CDO for Windows 2000
Date: Wed, 28 Nov 2018 14:35:07 -0000
Ummmm... doesn't instill a lot of confidence..
thread-index: <snipped>
Thread-Topic: Merchant Email Receipt
Umm.. stop lower casing headers please.. and of course this harkens back
to the days when everyone tried their own method of threading.... Still,
there is a difference, so Message-ID should be there too..
Reply-To: "Auto-Receipt" <nore...@mail.authorize.net>
From: "Auto-Receipt" <nore...@mail.authorize.net>
At least their SPF record is decent, albeit ~all, and a broken entry...
and they have a DKIM record.. But all in all, not up to the standard we
would expect banks to adhere to.
mail.authorize.net descriptive text "v=spf1 ip4:198.241.162.22
ip4:198.241.162.12 ip4:198.241.168.120 ip4:198.241.168.121
ip4:198.241.162.10 ip4:198.241.162.56 ip4:198.241.168.128
ip4:198.241.168.129 ip4:198.241.150.64 ip4:198.241.150.63
ip4:198.241.168.133 ip4:198.241.168.134 ip4:198.241.20" "7.75
ip4:198.241.207.76 ip4:198.241.207.77 ip4:198.241.207.78
ip4:198.241.206.75 ip4:198.241.206.76 ip4:198.241.206.77
ip4:198.241.206.78 ip4:198.241.207.94 ~all"
(Seems that they must have some automated system adding a line break in
the middle, breaking the one entry..)
On 2018-11-28 8:28 a.m., Grant Taylor via mailop wrote:
On 11/27/2018 05:03 PM, Michael Peddemors wrote:
I find the entire do-not-reply thing annoying.
Arguably any outgoing email should come from an email address that
hypothetically could receive email. IMHO this is independent of whether
or not you actually want replies.
My preference is to send from an address and direct proper replies to
something like info@ or sales@ front door type addresses and let that
(likely existing) mechanism filter through them.
In my experience some end users will reply. And the failure mode they
experience will reflect somewhere between neutral and badly. Receiving
a bounce never goes well.
My preference and what I recommended customers do was:
· Send with an SMTP envelope using VERP.
· Send to an SMTP recipient with ORCPT.
· Send with a From: header that accurately reflects the source /
campaign / etc.
· Make sure that there is an MX for the From: (or parent) domain.
· Send with a Reply-To: header set to a front door service address.
· Make sure that there is an MX for the Reply-To: (or parent) domain.
· Include the aforementioned headers:
· Auto-Submitted: auto-generated
· X-Auto-Response-Suppress: OOF
· Precedence: Bulk (for broadcast / multicast emails)
· Make sure that you react to bounces.
· Provide an unsubscribe / opt-out option.
· Make sure that you react to unsubscribe requests.
· Send text/plain if at all possible.
· Send with matching text/plain and text/html if you must use HTML.
· Make it easy for the recipient to determine if this is specific to
them or a general broadcast.
· Consider using different (From:) email addresses for different
services / campaigns.
· (Now) DKIM sign outgoing messages.
· Adhere to your SPF records.
· Use DMARC that is satisfied by DKIM -or- SPF.
· Helps with forwarded email.
· Optionally include an "X-Abuse-Complaints-To:" (type) header.
· Otherwise be as good a netizen as possible.
I don't think any of this is hard. It's just that there are a lot of
relatively simple things to do that make the quality of email a lot higher.
And just because you don't want a reply to, and don't feel a need to
'thread', still no reason not to generate a reasonable 'Message-ID'
header..
Agreed.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
