The E-mail

I work with a lot of individuals who run their own businesses and I am often surprised by the variety of email addresses from these clients and service providers. Nearly all of them have their own websites, but yet only some of them actually use their website address as their email provider as well.

Back in the early days of the Internet I think this practice was less common. If you had a domain, you used it. It is a good promotion strategy for your website if people can find your product information, right?

So what happened?

You probably won't be surprised to learn that SPAM was likely the main cause of this mess. People keep getting more and more SPAM so some big companies with interests online decided to try and authenticate
email. The idea is that you send a message to someone, then the recipient will "look you up" to see if you are who you say you are. If the email is not from you, it gets rejected. That means less spam for everyone because spoof emails get cut out of the picture.

This is an improvement on the "as-is" system of processing mail where most everything goes to junk mail unless it comes from someone (or some organization) that you regularly correspond with. That isn't good if you're trying to follow up with a contact who has never received an email from you before.

Of course, big companies never get along so there are many ways of authenticating users. Here are a few:

• Sender Policy Framework, or SPF, which is an open standard
• 
  Sender ID, a Microsoft variant that tries to do what SPF does, even going as far as copying the syntax and calling itself "SPF2"(sigh)
• Domain Keys Identified Mail,
  or DKIM, a variant pushed by Yahoo which requires each message to
  be modified before it goes out, and lastly:
• DomainKeys,
  the original Yahoo creation that spawned DKIM

Whew. That's a lot of stuff to configure.

If you go through the process though you will get less "false positives" going into your recipients junk mail folder so it is worth the effort. If you are sending out newsletters, these technologies might be a vital step to increase your open rates.

Who is using email authentication?

I know almost all webmail service providers use at least one form of email authentication to verify incoming mail. I know of some offices with off the shelf firewalls that also check this information as it comes in. What is surprising though, is that many email marketing companies, the ones who send things out, such as Constant Contact and Cvent, do not provide a means of authenticating email. This is probably why they are so cheap compared to providers like Responsys which publish their email authentication records so their client messages get through to all of their subscribers.

You can test your configuration by following the verification steps on this page or by sending an email to a test server which is also
discussed in this article about SPF records. For a server without any of these services you should always get "neutral" as a response for each test. If you have these services configured, you should see "passed" for each method you setup.

Currently I have implemented Sender Policy Framework and Sender ID for all of my hosting clients. These two are the most widely deployed and also the most easy to implement. If you could only do one I would recommend Sender Policy Framework as many services should respect those settings as they are similar to Sender ID. If you absolutely must get into Hotmail inboxes I will always
recommend both.

I am not certain that DKIM & DomainKeys will last due to the complexity of the setup. If they do last awhile longer I will probably add these methods to the server too, but for now I am taking a wait-and-see approach.

Today I'm nearing the end of a full week off. It's been great sleeping in, snowboarding and working on some projects I've been putting off for a long time.

As you probably already know I have a web server I own that I maintain as a hobby. Recently a few friends who have accounts on the server started requesting new features and I figured it was probably time to bit the bullet and start the upgrades.

So in the past few weeks I did a lot of research and performed the following upgrades:

• Migrated 12 live websites to a newer web server
• Rolled out a secure webmail platform
• Deployed an IMAP server to synchronize mail and read/replied status across devices
• Added or improved secure mechanisms for hosting content and backing up file

Upon doing this I discovered another great thing I have recently accomplished:

• I am no longer dependent on the "Blackberry Internet Service" provided by Rogers in partnership with RIM. This service is horribly slow for personal email accounts and is better served by running an IMAP client like LogicMail, or to use another device altogether. Periodic or "on demand" message checking works better than the "push" message service on the Blackberry which really only checks your messages every 15 minutes.

Good luck planning lunch with that kind of delay.

I would highly recommend that small businesses skip the fanfare around the Blackberry and get themselves access to an IMAP server, it's much more accommodating than I had expected. Synchronization is a great tool to have at your disposal. Doing the same tasks over and over again is definitely not in most creative people's interest so I'm happy to be settling into the new configuration.

Oh yeah, and for those of you on the RSS feed, yes it's been awhile. Now you know why! Stay tuned for more fun in the comng weeks.

For all of the domains hosted on this server they have one thing in common: they all use ecartis as their mailing list manager.

Why ecartis as opposed to mailman? It was a tough choice, but it basically came down to the configuration steps required on Debian. Mailman needed to be recompiled or something like that or I would have had to redesign a bunch of webpages to get it going. Ecartis just works once you know the system.

Let's update your mailing list

You need to interact with ecartis by sending it email. You can be either a manager or a user, it doesn't matter. Your commands will be different depending on who you want to be.

Letting users take care of things themselves:

To add or remove yourself from a list you must email ecartis with the word "subscribe" or "unsbuscribe' from the account you are using. The email address to send to is often <listname>-request@<website>

Subscribing

• Draft an email to ecartis
• Put "subscribe" in the subject line
• Send the message

Unsubscribing

• Draft an email to ecartis
• Put "unsubscribe" in the subject line
• Send the message

 

For administrators:

Your commands will be the following, email them to ecartis. It will take these values and send you a ticket you must approve before the changes are made.

 

        # always start with admin2 and the
        # list name

        admin2 testlist

        # then manage your old users,
        # changing all their settings around

        setfor user@site.xyz MODERATOR
        setfor user@site.xyz CCERRORS
        setfor user@site.xyz REPORTS
        setfor user@site.xyz ADMIN

        # a command structured as these unset
        # commands will assume the last email
        # from above will be the same here

        unset CCERRORS
        unset REPORTS

        # we can also add people to the list
        # or remove them.  bye joe!

        unsubscribe joe@example.com

        # the rest of the commands for
        # managing users, use them as the
        # commands above are used

        NOPOST 
        DIGEST
        DIGEST2 (digest & the rest)
        VACATION
        ECHOPOST (self copy)
        HIDDEN

        # say goodbye to ecartis!
        adminend2