Change IM email notifications

[jrcarr]

It has come to my attention that on Yabbse if you send someone an IM and they have their IM notification turned on, the Admin's email address is placed into the From: of the email.  If the individual receiving this email doesn't  notice this and just replies to the email, the Admin of the board receives the email.  Since the email includes the original message and now the reply, the Admin has received the "Private" message between 2 other individuals.   I don't really wish to be receiving these emails as an Admin, but the idea that if I send an IM on a Yabbse board and if this has not been change on the future SMF board, it could end up in the hand of the board Admin.  Most Admins are confidental and wouldn't do anything about the messages they send, but it would be that 1 Admin out there that I would worry about.
My suggestion would to just change the emails so that they don't quote the original message.  Maybe only tell the receiver that they have gotten an IM.  Also include a message that says to not reply to this message.

Jack

[Ben_S]

You can do it simple enough yourself by editing the lang file.

[jrcarr]

You can do it simple enough yourself by editing the lang file.

I understand this, but I'm guessing the SMF just like Yabbse, every time there is an upgrade there will be a new lng file change and that is just something else Admins have to remember to go in and change after an update or upgrade.  Seems like it would be more logical to do this from the start any way.  It's just a notification and should need the original message attached to it anyway.  But, if it is necessary we Admins that don't want to occassionally read other users "private" messages will just have to make this change every time.  Thanks for the reply.

Jack

[[Unknown]]

First, it has to use the wemaster's email in the from because it can't send email from another persons email account.  It will be marked as spam if it even tries to.

Second, it already says "please respond at..."

-[Unknown]

[jrcarr]

First, it has to use the wemaster's email in the from because it can't send email from another persons email account.  It will be marked as spam if it even tries to.

Second, it already says "please respond at..."

-[Unknown]

Ok [Unknown], maybe it the Reply To: that needs to be different then.  Or how about not including the original message and having a link back to the IM. I use mail() in several application like this:

Koodi [Valitse] Laajenna


//$email, $youremail, $name and $message are all coming from the contact html form

$to = $email;

$extra = "From: $youremail\r\nReply-To: $youremail\r\n";
$mess = "This is from: ".$name."(".$REMOTE_ADDR.")\n\n".$message;

mail ($to, $subject, $mess, $extra);


Basically this is a Feedback form and they enter their own email address ($youremail) and it is used in the From: and Reply-To: arguments.  So it isn't being sent from another email account, it is just letting the sender know who sent the email and determines who the reply will be returned too.
Now, maybe there is a legal reason for not putting in the senders address, but I'm just saying it can be done programming wise.  Thanks [Unknown] I like the great work you are doing here and what you have done with Yabbse.

Jack

[[Unknown]]

Reply-To has been changed, although I fear some server's may mark this as spam...

Yes, you can do that... BUT LIKE I SAID there's a 99% chance it will get blocked (on SMTP) or marked as spam. (by the receiver.)  You may receive it, but MOST PEOPLE WON'T.  And then it would be utterly useless.

-[Unknown]

[dschwab9]

What happens if the person has their email hidden?  You would then be giving out their email address without their permission.

Personall, I set up an email address specific to my forum, [email protected] and put an autoreply on it that tells them they can't reply that way.  It forwards a copy to me as well, so, if needed, I can reply.

[jrcarr]

Reply-To has been changed, although I fear some server's may mark this as spam...

Yes, you can do that... BUT LIKE I SAID there's a 99% chance it will get blocked (on SMTP) or marked as spam. (by the receiver.)  You may receive it, but MOST PEOPLE WON'T.  And then it would be utterly useless.

-[Unknown]

I guess I'll have to look up the changes to Reply-To.   I you have a second, help me understand this though.  How does SMTP distinguish between and email coming in with "[email protected]" in the From and Reply-To fields and lets say, "[email protected]".  If the receiver is doing any blocking or running spam software, the don't know the first one any more than the second one unless they have received it before.  I am truely just trying to learn how this works, as I write quite a bit of PHP for my own sites and the Code in the earlier post is used in several places through out my site and smaller sites on my domain and have never had any difficulty or complaints that people can't send email to me or it is used on pages that send email to others and they aren't have trouble receiving them.  So what is the situation that the emails would get blocked.  Thanks if you have time [Unknown] and thanks anyway if you don't.

Jack

[[Unknown]]

Hmm... good point, dschwab9...

Here are a few examples of why you can't send with a fake from:
1. On SMTP servers, you must send with authentication.  This means you say "I am [email protected] and my password is BLAH".  If you don't give the right From, the SMTP server will not send it, because your password will be wrong.  (passwords tie with from.)  This is simplified.

2. When a server RECEIEVES an email, it does a reverse ip lookup on the mx of the sender, often times.  Basically, this will tell it that, for example, hotmail.com is one of these: 65.54.252.99, 65.54.166.99, 65.54.254.145, 65.54.252.230, 65.54.254.129 but the email came from *some other IP*.  Thus it must be spam.

A lot of hosts are doing a lot of work to block spam.  You may not realize this, and you may think you already get a lot of spam - but in actuality, a lot more is being blocked than you realize.

-[Unknown]

[jrcarr]

But I believe by default, Yabbse uses Sendmail and not SMTP.  The option to use SMTP is there in Yabbse and this may be the same with SMF but I don't use the SMTP option on either of my boards, my feedback forms, etc. and know a couple other Yabbse users that also don't use the SMTP option either.  Is there a benefit to using the SMTP over the sendmail?   I guess this is why we are having the problem with understanding each other.   

Jack

[[Unknown]]

Well, in many cases (on Windows) sendmail just uses SMTP with PHP... and SMTP is useful if you're not being hosted with email accounts. (lycos, etc.)

Also, point 2 is valid for sendmail and SMTP.

-[Unknown]

[jrcarr]

Well, in many cases (on Windows) sendmail just uses SMTP with PHP... and SMTP is useful if you're not being hosted with email accounts. (lycos, etc.)

Also, point 2 is valid for sendmail and SMTP.

-[Unknown]

Ok, that makes sense, I've never been on a Windows server.
On point 2, who's IP address does the sendmail use in the case of a feedback form, the senders or the IP address of the server that sendmail is on?  If it is the second case, then yes I understand and then would wonder if it is possible to include the IP address of the sender instead. (Ain't I a pain in the ....)   

Jack

[[Unknown]]

No, because here's how it goes:

Sender hits send.
Server says, "Oh boy, a message!  Let's send it!"
Server says, "Hello, I've got mail for you!"
Receiving Server says, "Hmm... okay - what's your IP?"
Server says, "Uhhh... gotta run!  Nevermind!"

The user isn't even involved there.  (and, yes, this is heavily simplified... in actuality, you always know the IP because it's like knowing which direction to face while talking.)

-[Unknown]

[Ben_S]

Hmm... good point, dschwab9...

Here are a few examples of why you can't send with a fake from:
1. On SMTP servers, you must send with authentication.  This means you say "I am [email protected] and my password is BLAH".  If you don't give the right From, the SMTP server will not send it, because your password will be wrong.  (passwords tie with from.)  This is simplified.

Hmm, this is certainly not an issue with the sendmail MTA, when the IP of the shared hosting account my board is on, I just set it to use smtp (sendmail flavour, not sure how other MTA's such as Exim, qmail etc deal with it) it couldnt care less what the from address was, it went off the supplied username and password.

2. When a server RECEIEVES an email, it does a reverse ip lookup on the mx of the sender, often times.  Basically, this will tell it that, for example, hotmail.com is one of these: 65.54.252.99, 65.54.166.99, 65.54.254.145, 65.54.252.230, 65.54.254.129 but the email came from *some other IP*.  Thus it must be spam.

Not sure about this one either, as most hosting accounts are on shared hosting, the rDNS entry is 99% of the time, completly different to the sending domain.

Or prehaps I am miss interpreting what you meant

Either way, I think the from address for any mail should be what the board admin specifies for the reason already mentioned, people who have chosen to hide their email.

[jrcarr]

No, because here's how it goes:

Sender hits send.
Server says, "Oh boy, a message!  Let's send it!"
Server says, "Hello, I've got mail for you!"
Receiving Server says, "Hmm... okay - what's your IP?"
Server says, "Uhhh... gotta run!  Nevermind!"

The user isn't even involved there.  (and, yes, this is heavily simplified... in actuality, you always know the IP because it's like knowing which direction to face while talking.)

-[Unknown]

Ok, as far as SMF is concerned then, couldn't there be  a global way to just shut off the email notification of IMs like you can for the post notification and then the admin can choose whether he wants to be bothered by the users that reply to these notifications and/or like mentioned earlier, just don't add the original message and include a link back to the IM.  Just like these Post notification do.  Doesn't include any part of the post, just links you back to the right post so that you can check replies.  Thanks to all, let's just call this a Feature request.

Jack

Jack

[[Unknown]]

Let me rephrase, Big_P...

On many servers, this happens.  I'm not saying on all.  But does SMF use functions some servers don't support?

I'd like to make sure it works on every server and every client receives the email.

And, I realize I didn't phrase it properly - I was going off the basis of "in many cases" for both problems. (1 and 2.)  I've seen servers and clients not receive/send email for those reasons specifically.

-[Unknown]

[dschwab9]

2. When a server RECEIEVES an email, it does a reverse ip lookup on the mx of the sender, often times.  Basically, this will tell it that, for example, hotmail.com is one of these: 65.54.252.99, 65.54.166.99, 65.54.254.145, 65.54.252.230, 65.54.254.129 but the email came from *some other IP*.  Thus it must be spam.

I have yet to see a mail server that does that.

The RDNS lookup is usually just to see if RDNS exists, it doesn't actually validate the domain.  95% of the time, the RDNS entry is not going to be the same domain as the from address, especially on a shared hosting situation where there may be 100 or more mail domains on a single server.

Take my mail server at work as an example.  I run about 20 mail domains on a single server.  The server's host name is tellico.killearn.com, and its IP reverse resolves to that hostname.  I may have users send email from killearn.com, kingwoodresort.com, eaglesbrooke.com, or a number of other domains.  Yet, they are all sent from the same IP address, which always resolves to killearn.com.  If the mail server on the other end validated my domain against my RDNS, I wouldn't be able to send mail to anyone.

[[Unknown]]

In which case they will all get listed under the reverse DNS - it's not IP -> domain, it's domain -> IP.  (it's like if (getaddrbyhost($from_domain) == $from_ip) true;) and I have seen it.)

Anyhow, it's a minor point - it just won't work everywhere to use a from like that.

-[Unknown]

[David]

A reply-to header should take care of this, I don't know of any mail scanners that consider a reply-to header for spam.

[[Unknown]]

A reply-to header should take care of this, I don't know of any mail scanners that consider a reply-to header for spam.

Which is exactly why that exact header IS used.

-[Unknown]