EmailTrends newsletter 05/23

I’ve been thinking about it for some time:
the old directions to “block” inactive domains via the TXT record: “v=spf1 -all” no longer work.
Now it’s all up to the _dmarc record. Below is a brief explanation, a little technical.

Until a few years ago it was sufficient to declare that there was no smtp server authorized to send for a domain,
to have messages sent without authorization from that sending domain treated as “SPAM” or rejected.

Today we need to add a new “_dmarc” record to the domain’s dns,
to warn recipients that they should only accept messages authenticated with SPF and/or DKIM,
otherwise they will be considered as “SPAM” or rejected.

For more information about email authentication:
RealSender: you get email control

Is there an easy way to protect domains that don’t send emails from ABUSE?

Most companies and public bodies register multiple domain names.
The numbers can vary from a few dozen domains up to several hundred for a
single activity.

Many of these domains are not public or they do NOT send emails.
Misconfigured domains can easily be exploited by malicious actors.

A quick setup allows you to declare that a given domain is NOT in use,
warning recipients to reject any email from that domain.

Read more:
» https://realsender.com/email-trends/2023-how-to-protect-no-mail-domains

:-:-:

Receiving clear and structured information via the internet can be
complicated. It needs a user interface to fill in and a server application
that sends the data.

The FormMail app lets you create simple and responsive forms
that will send the data directly to your email address.

Read more and try it immediately:
» https://realsender.com/for-system-integrators/formmail-app

Only a few lines from the May 2023 newsletter describe this service.

It all started with the correction of the script offered by RealSender
for sending email messages from html pages: sending via http request.

I realized that the sender’s address, the “email” field entered in the form,
and the return-path, to which any errors are sent, was not aligned.
This caused messages submitted via forms to be identified as SPAM.

After the change, the sender and return-path are identical and authenticated by RealSender,
while the email address that the user writes in the form is used as the “reply-to” address,
so that whoever receives the form can easily reply to whoever filled it out.

Then I have been looking for a simple application for composing forms,
I thought it was a useful service for our customers.
Unfortunately, most software is complex to install and manage.

Until I ran into: Bootstrap v4 Form Builder
It worked right away, even locally on the PC, directly in the browser.

Some minor changes were needed
to integrate it with RealSender’s email sending script.

The use is immediate: the data inserted in the form
are straight delivered to your inbox!

EmailTrends newsletter 11/22

This article was published in June 2023, many months after it was submitted.
I don’t remember much of the preparation, except:

1. . the motivation, linked to the strong importance of the “SMS” (Agile Telecom) part of Growens (formerly Mailup),
   a company listed on the Milan stock exchange. The area accounts for more than 50% of 2022 turnover and profits
   source: Growens press release approval of the 2022 financial statements

2. the fantastic insights into the texting market, by Natalie Schwab
   when she worked for Zipwhip, a company acquired by Twilio in July 2021

Why are SMS text messages used by businesses in 2022?

Getting someone to read an important email (or even getting them on a phone
call) is becoming more and more difficult.

58% of consumers say that texting is the most effective way for businesses
to reach them quickly.

One of the five good reasons to text: open rates exceed the 95% threshold
(of this 95%, 90% occur within three minutes of delivery).

Read more:
» https://realsender.com/email-trends/2022-why-do-businesses-use-sms

:-:-:

Connect your emails to the mobile world. Maximize your business
communication possibilities, without changing your habits.

RealSender’s secure mobile gateway lets you send SMS text messages directly
from your EMAIL, protected from abuse.

Recipient: mobilenumber@sms.yourdomain.com
Subject: the SMS message content
(additional email content and attachments are ignored)

Read more:
» https://realsender.com/email-gateway/secure-mobile-gateway

I received only one feedback:
“Nice service Andrea. If you could do it for whatsapp it would be the best!!”

My answer:
“Thanks Domenico, I personally don’t appreciate Whatsapp
(closed environment, owned by Facebook/Meta), even if it is widespread.
Text messages have many limitations but they are not controlled by a single operator.
I’ll let you know if there is any news.”

I understand the diffusion and increasing importance of Whatsapp, even for companies.
Unfortunately it is a closed environment, owned by Facebook (now Meta).
A sector in which I do not want to invest in or support.

I prefer to invite to spend on SMS,
that although they are managed by mobile phone operators,
follow common rules and are not administered by a single company.

a quick recap until May 2022

It’s been a long time since I last wrote here,
the last post was in early June 2021.

To start again, let’s make a summary of the main events
that took place in this period.

Under pressure from a client who needed a newsletter platform,
much more sophisticated than what copymail could offer,
I chose a mailing list manager and set up the “postmaster app” within the RealSender offer.

During the summer, until the end of the year, there were several issues with Cloudmark,
a well-known antispam service, which is mainly based on the reactions of recipients.
They started giving more emphasis on bounced messages,
considering sending to wrong addresses as “spammer behavior”.

In the fall, I published an article explaining how the handling of bounced messages should work.
By the end of the year, the “bouncehandler app” was up and running.
Once activated, an “email suppression list” acts before messages reach the recipient’s mailbox.

The new year started with the aim of simplifying the commercial offer:
a single brand (RealSender) with few by-products (called “apps”).
SpamStop and DoubleBackup became spamstop app and doublebackup app.
Other projects such as “statusboard” and “sos email app” have been abandoned.

Spring brought a further step of consolidation in marketing:
» the services “tester for SPF and DKIM” and “enigma secure email” are now part of “(free) postmaster tools”
» EmailTrends news and blog have been moved to the RealSender website as “email trends” and “travel journal”

EmailTrends newsletter 05/21

Last week, after working on it for a few days, I sent out the monthly newsletter:

After blacklisting, the customer support of a major anti-spam service often
replies: “please audit your list hygiene to ensure recipients interest in
your mailings”.

“list hygiene” and “recipients interest” have many facets
both on the MACHINE side and on the HUMAN side.

Good technical management is not enough.
“BE RELEVANT” is a slogan used a few years ago in email marketing.

Read more:
» https://emailtrends.com/news/2021-how-to-send-newsletters

:-:-:

HighSender is one email gateway to multiple dedicated smtp servers
relays over 2 to 24 servers, automatically balanced
it can send up to 240,000 emails per week
(generally used for newsletters / mass mailings)

Try it out:
» https://realsender.com/demo-it-today

It all started with a customer’s request:

we are rethinking our newsletter communication and, specifically, we would need:
- being able to independently manage different mailing lists 
  (to send each newsletter to a specific target)
- track the opening and reading of newsletters
- possibly integrate the software to create the newsletters in the same system

Do you have any offer for such a package? 

After checking that they were using Wordpress for their website (via builtwith.com),
I’ve initially suggested Mailster (ex MyMail) plugin.
One of our partners had been using it successfully for some years

Then I reviewed the Wordpress plugins. I told them what I would invest in is “MailPoet”,
which since the end of 2020 is part of the companies connected to Automattic (the parent company of Wordpress).
It looks very well done and contains the functions requested by the customer.

By choosing the “I just want the Premium with no sending” option,
the customer can continue to use RealSender,
combining it with a third level domain to manage bounces.
In this case, the bounce handler plugin must also be installed.

EmailTrends newsletter 04/21

On April 30th, I sent out the monthly newsletter:

Email is not private or secure.
It wasn’t designed with privacy or security in mind.

Anyone who handles your email in transit can read it,
including your ISP, a hacker, or the NSA (U.S. National Security Agency).

Scammers might also use malware to infiltrate a company’s computer network
and access email exchanges about financial matters.

End-to-end (e2ee) encryption for email can be used to ensure
that only the sender and the recipients of a message can read the contents.

Read more:
» https://emailtrends.com/news/2021-how-to-send-private-emails

:-:-:

PGP is the best solution for secure communications with a partner that is
already using it. Asking your counterpart to start using PGP could be hard.

Enigma (an app based on SnapPass) allows you to share secrets in a secure,
ephemeral way. Input a single or multi-line secret, its expiration time,
and click Generate URL. Share the one-time use URL with your intended
recipient.

Try it out:
» https://enigma.realsender.com

This month I started late.
The development of the “enigma” service and the content of the article took a long time.

The result should give strong help to an email privacy neophyte.

The choice of topic emerged after reading
Edward Snowden’s book “Permanent record”:

[...] 

In 2013, 29-year-old Edward Snowden shocked the world 

when he broke with the American intelligence establishment 
and revealed that the United States government 

was secretly pursuing the means to collect 
every single phone call, text message, and email. 

[...]

sos email

“sos email” is the new name of “sos webmail app” and is now in production.

Last week I tested the technical documentation on multiple servers
and created a pre-configured “base”, which will be the starting point for new instances.

The marketing approach has changed slightly,
now “sos email” on RealSender.com website has two separate webpages:

1. for the indipendent mailserver
2. for the web-based email client

The sales offer will focus on the independent mailserver.

Since most businesses use cloud emails from Google or Microsoft,
“sos email” can provide more flexibility for non-individual mailboxes.

It could also be used as a backup mail server,
ready to use, immediately available when needed
(see the OVH datacenter incident of March 2021).

EmailTrends newsletter 03/21

Last Saturday I sent the latest newsletter:

Bcc is often seen as an easy-to-use broadcast email delivery system.
It should be considered a high risk, dangerous communication tool.
We’ve made a short analysis of the pros and cons of using Bcc.

At the end, the conclusions with a few suggestions:

1. Set the Limits - 2) Go Professional.

Read more:
» https://emailtrends.com/news/2021-how-to-send-and-limit-bcc-emails

:-:-:

RealSender shares a list of 300 @spam-box.com addresses for testing
(the messages will reach a “black-hole” mailserver):
» https://tester.realsender.com

RealSender “copymail” app lets you send one-to-one (NO Bcc) mass mailings,
up to a few thousands of recipients, directly from your email client:
» https://realsender.com/for-email-broadcasters/copymail-app

The argument arose from two episodes that occurred in the first half of March:

• a partner asking detailed information about Bcc delivery on behalf of his client,
  he complained that:
  • statistics reported fewer messages than they thought they had sent
  • the limit of 100 recipients per single message was low, the customer had to send more
    
    
• a supplier sending a notice about the new office location to all its customers
• in Cc (instead of Bcc) to all customers, myself included
• one customer (fortunately only one) replied to all
• the supplier sent a new apology message to everyone (this time in Bcc)

Read more to know how to deal with these situations:
» https://emailtrends.com/news/2021-how-to-send-and-limit-bcc-emails

sos webmail app

After updating the newsletter mailboxes service,
I started thinking that something similar could be done for standard mailboxes as well.

In the last newsletter of 2020 I explored the topic: open source email clients.
SnappyMail turned out to be very interesting and easy to set up.

Here is the result of my research: sos webmail app

• a web-based email client that sends authenticated email messages
• an independent mailserver that provides email addresses to receive the messages

The prototype is up and running, the documentation has been written.
I still have to create a few accounts from scratch, to standardize the process.

Prices have yet to be defined.
Then I will start talking about it with partners, to know what they think.

EmailTrends newsletter 02/21

I’ve just sent (two days ago) the latest newsletter:

The answers or “feedback data” are the basis for the metrics
behind the reports on the performance of email marketing campaigns.
Let’s outline what they are and how they are measured:

two levels of permissions (privacy-related issues)
how user tracking works
how the open rate measurement works

» https://emailtrends.com/news/2021-how-to-measure-email-marketing

The best technical tools are useless if the messages do not reach the
recipient’s inbox. This is where “email deliverability” comes into play:

seed emails
bounce rates
email marketing benchmarks

» https://emailtrends.com/news/2021-how-to-measure-email-marketing

:-:-:

Those who send newsletters often need to setup additional mailboxes
to receive the bounced messages (e.g. bounce@…).

RealSender hosts “newsletter mailboxes” that have been configured so that
they can receive large amounts of emails in a short time, as for bounces,
following the rules to send DMARC compliant emails on behalf of customers:

» https://realsender.com/link/newsletter-mailboxes

It has been more straightforward than the previous one.

On Monday I still didn’t have a clear idea of what to work on.
Then I got a call from an old client’s marketing manager,
who uses Inxmail Professional server, the email marketing platform.

They send out a lot of emails, approx. 400k per week.
She asked me if I had ten minutes to explain some points to her and her colleague:

• information on measuring openings: when an email is previewed, is the opening measured?
• what are the reference data for the percentage of openings?
• tracking clicks on the site they use crazyegg, is there any other method? (eg. Google Analytics)
• information about my current business (I’m not working for Inxmail any more)

I thought the answers might be interesting for other people as well
and I already knew most of the contents, I just had to organize them.
The only point I researched was the updated data for the email marketing benchmarks.

It was like knowing exactly where I wanted to go,
with a fairly clear path ahead and everything you need ready in the backpack:
https://emailtrends.com/news/2021-how-to-measure-email-marketing

Oops, I forgot to mention the topic related to RealSender,
the “promotional area” of the newsletter.

Well, it’s related to Inxmail too. At the end of summer 2020, their “Head of Deliverability”
requested that the last customer I’m managing resolve the domain authentication problems.

He suggested to set up a subdomain and use it as both From (sender)
that as Mail-From (also known as bounce/return-path/envelope address).

"When From and Mail-From are identical, we can work with DMARC Policy Reject (strict alignment).
It will relieve the customer's IT massively and the domain is protected against spoofing.

In addition, the customer's root domain would be protected against reputation damage, 
because if for any reason the domain reputation suffers, 
it will have an impact on the entire mail communication in the company. 

I am sure that the Mail Admin will welcome this mail setup. 
It will make his work easier if he wants to protect their domain via DMARC."

Well, it’s a big company (over 20k employees), it took about four months to decide.
The internal IT department requested the changes, but others wanted to keep the root domain in the From.
Eventually, they chose to use the subdomain as the From address, as initially suggested by Inxmail.

Going back to RealSender, we already had a service called “newsletter mailboxes”.
It offered email addresses for bounced messages, under the rsXXX-realsender.com domain.
It was NOT DMARC compliant, because the domain was different than the sender’s email address.

DMARC allows you to send authenticated emails using a sub-domain (such as email.company.com),
and still be able to use the top-level domain in the From: header (e.g. From: offers@company.com).

By asking customers to set up a subdomain, the service became DMARC compliant with “relaxed” alignment:
https://realsender.com/for-email-broadcasters/newsletter-mailboxes/

EmailTrends newsletter 01/21

After a long and troubled preparation,
I have sent the sixth issue of the monthly newsletter.

In the last days of December, a former partner asked me to try RealSender.
He works in I.T. services, so I assumed they knew about spam.

Was I wrong, or they ignored it. They started sending an “invitation to the test”
to thousands of prospects in the tourism business.

The mailing caused a large number of “too many messages, slow down” warnings in the logs.
I checked the messages in the mail queue, to verify the content of the emails being sent
and immediately after I blocked them.

My next thought was that the sermons against spam are never enough,
“repetita iuvant” (repeating does good), as the ancient Latins said.

This is the last newsletter:

We have tried to summarize the main points
that could affect inbox delivery in 2021:
https://emailtrends.com/news/2021-what-is-considered-spam/

They’re divided into three areas:

• user reactions
• technical points
• try and see what happens

The first is the most important.
It is useless to evaluate the other points
if the messages are not expected/desired by their recipients.

:-:-:

“Dedicated” IP addresses are significant for relationships on the Internet
because their reputation has a strong impact on being accepted or not.

RealSender provides “dedicated” IP, reliable and constantly monitored SMTP:
https://realsender.com/link/dedicated-ip-address

smtp server abnormal billing

In the last two months, the weekly cost of smtp servers has almost doubled.

Within the billing history, I've found strange numbers 
starting from the last week. See the attached screenshot.

The old weekly billing was approx. XXX per week,
starting from October 26 it rised to approx. XXX per week.

The systems usage by our side remained the same.

Could you please check it?

On November 5th, I sent the above message to my major hosting provider.

It may seem like a small problem, but the weekly cost has grown at unsustainable rates and I had to keep paying it to avoid service interruptions.

After many messages and approx. two months, the issue was finally closed:

I was able to confirm on multiple containers that the sessions 
written on the /run ramdisk are causing the memory leak. 

I suggest you update systemd and dbus on all containers 
and if looking to maintain a minimal ramdisk usage, 
have a cron job clearing scope sessions every hour.

I had to perform a system update on all servers
and add two clearing commands to the daily cronjob activity.

On two servers, the ones with the greatest load, it wasn’t enough.
A daily reboot fixed the system overload.

smtp ip reputation matters

Smtp server ip address reputation is important to reach the inbox.

I spent the last few days of 2020
setting up a “simplified RealSender” service.

The reason is that RealSender works well
but it has so many features and options
to scare users with simple needs.

So I decided to develop a basic service,
that a user can simply buy without thinking too much.

The low price goal led me to evaluate a large hosting provider.
I have been using it since 2015 for other activities, I consider it reliable.

After three days of setup and documentation,
I carried out the final tests by sending messages to the most popular mailboxes,
like Gmail and Hotmail. They all went to the Spam/Junk folder.

I double-checked the configuration, specifically the email authentication:
SPF, DKIM and DMARC. They were all fine.

In the RealSender documentation I have a “delivery troubleshooting guide”,
with a list of websites that allow you to check the reputation of the smtp server
with respect to private blacklists, which could affect email delivery,
such as: Symantec, McAfee, Barracuda, Mail-Abuse and Senderbase (now Talos Intelligence).

At first, I didn’t find anything, until the reputation check on Senderbase, which highlighted
a bad reputation of the IP class, with many IPs marked as “poor email reputation”:
Senderbase/Talos IP & Domain Reputation Overview

There may be other reasons, such as using a newly registered domain name.
I will set up a new smtp server with the hosting provider used for RealSender,
to see what happens. I will update you next week.

EmailTrends newsletter 12/20

Yesterday I sent the fifth issue of the monthly newsletter:

Over the past decade, we’ve seen an almost complete change in corporate
mailboxes from on-premises mail servers to cloud services like Exchange
Online (Office 365) or Gmail for business (Google Apps).

We have analyzed how to regain control of the email client,
through multi-platform, actively developed and open source projects:
https://emailtrends.com/news/2020-open-source-email-clients

:-:-:

SpamStop is a spam filter that does not require any installation
because it is an online service that makes use of the domain’s MX record.

It only accepts messages from your pre-approved contacts:
just the emails coming from the authorized senders will reach your mailbox.

For more information: https://spamstop.com

The topic was originally the API interfaces for emails.
Then it changed in the email clients, something I had worked on before.

I was looking for a webmail solution
that did not require high skills to operate.

After a few attempts with Cypht and Nextcloud on Docker,
I finally got to the updated version of Rainloop,
which simply required a web server with php 7.3, nothing more.

Here you can learn more about it:
https://emailtrends.com/news/2020-open-source-email-clients

no news yet

My goal was to publish news a piece of news
by the last day of each month.

I missed it. I started too late.

At least the subject has been defined,
not an easy one for me: email API.

I’ll have to study the topic and learn something new.

spf/dkim advanced check

After last week’s tidying up, I’ve made a priority list for my weekly goals.
It was getting longer and harder to sort…

Until I got a call from a complaining partner
for all messages rejected by mailsecurity.swisscom.com.

The explanation for the bounced message concerned the missing DKIM signature. Which actually was there.
After a thorough investigation, it emerged that the SPF check reported:
Too many included lookups (15), which according to RFC7208, should be limited to max 10:

SPF implementations MUST limit the number of mechanisms 
and modifiers that do DNS lookups to at most 10 per SPF check, 
including any lookups caused by the use 
of the "include" mechanism or the "redirect" modifier. 

If this number is exceeded during a check, a PermError MUST be returned. 

The "include", "a", "mx", "ptr", and "exists" mechanisms 
as well as the "redirect" modifier do count against this limit. 
The "all", "ip4", and "ip6" mechanisms do not require DNS lookups 
and therefore do not count against this limit.

In these cases, the mxtoolbox SPF check can help,
because it shows in detail all “includes” and “sub-includes”.

Changes to the TXT record are not under the control of the smtp server vendor.
RealSender had already set up an automatic verification and an internal alert,
to make sure there are no “-all” settings that prohibit sending.

Using the well-working application tester.realsender.com,
a daily “advanced check” of all authorized senders is now in place.

At the moment it only checks that the TXT settings do not generate errors.
These could be for example:

• Error Two or more type TXT spf records found (if the TXT records are more than one)
• Permanent Error: No valid SPF record (if just one “include” doesn’t answer correctly)
• Permanent Error: include has trivial recursion (if there is an “include” to the same domain)

These are important issues, because all messages sent may be rejected because of them.
I have already notified some customers, requesting to fix the TXT records.

The second check is against DKIM authentication.
It points out all responses except “dkim-pass” or “dkim-diff”.
The few reports found are misconfigurations, which were promptly resolved.

EmailTrends newsletter 11/20

The fourth issue of the monthly newsletter will be sent
on November 20 at 08:00 (cet), here you can read the preview.

The companies can do whatever they want with the email,
which is a business work tool, but is it written and read by employees?
Can they read it? Can they backup it? Can they archive it?

We have explored the different types of work email boxes,
the rights and obligations of the employer:
https://emailtrends.com/news/2020-work-email-and-privacy

:-:-:

RealSender may transparently bcc all the sent emails

• to a special pop3 mailbox, to be downloaded via external services
• to a different email address, which must be pre-configured correctly

Alternatively, the “doublebackup” service archives all sent emails,
divided by sender and year. The messages can be retrieved on request,
searching the Message-ID, the Subject or the To address.

For more information:
https://realsender.com/link/bcc-email-archive

During the past week, I cleared some of the old arrears
and I tried to define the next goals.

bcc email archive - 2

I’ve revisited the doublebackup offer.

The pages on the RealSender and SpamStop websites have changed:
RealSender - outgoing email bcc archive
SpamStop - incoming email bcc archive

Both services now include a transparent bcc feature:

• to a special pop3 mailbox
  (stored email messages are automatically deleted after 7 days)
  
  
• to a different email address
  (properly configured so that the messages are not classified as spam)

Alternatively, the “doublebackup” service
archives and stores securely all your emails, divided by sender and year.

The archived messages can be retrieved on request,
searching the Message-ID, the Subject or the To address.

The internal procedures for doublebackup management have been revised too,
now they’re more readable and easier to apply.

I’m ready to promote it in the next issue of the newsletter,
offering a free trial period for those interested.

EmailTrends news #6

Writing the monthly news is always challenging.
At first, I feel like I’m wasting my time getting nothing,
then gradually something takes shape.

Two things happened before the October EmailTrends news issue:

1. I’ve better defined the contents of the monthly newsletter:
   the news will be the first part, the second part will be linked to the first,
   explaining a service I offer that solves one aspect of the problem
   
   
2. I listened to Nylas story on the Indie Hackers #070 podcast,
   I was impressed that they started with two products and ended up abandoning the first one.
   
   Last year I worked on DoubleBackup but there was little interest in this service,
   now I have decided to keep it only within the two main offerings: RealSender and SpamStop.
   
   After a few changes on the websites,
   I immediately started feeling better like I was lighter and more agile.
   “The company history page” also makes more sense: 2009 Realsender, 2019 SpamStop.

The news of the month is about work email and privacy.
It was inspired by an Italian podcast, I listened to over the past year,
explained how an employer should handle the mailboxes of his employees.

The mailbox was compared to the company car, it is made available to the employee for use within the business tasks. You can check the car but you cannot monitor everything that happens inside it.

Here is the link: 2020 work email and privacy
(employee emails in 2020: can they be read? can they be backed up? can they be archived?)

The idea is to publish it in the next issue of the newsletter,
along with a brief description of the (now) sub-product DoubleBackup.
In the next few weeks I need to work on it a bit to better explain how it works.

ready to use contact forms

The “webform via email” app is now complete.

On the SpamStop website I wrote:

You will collect the data in a standard format,
by a known source, that won’t be filtered as spam.

To get what I promised, there were a few points to fix:

• the sender of the email has to be an authenticated email address,
  not the email address of the user that filled the form

• the reply-to email, that is the recipient that will receive the replies,
  should not change: it has to be the email address of the user that filled the form

• the email address of the filler should appear in the subject line,
  like here: “Callback request from info@example.com”
  to facilitate the search within the messages and make management easier

This solution can be used outside of SpamStop,
I’ve published a web page on the RealSender website too:
RealSender - ready to use contact forms

EmailTrends newsletter 10/20

The third issue of the monthly newsletter has been sent
on October 20 at 08:00 (cet), you can read it here.

September 2020 “email traffic statistics” according to SenderBase:
about *85%* is Spam, only 15% are Legitimate emails.

We tried to summarize the best techniques to protect your business inbox:
https://emailtrends.com/news/2020-protect-emails-from-spam

:-:-:

One of the two basic rules in “spam prevention” is:
“don’t publish your email address online, use secure* web forms instead”
* = protected by robots that fill them automatically

We activated a simple web service,
to provide all customers who need them, with short contact forms
like this one: https://contact.emailtrends.com

And an associated email address, such as: info@contact.emailtrends.com
it bounces every message, providing the sender with a link to the web form.

By filling out the form you will receive your contact page,
personalized and spam-free.

After writing the news article at the end of September,
I found very interesting the “Spam prevention” suggestion
to restrict the availability of our email addresses:

• “don’t give your email address to everybody”
  it deals with personal behavior,
  it’s not something that can be controlled or automated

• “don’t publish your email address online”
  this is an issue I have already faced while working on SpamStop, see:
  https://spamstop.com/you-regain-email-control/protected-public-email-addresses/

webform via email - 2

It took me a lot of time to decide on the name: webform.app.
This address will host our customers’ secure web forms.

Here is an example taken from the emailtrends.com “old”* contacts page:

Web form: emailtrends.webform.app
Emails to: info@emailtrends.webform.app will be bounced with the web form link inside

Here is an example taken from the emailtrends.com “new”* contacts page:

Web form: contact.emailtrends.com
Emails to: info@contact.emailtrends.com will be bounced with the web form link inside

* = after the initial release, the version with the personalized address has arrived

The idea is to provide all customers who need them with simple contact forms,
protected against spambots that fill them automatically.

An email address is associated with each form.
It bounces every message, providing the sender with a link to the web form.

This is a bounced message:
]

webform via email

This week’s target has been a troubled journey.

After publishing your email address on a website,
this becomes public and it is the first target of the “spambots”.
My initial idea was an easy alternative to mailto: links, to hide the email.

I’ve tried to setup a dedicated mailbox, which would receive
all emails from one-time visitors and unknown senders.
But it’s an additional email address to check,
also, it will soon be full of junk messages.

The only way to go is to follow the “spam prevention” tip
which was published in the news last week:

don’t publish your email address online
to get contacted online, use secure* web forms / contact forms

* = protected by robots that fill them automatically
-- https://emailtrends.com/news/2020-protect-emails-from-spam/

The idea is to offer:

• a secure standard webform to all Emailtrends customers,
  such as those published on our websites, for example:
  https://spamstop.com/demo-it-today (form sent by RealSender)

• an email address associated with the form, bouncing all posts,
  and to get in touch, it returns the link to the web form page

I hope I can show something next week.

EmailTrends news #5

This month’s news is about spam protection.
I’ve tried to summarize my experiences about spam prevention and spam cure:
2020 protect emails from spam

Between 2017 and 2018 I looked for an internal use anti-spam engine.
It ended with an exclamation that became the basis of a new service:

“Why can’t email work like many widely used messaging apps?”
we should only receive messages by our contacts.

-- https://spamstop.com/about-us

It contains a description of the four top anti-spam techniques available on the market today:

• SpamAssassin-like score systems
• Powered by users
• Email Authentication
• Authorized senders, whitelist

SpamStop mx spam filter combines the last two and works very well.

EmailTrends newsletter 09/20

The second issue of the monthly newsletter has been sent
on Septemper 20 at 08:00 (cet), you can read it below.

It is about email authentication and the importance of setting
at least SPF, even better with DKIM* and DMARC.

* = with the signing domain aligned with the From email address

How important it is that the email messages are authenticated
correctly with SPF, DKIM or DMARC?

We’ve tested how email authentication affects the delivery to Google Mail
and Office 365 mailboxes, the most popular business emails providers:
https://emailtrends.com/news/2020-dmarc-works-autumn-update

:-:-:

RealSender offers an online check tool
to validate your SPF settings sending an email message:

1. send an email to spf@tester.realsender.com
2. check online the SPF validation results
   https://tester.realsender.com/spf
   (it will take a minute to appear)

During verification, a prefix is added to the subject
if the message is not authenticated correctly:
https://realsender.com/link/spf-check-online

The second part of the message explains how to use
RealSender’s spf online check.

I’m proud of the first feedback received so far:
“Helpful! – Gabriele”

The recipients include approx. fifty more contacts from my old job at Inxmail.
I’ve used two tips to help them recognize who is writing them:

• the From address is my personal email, with name and surname
• the first two lines of the message refer to Inxmail and explain how to unsubscribe:

You receive this email because we met through Inxmail;
if you don't want it, simply reply to this message.

stylish contact forms

Dealing with contact forms on self hosted websites isn’t easy:

1. they require a dynamic server side response.
   RealSender simplifies it through “sending via html form” features.

2. they’re often abused by robots that automatically fill them to send spam.
   The simplest and most widespread solution is to add the “Google’s reCAPTCHA v2 form validation”.

3. without some styling and positioning, forms just look awful.
   A well written article that helps styling them: 10 CSS HTML Form Designs.

This is the path that I’ve followed.
The third step has just been completed.
Now it all seems simple.

Here is the result:
RealSender - how to become a partner

switch to Stripe

Since August 2012, RealSender has been using the “PayPal Pro” service
to offer online credit card payments.

At the end of August 2020 we’ve activated a Stripe account.
It has been approved and after a few tests it is now ready to use.

Stripe does not offer a direct payment link,
the “Pay now” button must be hosted on our website.
After clicking it, the Stripe payment page will show up.

The administrative procedure remains the same:
we send to the customer the activation offer or the renewal offer,
together with the link to proceed with the online payment.

The payment button will be published under the address:
https://pay.realsender.com
After we’ve received the payment, we’ll send the invoice to the customer.

Online payments through Stripe are available
for SpamStop and DoubleBackup offers too.

EmailTrends news #4

I’ve just finished publishing the latest news: “2020 dmarc works - autumn update”.

This blog post title should be “back to the future”.
The reason for it is in the notes of the “emails delivery” chapter:

Notes: in the last week of August Office 365 had a strange behavior:
only the messages signed with dkim (signing domain aligned with the From address)
and dmarc record set (with any policy), were delivered to the Inbox

One of our main customers last week wrote me telling that
“all of our emails sent to Office 365 are being delivered to the Junk folder”.
I made a lot of tests and found out that the only way to fix it
was to have the DKIM signing domain aligned and activate DMARC (with any policy).

The delivery issue was fixed, so I decided to let it know to the world
and later to contact the other customers to make the required changes to their dns settings.

During the tests for the writing of the article, I’ve found that everything was back as before,
when a message passes the SPF check, it is usually delivered to the Inbox,
see: “email delivery test results”.

I’ll go back to check that all the RealSender customers have their TXT record
set correctly at least to pass the SPF email authentication.

dkim domain made easy

Until this week I’ve always been reluctant to offer to customers
the signing of email messages with their own domain.

For two reasons:

1. adding to the dns a TXT record with a 2048 bit long public key could be difficult
   
   the last time I had to exchange eight email messages
   and make a telephone call with the customer’s provider to get it done correctly

2. it requires a special setup on the smtp server side

I thought it was not worth it, because domain alignment for DMARC requires that:

when a sender authenticates their email using SPF and/or DKIM,  
at least one of the domains must align with the sending From domain

This means that in most cases, the SPF authentication of the sender domain is enough,
while the DKIM signing domain is the one of the service provider.
That’s the standard setup of Google Apps and Office 365 on cloud email services.

Then last week I read the article (pdf file):
M3AAWG DKIM Key Rotation Best Common Practices

It suggests the “3.1.3 Key delegation via CNAME”:
Another method is to delegate keys to the third party by using CNAMEs. […]

Example: 
Consider the case where "example.com" is the domain to sign, and “acme.com” is the third party.

key1._domainkey.example.com CNAME key1.example.com.acme.com 
key2._domainkey.example.com CNAME key2.example.com.acme.com

key1.example.com.acme.com TXT “v=DKIM1; p=” 
key2.example.com.acme.com TXT “v=DKIM1; p=ADfe34556....” 

After numerous configuration tests and the internal documentation updates,
I’ve passed the new requirements to the first customer.

On the first attempt the configuration was successful!

The “how to configure dkim” webpage has been promptly updated.

EmailTrends newsletter 08/20

After having worked for more than ten years in email marketing,
I’ve finally decided to start a monthly newsletter.

The target is to build loyalty with the customers and the partners,
together with the promotion our new “umbrella brand”: EmailTrends.

This is the first issue, that has been sent out today at 08:00 (cet):

To monitor email deliverability, it is important to know which email
providers your recipients are using.

We made a research to let you know which are the top three email providers
in twenty-five different countries:
https://emailtrends.com/news/2020-email-providers/

:-:-:

Sending harmful attachments is a big risk to your reputation,
it may even require you to submit a self public complaint.

The “stop bad attachments” option blocks all potentially harmful
attachments, except some safe extensions that you can define, like pdf,
txt, gif, jpg and png:
https://realsender.com/dedicated-smtp-server/extra-security-settings/stop-bad-attachments/

The message is divided into two parts,
the first with a piece of news, taken from https://emailtrends.com/news/,
the second with a blog post, taken from https://emailtrends.com/blog/.

Since the “news” and the “blog” areas are updated regularly,
there should always be new materials to choose from
the more valuables ones for customers and partners.

open spf tester

It could be a good promotional ad:
“the open-spf.org website is now linked to tester.realsender.com”

It’s partially true. The link is there, you can check it:
http://www.open-spf.org/Tools/

How could that happen?
openspf.org, the original website for the SPF standard, has been down since the spring of 2019.
I tried to contact the old maintainers: Julian Mehnle and Scott Kitterman but got no response.

Sender Policy Framework (SPF) is an old, unperfect, authentication method, available since 2004.
Together with DKIM it still forms the basis of email authentication techniques.
The latest authentication protocol called “DMARC” is actually built around SPF and DKIM.

I needed those information and web.archive.org copy was slow and cumbersome to use.
I downloaded the website locally, using a service called waybackmachinedownloader.com.
It didn’t work well right away. The Tunisian developer behind it, provided good paid support and fixed the errors.

A good result: the contents could be browsed with no issues.
It passed the linkchecker validation (you can find this great tool on Github).

Only with the intent to share this valuable resource,
on May 2019 I registered open-spf.org and re-published the old contents.
Google indexed it. Now if you search for “open spf”, it’s the first result.

Some of the “SPF Tools” listed there no longer work,
so I’ve decided to add https://tester.realsender.com as well.

It’s very simple, it works well and someone might find it useful.

EmailTrends news #3

The latest news update article is about DKIM domain alignment:
2020 dkim domain alignment for dmarc
(how DKIM domain alignment affects DMARC authentication in 2020)

It is a little “study” on the alignment importance
of the DKIM signing domain (d=example.com)
to pass the DMARC check.

Three months ago I launched the “news.emailtrends.com” project,
see: EmailTrends news #1

It’s hard to delve into a specific topic to write a valuable post.
Each time in the beginning I only have a confused idea.
Gradually, something worth publishing online takes shape.

I’ve decided to make two small changes to this project:

1. change the motivation
   from: Ideas and news (from people and companies) that share our main value: “regain email control”
   to: Ideas and news to “regain email control”

2. change the website address
   from: the subdomain news.emailtrends.com.
   to: a folder of the main emailtrends.com website: emailtrends.com/news

domain alignment for dmarc

This week’s post comes from my old job with Inxmail,
a German software house specialized in email marketing.
I’m still managing a customer for them.

I’ve been requested to:

inform the customer about the options on authentication of the dispatch domain used
for sending mails via SPF, DKIM and DMARC
since they're using a DKIM version which is not supported anymore by Inxmail

After the initial attempt to avoid doing it and the annoyance to make something imposed by others,
I’ve decided to delve into the topic and understand more about it.

The world of “domain alignment for dmarc” has opened up in front of me.
I already knew something about it, just a few ideas a bit confused.

• the sending From address, that is visible to the recipients
• the Mail-From address (also called “envelope sender” or “return-path”),
  that is hidden and managed directly by the ESP to receive the bounced mails

In this case, the easier solution is to have at least the DKIM signing domain aligned with the From address.
Read “dkim domain made easy”, it explains how to delegate keys to the third party by using CNAMEs.

If possible, both SPF and DKIM authentications should have at least a “relaxed domain alignment” with the From address:

• SPF: the root domain of the Mail-From address must match the root domain of the From address
• DKIM: the root of the dkim signing domain must match the sending From domain

The online check tool to validate your SPF/DKIM settings has been updated too:
validate your email SPF settings sending an email message
validate your email DKIM settings sending an email message

Give it a try and send me your comments on the EmailTrends hello page

This blog post has been updated on 17/09/2020

send file link - 1

This is a new project, not yet finished.

The service automatically uploads the attachments,
that you send via email to a special address we provide you,
to your own RealSender webserver.

In this way you can send them as a simple text link.

The files will keep the original name.
They will be automatically deleted after 30 days.

The technical tests have been completed,
the service should be online within the end of the current month.

google adwords campaigns

After a long delay, I’ve just finished setting up the promotional campaigns on Google Adwords.

The idea behind them is to advertise the three categories associated with our brands,
to keep them on the “top of mind” of all the people that will search for them:

dedicated smtp  >>  RealSender
mx spam filter  >>  SpamStop
bcc email archive >>  DoubleBackup
bcc email backup  >>  DoubleBackup

1. United States
2. China - NOT covered by ads *
3. Japan
4. Germany
5. India
6. United Kingdom
7. France
8. Italy
9. Brazil
10. Canada
11. Russia
12. South Korea
13. Spain
14. Australia
15. Mexico
16. Indonesia
17. Netherlands
18. Saudi Arabia
19. Turkey
20. Switzerland

* Google has only 2% of China’s search engines market share, Baidu is the leader with 67%

GDP data source: “The Top 20 Economies in the World” - investopedia.com
(The list is based on the IMF’s World Economic Outlook Database, October 2019)

To get some hints, I’ve read the very well done guide from AdEspresso:
“Google Ads 101 – The Guide That Takes You From Zero to Hero”.

Then I’ve decided to change my approach.
I chose how much to invest based on the profits of the last semester,
then I’ve divided the amount among the twenty Countries listed above and the weight of their GDP.

Each Country has a fixed daily budget, that Google will automatically distribute
among the three ads: RealSender, SpamStop and DoubleBackup.
At least in this way I should sleep peacefully, without bothering to find my bank account empty.

bcc email archive

The last week I’ve changed DoubleBackup’s category
from: easy email archive
to: bcc email archive

The category choice is an important step in brand positioning,
something on which companies invest, so that their name
ranks first on customers’ minds.

“bcc email archive” is more specific,
it well describes the offer, as our other categories already do:
RealSender - dedicated smtp server
SpamStop - mx spam filter

Starting from yesterday we also have three “short names”
to reach our websites:
rs.email for realsender.com
ss.email for spamstop.com
db.email for doublebackup.com

It’s better not to use acronyms for product names,
because they’re too difficult to remember,
so they won’t be advertised.

I use them as a short-cut to the websites and I appreciate their task.

“db.email” was my first ever two letters domain, it has been registered on 2015.
The last week “ss.email” was dropped and caught by a drop-catch service.
On Sunday I decided to buy “rs.email”. It was free, but it’s a premium, overpriced domain.

EmailTrends news #2

The slogan behind this monthly appointment:
Ideas and news (from people and companies) that share our main value:
“regain email control”

The second EmailTrends news issue is a research to find out the most used email providers:
Which are the most popular email providers in 2020

The results should be widely known: Google and Microsoft rule the email world.
They probably don’t share our core value,
but they largely influence all the other operators have to deal with these giants.

In B2B
this monopoly is even more evident, pushed by the continuous switch to “Cloud Office Suites”,
an area in which two companies own more than 90% of the market share.
It depends on the countries but on a global level the division between the two is “fairly balanced”.

In B2C
Gmail wins alone, with an average 40% of the free emails market share, in nearly all the countries.
Hotmail comes second at a long distance and not in all the countries.
Yahoo is the third.
Local operators come after it and they are rarely mentioned.

The only exceptions where Gmail isn’t the leader are:
China, with NetEase (126.com 163.com) and Russia, with mail.ru.

Read the full report here:
Which are the most popular email providers in 2020

authorized senders list

Since the early beginning of the RealSender project,
a big part of its security has been based on authorized senders’ control.

Only the declared senders can pass through the smtp server.

Thanks to the knowledge gained developing SpamStop,
see: spamstop.com - sender check,
today RealSender partners and large organizations are empowered
to update themselves the authorized senders’ list.

I’m sure that many of our customers will appreciate it.

The details are published on the website:
realsender.com - authorized senders

limit messages number

Starting from today RealSender offers a new security setting: “limit messages number”.
It lets you define a maximum number of daily emails per sender,
so that any excess quantities will be blocked before going on the internet.

It’s not something new, I had already tested it on 2012.
The setup process for RealSender had already been documented.

I just had to use the last version and update the documentation,
with a few changes to make it work smoothly within RealSender.

The details are published on the website:
realsender.com - limit messages number

dmarc rua reports online

I’ve just finished publishing the “dmarc pages” under
RealSender.com -> you regain email control -> email authentication basics:

<dmarc> act on fraudulent email
Domain-based Message Authentication, Reporting and Conformance

<dmarc> rua reports online
rua messages collection and daily dmarc reports generation online

To date, there has been no reference to “dmarc” on the realsender.com website.
I believed that “DMARC did not positively influence deliverability in any meaningful way”.

I was wrong:
How dmarc works with Google Mail and Office 365 in 2020

dmarc reports - 2

These steps are now complete:

1. each customer gets a dmarc-dedicated mailbox that will receive the rua(*) reports
2. RealSender downloads the email messages and generates the human-readable reports

* = rua meaning: see the previous post (dmarc reports - 1)

The reports are generated every day at 13:00 (CET) and contain the data of the last seven days.

This is a dmarc report sample page:

dmarc reports - 1

Dmarc is important both for email delivery and spoofing protection, see:
How dmarc works with Google Mail and Office 365 in 2020

I’m going to tell it to the customers, but I don’t want to oblige them to use a dmarc analysis service.
After a research on Github I’ve found this application: dmarc-report-converter.

It has a clean interface and it’s quite easy to setup.
Now it’s installed and available on all RealSender dedicated smtp servers.

Two more technical steps are missing to collect and analyse the dmarc rua(*) reports:

1. each customer will need a dmarc-dedicated mailbox that will receive the reports
2. RealSender will have to download the email messages on a regular basis

* = rua meaning:
Reporting URI(s) for aggregate data. 

The rua address is the email address to which aggregate reports are sent
by domains that have received mail claiming to be from your domain.
The report is in XML, contained in a zip file.
- - Domain-based Message Authentication, Reporting, and Conformance (DMARC)

There is still work to be done.

dkim soft fail

Last week I made a research on email deliverability:
How dmarc works with Google Mail and Office 365 in 2020

These results made me think that both Google Mail and Office 365
do not consider important if the DKIM signing domain is different from the sender,
as long as the message is authenticated with SPF, it will reach the inbox:

I don’t know why I was convinced that both spf and dkim should refer to the same domain.
Searching on the internet I’ve found this on “Domain alignment”:

DMARC requires that at least one of the domains is authenticated by SPF or DKIM  
to "align with" the domain found in the "from" header address

In fact, SpamStop almost always gave the warning “dkim-diff”
to the messages coming from Google Mail and Office 365.

Now it has been fixed, I’ve called this behaviour “dkim soft fail”.
SpamStop dkim check - when the message has been signed using a different domain,
the “dkim-diff” alert will NOT be displayed if the sender (“from”) passes the SPF check.

The tester has also been updated: dkim check online
When this particular case happens, the result will show:
|~OK| spf-pass |~OK| dkim-diff |~OK|

Having both SPF and DKIM aligned with the from domain makes even more sense,
since the SPF check could be broken by email forwarding,
while DKIM signature remains unchanged, tied to the message.

EmailTrends news #1

This week I’m two days late. I’ll do my best to prevent it from happening again.

The reason is that I wanted to launch a new communication project:
emailtrends news
ideas and news (from people and companies) that share our main value:
“regain email control”

The target is to publish at least one post per month.
Initially, it was one per week, but the research for the first article
was so demanding that I decided to give me more time to collect the information
so that the work, in the end, will be easier.

The first issue is a personal investigation on:
How dmarc works with Google Mail and Office 365 in 2020

It gave interesting results, that are different from what I expected.
I believed that spf and dkim alone were enough
to influence emails delivery and protect against spoofing.

The data took to different conclusions: without dmarc nothing works fine.
Dmarc should be considered “mandatory”
if you want to communicate with Google Mail and Office 365 mailboxes.

Read the full report here:
How dmarc works with Google Mail and Office 365 in 2020

extra security settings

Three new features (security options)
are available since this week to all RealSender customers:

• stop bad attachments
  to block all emails containing potentially harmful attachments

• limit messages weight
  to block all emails that exceed the weight limit

• filelink app
  to convert large file attachments into links

All the details are available on RealSender website:
https://realsender.com/dedicated-smtp-server/extra-security-settings/

spamstop offer renewed

This week I’ve revised the SpamStop offer pages:
spamstop.com/mx-spam-filter/plans-and-pricing

The value of the offer is now well explained.

SpamStop Lite (fewer features)
mx spam filter with everything except “sender check”
webpage link

SpamStop Full (full features)
each recipient manages his own authorized senders list
webpage link

extra security settings

This evening is nearly 10 p.m. and I’m a bit tired.

It took so long because I had no idea on what I could ship whis week.

There were two features that had not yet been documented and presented on the website.
They’re two special use cases for SpamStop service.

I’ve added them to a new category page called “extra security settings”:

1. remove bad attachments
2. authenticated senders only

Rspf and dkim check online

How to define business priorities (at least two criteria must be fulfilled):

1. will this make us money?
2. will this have customers love us?
3. is it easy-ish to do?
   – Vincent Woo - Talking about CoderPad and business at Dropbox

This week’s “shipping” certainly meets the “easy-ish to do” criteria.
Do not misunderstand me; it took months of work
to get all the pieces of the puzzle ready.

In the last two months, I’ve worked on:
email whiteboard, that later became StatusBoard, and finally landed to:
SOS.APP - status updates board
SOS.APP - status board by email

SpamStop already had an integrated, fine-tuned spf and dkim check.

It required just a few days to put all together to release this:
spf@tester.realsender.com
dkim@tester.realsender.com

After sending an email to one of the above addresses,
you can check online the SPF and DKIM validation results:
(it will take a minute to appear)
https://tester.realsender.com/beta

The second criterion should be: “customers will love us”.
Well, I use spf and dkim checks daily
and most of the tools hardly provide all the required information.
Especially when the “envelope sender” email address
and the “from” address is different.

The service details are on the realsender.com website:
spf check online
dkim check online

sos.app status board by email

I’m happy that this evening is just 7 p.m.
and my wife this evening won’t complain about my late hours.

sos.app status updates board
now can be updated by email too.

Each status board has its associated email address.
A security check based on SpamStop
will make sure that the sender address is not spoofed.

This small side project is complete.
I’ve developed it during the covid-19 days.

There is another idea related to the emergency.
The approach is similar to sos.app:
a limited task for a specific need.

While sos.app will be free,
this new project requires dedicated resources,
it will be a subscription-based service.

sos.app status updates board

This week it took me up to 10 p.m. to complete my task.
It’s late, but I’m really satisfied with my work.

It has been shipped, and you can try it yourself:
https://sos.app

It’s an online board that you can write just filling a form.

Tomorrow I’ll publish the “get your free dedicated board”.
Everything should be ready for public use.

statusboard - 1

After last week’s “conversion” to business,
I’ve looked for a suitable name for the new project.

The service is similar to the famous “StatusPage” solution.
It is a task-focused standalone product, open to multiple uses,
that fits well with the other EmailTrends offers.
So I started searching domains containing “status”.

On dropcatch.com that was “statuspage.net”
as “pending delete” within two days.
I submitted the offer and luckily it was caught.

Meanwhile I’ve started documenting the procedures.
The “proof of concept” seemed to be ready
but it took a lot of tests and fixes to make it work.

There’s still one (main) point missing:
how to hide part of the email address from the status rows.
Tomorrow morning this should be done too,
then I’ll start working on the website,
to finally show it out.

email whiteboard - 2

I like the weekly target of Monday evening
to ship something and publish this blog post.
It avoids me to spend too much time on a new project.

Email whiteboard is very easy and works fine.
During the last week I succeeded in:

• authenticating users with a text message (sms)
• having the same environment for multiple instances
  I’m satisfied with these achievements.

What I’m NOT satisfied with is:

• not having shipped the “local service for the community”

The original idea was to provide “a Twitter account for each town,
where people can easily post to ask and offer help”.

It proved too complex to accomplish.
Especially the idea to start immediately with all towns of Italy
(we have approx. 7000 municipalities!).

I have to think on how to make this experience fruitful.
The original motivation was my daughter’s request
to offer repetitions to local students.
Nothing to do with b2b and email …

email whiteboard - 1

This week I’ve started a new side project,
something not directly related with EmailTrends.

In Italy we’re living the days of corona virus diffusion.
Hopefully this will stop soon.
Here’s a report from an Italian doctor which is really sad, and scary:
when the message of the dangerousness of what is happening does not reach people I shudder

It’s a long time that I’m thinking at a local service for the community.
Not to make money, something with the only aim to help.
Maybe this is the right time.

I’ve prepared a prototype of a very simple whiteboard,
something similar to a Twitter account for each town,
where people can easily post to ask and offer help.

The two technologies used are:

• doublebackup, to display the messages
• jqueryform to publish the message

I plan to publish it the next week.

Maybe the whiteborad could be used in other contexts.
This is something I’ll think at later on.

antivirus filter for email

It’s good to have more than one proposal,
during presentations there are more possibilities
to receive a expression of interest.
Until now the winner is doublebackup.

Last Thursday I talked with a partner of Realsender.
I showed him doublebackup and Spamstop.
He was more interested in doublebackup.

He made some encouraging comments on SpamStop:
“It’s a sort of whitelist,
does it have any antivirus filter? (no)
In this case it’s not good to protect enterprises
we are looking for a full protection solution.
There are services that provide a sandbox
where the user can safely open links and attachments.”

The framework behind SpamStop was originally written
to filter attachments. So I started tinkering with it.
At first it filtered by file extension only,
after testing for a whole day it filtered all attachments,
except the specified extensions (.pdf and .txt).
That was exactly the behaviour that I was looking for!

Googling for a technical solution, I’ve found a case study,
that ended with a promising sentence:
“For us, attachment filtering has been very successful”
– web.mit.edu/net-security/Camp/2004/presentations/reillyb-mit2004.ppt
I’m confident that this feature will be highly appreciated.

new website

This week I had to decide whether to focus
on one product only (DoubleBackup)
or to promote all the three services:
RealSender, SpamStop and DoubleBackup.

Pushing three different products is ambitious,
because it needs a lot more resources.
It is more difficult too,
because of the “brand extension”
and the risk to lose the “specialist” advantage.

I’ll even add one more brand, targeted to the partners only:
EmailTrends, postmaster tools for IT service providers.
The three services represent the offer portfolio
of this partners oriented company,
that will help the IT pros to “regain email control”.

The website will continue to host this blog space,
more officially within the new project vision.

In my plans there will be a development part too,
aimed to support the partners with a backoffice area,
that will help them to manage the services they bought.

Time will tell if this was the right path,
I’m confident it’s so.

regain email control

This week I fixed my mantra:
“regain email control”.

This sentence was born approx. a year ago,
when I was looking for a phrase that could summarize my offer.

It is the philosophy that I’m trying to pass to I.T. service providers:
email is an open standard,
out of the closed gardens of social networks or proprietary tools.

When you have a little knowledge of how it works,
you can choose the services that preserve your intelligence
and give your customers the ability to remain indipendent,
switching the service provider if needed.

Surely there must be a better way:
use your head and live in freedom.

easy email archiving

DoubleBackup now has a task:
“we simplify email archiving”.

They may seem just words with no real meaning
but in my experience it is something that remains along the years
and guides me remembering the path to follow,
like the north direction in a compass.

P.S.

This post has been changed ten days after its original publication,
the title remained the same.

At the beginning I defined the sentence as a mantra.
Later I’ve found that a mantra is something different,
less physical/material and more spiritual/philosophical,
something that is related with my inner motivation.

“A mantra is only two or three words long
[…] everybody can understand it […]
[…] sit there and think about why do you exist?
why do you do this? what are you trying to do? […]
[…] Think about it in very very brief terms
Think about it in a way that if somebody heard your mantra
and not know which company described,
they could put two and two together.
It has to be logical. It has to be short. […]”
– Making a mantra - The Essential Guide to Entrepreneurship by Guy Kawasaki

fixing spamstop

After the release of DoubleBackup,
I’ve realized that SpamStop servers must be fixed.

Actually each customer receives a custom-made server,
it requires a long setup and it’s not possible to “recycle” it after the use.

RealSender and DoubleBackup servers are standard and independent.
Each of them is an investment, that won’t disappear even if the customer decides to close its account.

This is the target for the next week.
It’s a necessary step to harmonize the offer and take it to an industrial level.

putting all together - 2 of 2

I could not change the title.
The final setup required all the week.

Today half of day was dedicated to correct small details,
the other half to setup everything from scratch on a different server
and fixing the documentation.

What’s next?

1. complete the setup on two other servers
   (one of them is a day-one beta tester)
2. update the website with the new features

The offer changed a lot since the first version released on December.
I have a few ideas for the market launch. The details will come in the next issue :)

The initial developing required a lot of dedicated energy to reach the goal.
I’m excited to end this phase and move on to marketing and selling.

putting all together - 1 of 2

I’ve tried hard, maybe not too hard,
but it was not enough to complete it within today.

Preparing the “proof of concept” was quiet difficult,
the first step has been done.

Now we need to pass from “development” to “production”,
that’s another step. It must be divided in two small ones.
Hopefully the next week we’ll reach the target.

No new quotes for this week.

it can be done!

[…] after finishing it, he exclaims, “It can be done!” […]
– Gene Wilder in Young Frankenstein‎ (1974)

“You need to be slightly ashamed of the thing that you’re shipping,
because if you’re not, then you’ve probably gone a little bit too far.”
– From Two Failed Startups to $10,000,000 in Revenue with David Darmanin

Well, maybe it won’t be perfect but now I’m sure it can be done.

The original python application to extract the csv file from Maildir files had to be rebuilt.
This is what Paul (the super-developer) wrote about it:

"After a fair bit of trial and error, I found a few possible reasons for the errors in the python script (the errors are actually happening in the Python library rather than the script)."

"[...] I went ahead and wrote the script in Perl [...]. The Perl library for reading Mailbox files has been around a long time and is the standard for email processing - Python libraries are rarely used in this context."

With all the respect to the great Mailpile project, I experienced a great satisfaction clearing it from the procedures and from the servers. Doublebackup does not need an email client and now everything’s easier to understand and manage.

Today the transfer of doublebackup.com domain has finished. I bought it last week directly by its owner that did not use it. The interaction with the owner has been nice, he asked the fair price and did not try to speculate on it. I try to behave the same way but I don’t always succeed in doing it.

kiss technology

Sometimes a person talking with you lets you see the things in a different way, find new paths.

It has just happened with a project that I’ve been working on for the last three months and had become so complex that after publishing the website, I decided not to promote it: db.email.

At the end of a December I sent the link to a US i.t. service provider that replied: “I looked at db.email and I am favorably impressed. Your service might be something that would be good for our clients. We work with small law firms in the US and Canada. Law firms are required to keep copies of emails for five years or more. They can receive court orders requiring a “legal hold” on documents and emails. In that case they need to prove that they have copies that have not been changed or deleted.”

I’ve been amused by this answer. Thinking on how to provide the requested proves, it came out that an index file of all the archived messages seemed to be the easier way. Looking for a technical solution, I’ve found that someone else had already experienced the same issue and published a little script to get it: How to export a Maildir email inbox as a CSV file.

This is a good starting point, that takes to a further step: once that the customers have the index of the archived messages, there is no need to provide a webmail client, it’s enough to give them the possibility to retrieve the messages by the “message ID” unique value.

Avoiding the webmail simplifies a lot the “db.email” service, making it more reliable and much easier to setup and manage. All the project becomes lighter and I’ve regained confidence that this is something worth to spread.

Here’s the final quote that explains “kiss technology”, the subject of this post:
“If you keep it simple and stupid, which is basically what low expectations are in a way, you will automatically do things.”
– “Definitely Not Trying to Fit In” with Tobias van Schneider

Let’s do things and see what the next step is.