SlideShare a Scribd company logo

PHP: Best Mailing Practices

W
webhostingguy
1 of 39
Download to read offline
PHP: Best Mailing Practices Wez Furlong Lead Architect <wez@omniti.com>
we're hiring: http://omniti.com/people/jobs About the author O r,“w hy i thi guy tal ng to m e about thi s s ki s?” • Day-job is lead architect on the fastest MTA on Earth • Some of our customers are large scale senders and receivers of mail • I also know a little bit about PHP
we're hiring: http://omniti.com/people/jobs What we will cover • Constructing mail • Sending mail • Reliability, Performance • Bounce processing • Responsibility
we're hiring: http://omniti.com/people/jobs Constructing mail (rfc2822) From: ‚Wez Furlong‛ <wez@omniti.com> To: ‚Me‛ <wez@php.net> Subject: a simple message Date: Sun, 10 Sep 2006 07:39:06 -0400 (EDT) Here’s the body of the message.
we're hiring: http://omniti.com/people/jobs Constructing mail (ZF) require_once ‘Zend/Mail.php’; $mail = new Zend_Mail(); $mail->setBodyText(‘Here’s the body of the message.’); $mail->setFrom(‘wez@omniti.com’, ‘Wez Furlong’); $mail->addTo(‘wez@php.net’, ‘Me’); $mail->setSubject(‘a simple message’); $mail->send(); # uses mail() by default
we're hiring: http://omniti.com/people/jobs Constructing Mail (eZ) require_once ‘example_autoload.php’; $mail = new ezcMailComposer(); $mail->from = new ezcMailAddress(‘wez@omniti.com’, Wez Furlong’)); $mail->addTo(new ezcMailAddress(‘wez@php.net’, ‘Me’)); $mail->subject = ‚a simple message‛; $mail->plainText = ‚Here’s the body of the message‛; $tr = new ezcMailMtaTransport(); $tr->send($mail);
we're hiring: http://omniti.com/people/jobs Performance • mail() forks a process on each call • this has performance implications for – batch sending – busy servers • You can avoid these issues by using SMTP
we're hiring: http://omniti.com/people/jobs Sending over SMTP (ZF) require_once 'Zend/Mail/Transport/Smtp.php'; $tr = new Zend_Mail_Transport_Smtp( 'mail.example.com'); Zend_Mail::setDefaultTransport($tr); $mail = new Zend_Mail; … $mail->send();
we're hiring: http://omniti.com/people/jobs Sending over SMTP (eZ) require_once ‘example_autoload.php’; $mail = new ezcMailComposer(); $mail->from = new ezcMailAddress(‘wez@omniti.com’, Wez Furlong’)); $mail->addTo(new ezcMailAddress(‘wez@php.net’, ‘Me’)); $mail->subject = ‚a simple message‛; $mail->plainText = ‚Here’s the body of the message‛; $tr = new ezcMailSMTPTransport(‚mail.example.com‛); $tr->send($mail);
we're hiring: http://omniti.com/people/jobs Batch sending over SMTP require_once 'Zend/Mail/Transport/Smtp.php'; $tr = new Zend_Mail_Transport_Smtp( 'mail.example.com'); Zend_Mail::setDefaultTransport($tr); $tr->connect(); foreach ($batch as $item) { $mail = new Zend_Mail; … $mail->send(); } $tr->disconnect();
we're hiring: http://omniti.com/people/jobs Batch Sending over SMTP (eZ) require_once ‘example_autoload.php’; $mail = new ezcMailComposer(); $mail->from = new ezcMailAddress(‘wez@omniti.com’, Wez Furlong’)); $mail->addTo(new ezcMailAddress(‘wez@php.net’, ‘Me’)); $mail->subject = ‚a simple message‛; $mail->plainText = ‚Here’s the body of the message‛; $tr = new ezcMailSMTPTransport(‚mail.example.com‛); $tr->keepConnection(); $tr->send($mail);
we're hiring: http://omniti.com/people/jobs Batch sending from a web page • If you have a page that sends notification mail to a bunch of people in response to a submission • Try to avoid sending one mail per recipient right there: – multi-recipient mail (no good for VERP) – delegate mail sending to a background process
we're hiring: http://omniti.com/people/jobs Reliability • Using mail() (on unix) submits to a local MTA to handle the harder part of getting the mail where it needs to go • Switching to SMTP can improve performance • Connectivity and load issues on the SMTP host can introduce reliability issues from your app • Best to use SMTP to submit to a local MTA, or other local process that will generate/send.
we're hiring: http://omniti.com/people/jobs Responsible sending • Goals: – Provide useful service to those that want it – Avoid being mis-categorized as a spammer
we're hiring: http://omniti.com/people/jobs Responsible sending • General Requirements: – Avoid sending mail unless you know someone wants it – Paying attention to bounces and acting on them in a timely manner
we're hiring: http://omniti.com/people/jobs opt-out Someone decides to add a user to the list site sends mail user has to take action to de-list themselves
we're hiring: http://omniti.com/people/jobs opt-in User fills out a web form site adds user to mailing list
we're hiring: http://omniti.com/people/jobs Double or confirmed opt-in User fills out a web form site sends user an email asking for confirmation user replies to email site adds user to mailing list
we're hiring: http://omniti.com/people/jobs Abuse issues • Double opt-in is clearly much more user- friendly • In implementing it, you should build in throttling behavior so that the confirm mails are not sent in bulk
we're hiring: http://omniti.com/people/jobs Bounces • What happens when mail could not be delivered? – 5xx – Mail Delivery Notification (MDN) – Delivery Status Report (DSN)
we're hiring: http://omniti.com/people/jobs Mail Envelope • To:and From :headers are w hat’ w ri s tten on the “letter” • The envel sender are w hat’ w ri ope s tten on the packaging • MTAs route based on the envelope • The envelope can change during transit; aliasing, forwarding and so on
we're hiring: http://omniti.com/people/jobs Return Path • Return Path is another name for the envelope sender • I s the address to w hi bounces shoul be t’ ch d sent • I s usualy the sam e as the From :address t’ l • But can be changed in transit using schemes like SRS
we're hiring: http://omniti.com/people/jobs Bounce processing • I you send m ai and i f l i s i portant to f l t ais, t’ m determine why • Typical reasons: – user doesn’ exi t st – user over quota – site/user regards your mail as spam
we're hiring: http://omniti.com/people/jobs Bounce processing • Sending mail to non-existent mailboxes is a spammy behavior – you might find that your other mail is penalized as a result • If your mail is being classed as spam you should contact the user or their site to find out why. – m aybe the user coul t fi out how to stop getti dn’ nd ng your mail and resorted to a block on their side
we're hiring: http://omniti.com/people/jobs Bounce processing • If your mail is not getting through due to transient errors (like being over quota) you might want to re-try your mail later. – Would the user benefit from getting it later? – Would the user get swamped by a flood of mail from you once they’ accepti m ai agai re ng l n? – Would that cause them to block you as a spammer?
we're hiring: http://omniti.com/people/jobs Variable Envelope Return Paths (VERP) • Bounce processing is made difficult because there i t w i sn’ despread adopti ofD SN on standards, making it hard to determine which address bounced • VERP is a mechanism for creating a per recipient bounce address; if you receive mail to such a VERP address it must be a bounce
we're hiring: http://omniti.com/people/jobs VERP Return-Path: <bounces-wez=omniti.com@example.com> From: ‚my list‛ <my-list@example.com> To: wez@omniti.com Subject: a message • Users replies go to <my-list@example.com> • Bounces go to <bounces-wez=omniti.com@example.com> • When they arrive you know that you were trying to send to wez@omniti.com • You can encode whatever you want into your VERP – mailing ID, user ID, other tracking information
we're hiring: http://omniti.com/people/jobs Sending using VERP $mail->setReturnPath(‘bounces- wez=omniti.com@example.com’); • i you’ usi m ai( ,passi –f will set the f re ng l) ng return path. • i you’ tal ng SM TP di f re ki rectl the M AI y, L FROM: that you send to the server is the return path.
we're hiring: http://omniti.com/people/jobs Sending to a third party on behalf of a user User adds a 3rdParty address to a web form site sends email to 3rdParty because User is trusted 3rdParty gets em ai that m aybe they di t w ant. l dn’ Does this sound like opt-out?
we're hiring: http://omniti.com/people/jobs Sending to a third party on behalf of a user • I your users turn i abusers,i s your f nto t’ responsibility to do something about it. • It may be their fault but it came from your network, so you get the blame, and possibly blacklisted. • You need to take steps to reduce the impact ofsuch an occurrence,so i doesn’ af ect t t f your business.
we're hiring: http://omniti.com/people/jobs Renkoo: opt-out
we're hiring: http://omniti.com/people/jobs Sending to a third party on behalf of a user • Allow 3rdParty to opt-out • Throttle sending to 3rdParties that are not also users • Throttle sending from users to an unusually high number of 3rdParties
we're hiring: http://omniti.com/people/jobs Joe Jobs, Phishing • Joe Job: – Spam forged to look like it came from you, designed to get you blacklisted. • Phishing: – Mail forged to look like it came from you, designed to extract user credentials. Your users are the people that will get hurt.
we're hiring: http://omniti.com/people/jobs Mitigating Risks of forged mail • Adopting standards like DKIM and Sender ID allow you publish information about what constitutes valid mail from your site. • While not a silver bullet, they help.
we're hiring: http://omniti.com/people/jobs Domain Keys Identified Mail • DKIM uses cryptography to sign portions of each message that you send. The public key is published in your DNS so that the receiver can validate the signature. • An invalid signature is clearly a forgery • A m i ng si ssi gnature doesn’ m ean anythi t ng – unless the receiver has special knowledge about the sender
we're hiring: http://omniti.com/people/jobs Sender ID • Sender ID (and SPF) publish information about legitimate sending hosts and your sending policy in DNS. • A receiver can look up the information and compare it against fields in the message to determine if it was sent from your site.
we're hiring: http://omniti.com/people/jobs Authentication, Reputation • DKIM and Sender ID allow the receiver to determine if the sender is who they say they are. • They don’ assert that the sender i or i not, t s, s a spammer or a fraud.
we're hiring: http://omniti.com/people/jobs Summing up • I s easy to send m ai f t’ l rom a w eb app • That doesn’ m ean that you shoul t thi a t dn’ nk bit harder about it • How you send, and how you let others send through your site affect your ability to send mail • This affects your business
we're hiring: http://omniti.com/people/jobs Questions? • These slides are available from http://omniti.com/resources/talks • W e’ l ng f re ooki or: – Junior Web Developers – Mid-level Systems Engineers – jobs@omniti.com – http://omniti.com/people/jobs

Recommended

Web Services
Web ServicesWeb Services
Web ServicesBill Buchan
 
Apresentação ELMS
Apresentação ELMSApresentação ELMS
Apresentação ELMSNorton Guimarães
 
Php Development Stack
Php Development StackPhp Development Stack
Php Development Stackshah_neeraj
 
Aplicativos sociais
Aplicativos sociaisAplicativos sociais
Aplicativos sociaisRaphael Almeida
 
Best PHP Frameworks 2013
Best PHP Frameworks 2013Best PHP Frameworks 2013
Best PHP Frameworks 2013itechroom
 
Ch22 system administration
Ch22 system administration Ch22 system administration
Ch22 system administration Raja Waseem Akhtar
 
internet applications
internet applicationsinternet applications
internet applicationsSrinivasa Rao
 
Email
EmailEmail
EmailRoy Thomas
 

Recommended

Web Services
Web ServicesWeb Services
Web ServicesBill Buchan
 
Apresentação ELMS
Apresentação ELMSApresentação ELMS
Apresentação ELMSNorton Guimarães
 
Php Development Stack
Php Development StackPhp Development Stack
Php Development Stackshah_neeraj
 
Aplicativos sociais
Aplicativos sociaisAplicativos sociais
Aplicativos sociaisRaphael Almeida
 
Best PHP Frameworks 2013
Best PHP Frameworks 2013Best PHP Frameworks 2013
Best PHP Frameworks 2013itechroom
 
Ch22 system administration
Ch22 system administration Ch22 system administration
Ch22 system administration Raja Waseem Akhtar
 
internet applications
internet applicationsinternet applications
internet applicationsSrinivasa Rao
 
Email
EmailEmail
EmailRoy Thomas
 
What is a MS Windows Network Drive
What is a MS Windows Network DriveWhat is a MS Windows Network Drive
What is a MS Windows Network Driveadil raja
 
Spam Filter
Spam FilterSpam Filter
Spam FilterSanjeev Kumar Jaiswal
 
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...Amazon Web Services
 
Blockmail Technical White Paper
Blockmail Technical White PaperBlockmail Technical White Paper
Blockmail Technical White Paperniallmmackey
 
Webmail
WebmailWebmail
WebmailSantosh Khadsare
 
Email Address Harvesting
Email Address HarvestingEmail Address Harvesting
Email Address HarvestingMichael Lamont
 
Webservices Workshop - september 2014
Webservices Workshop - september 2014Webservices Workshop - september 2014
Webservices Workshop - september 2014clairvoyantllc
 
Improving email reliability
Improving email reliabilityImproving email reliability
Improving email reliabilityAntti Siiskonen
 
how email works
how email workshow email works
how email worksharikaveeravalli
 
Simplify, Isolate and Scale with RabbitMQ
Simplify, Isolate and Scale with RabbitMQ Simplify, Isolate and Scale with RabbitMQ
Simplify, Isolate and Scale with RabbitMQ TechExeter
 
Email and DNS
Email and DNSEmail and DNS
Email and DNSDhananjaysinh Jhala
 
Sending email with perl
Sending email with perlSending email with perl
Sending email with perlapeiron
 
window server 2008 mail configuration
window server 2008 mail configurationwindow server 2008 mail configuration
window server 2008 mail configurationanwarkade1
 
12 - E-Mail.ppt
12 - E-Mail.ppt12 - E-Mail.ppt
12 - E-Mail.pptssuserf7cd2b
 
12 - E-Mail.ppt
12 - E-Mail.ppt12 - E-Mail.ppt
12 - E-Mail.pptssuserf7cd2b
 
2015 ZendCon - Do you queue
2015 ZendCon - Do you queue2015 ZendCon - Do you queue
2015 ZendCon - Do you queueMike Willbanks
 
How To Build A Bulk Email Sending Application In PHP
How To Build A Bulk Email Sending Application In PHPHow To Build A Bulk Email Sending Application In PHP
How To Build A Bulk Email Sending Application In PHPSudheer Satyanarayana
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail InvestigationDr Raghu Khimani
 
The quest for global design principles (SymfonyLive Berlin 2015)
The quest for global design principles (SymfonyLive Berlin 2015)The quest for global design principles (SymfonyLive Berlin 2015)
The quest for global design principles (SymfonyLive Berlin 2015)Matthias Noback
 
File Upload
File UploadFile Upload
File Uploadwebhostingguy
 
Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Frameworkwebhostingguy
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guidewebhostingguy
 

More Related Content

Similar to PHP: Best Mailing Practices

What is a MS Windows Network Drive
What is a MS Windows Network DriveWhat is a MS Windows Network Drive
What is a MS Windows Network Driveadil raja
 
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...Amazon Web Services
 
Blockmail Technical White Paper
Blockmail Technical White PaperBlockmail Technical White Paper
Blockmail Technical White Paperniallmmackey
 
Email Address Harvesting
Email Address HarvestingEmail Address Harvesting
Email Address HarvestingMichael Lamont
 
Webservices Workshop - september 2014
Webservices Workshop - september 2014Webservices Workshop - september 2014
Webservices Workshop - september 2014clairvoyantllc
 
Improving email reliability
Improving email reliabilityImproving email reliability
Improving email reliabilityAntti Siiskonen
 
Simplify, Isolate and Scale with RabbitMQ
Simplify, Isolate and Scale with RabbitMQ Simplify, Isolate and Scale with RabbitMQ
Simplify, Isolate and Scale with RabbitMQ TechExeter
 
Sending email with perl
Sending email with perlSending email with perl
Sending email with perlapeiron
 
window server 2008 mail configuration
window server 2008 mail configurationwindow server 2008 mail configuration
window server 2008 mail configurationanwarkade1
 
2015 ZendCon - Do you queue
2015 ZendCon - Do you queue2015 ZendCon - Do you queue
2015 ZendCon - Do you queueMike Willbanks
 
How To Build A Bulk Email Sending Application In PHP
How To Build A Bulk Email Sending Application In PHPHow To Build A Bulk Email Sending Application In PHP
How To Build A Bulk Email Sending Application In PHPSudheer Satyanarayana
 
The quest for global design principles (SymfonyLive Berlin 2015)
The quest for global design principles (SymfonyLive Berlin 2015)The quest for global design principles (SymfonyLive Berlin 2015)
The quest for global design principles (SymfonyLive Berlin 2015)Matthias Noback
 

Similar to PHP: Best Mailing Practices (19)

What is a MS Windows Network Drive
What is a MS Windows Network DriveWhat is a MS Windows Network Drive
What is a MS Windows Network Drive
 
Spam Filter
Spam FilterSpam Filter
Spam Filter
 
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...
From 0 to 100M+ Emails Per Day: Sending Email with Amazon SES (SVC301) | AWS ...
 
Blockmail Technical White Paper
Blockmail Technical White PaperBlockmail Technical White Paper
Blockmail Technical White Paper
 
Webmail
WebmailWebmail
Webmail
 
Email Address Harvesting
Email Address HarvestingEmail Address Harvesting
Email Address Harvesting
 
Webservices Workshop - september 2014
Webservices Workshop - september 2014Webservices Workshop - september 2014
Webservices Workshop - september 2014
 
Improving email reliability
Improving email reliabilityImproving email reliability
Improving email reliability
 
how email works
how email workshow email works
how email works
 
Simplify, Isolate and Scale with RabbitMQ
Simplify, Isolate and Scale with RabbitMQ Simplify, Isolate and Scale with RabbitMQ
Simplify, Isolate and Scale with RabbitMQ
 
Email and DNS
Email and DNSEmail and DNS
Email and DNS
 
Sending email with perl
Sending email with perlSending email with perl
Sending email with perl
 
window server 2008 mail configuration
window server 2008 mail configurationwindow server 2008 mail configuration
window server 2008 mail configuration
 
12 - E-Mail.ppt
12 - E-Mail.ppt12 - E-Mail.ppt
12 - E-Mail.ppt
 
12 - E-Mail.ppt
12 - E-Mail.ppt12 - E-Mail.ppt
12 - E-Mail.ppt
 
2015 ZendCon - Do you queue
2015 ZendCon - Do you queue2015 ZendCon - Do you queue
2015 ZendCon - Do you queue
 
How To Build A Bulk Email Sending Application In PHP
How To Build A Bulk Email Sending Application In PHPHow To Build A Bulk Email Sending Application In PHP
How To Build A Bulk Email Sending Application In PHP
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail Investigation
 
The quest for global design principles (SymfonyLive Berlin 2015)
The quest for global design principles (SymfonyLive Berlin 2015)The quest for global design principles (SymfonyLive Berlin 2015)
The quest for global design principles (SymfonyLive Berlin 2015)
 

More from webhostingguy

Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Frameworkwebhostingguy
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guidewebhostingguy
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Load-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serversLoad-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serverswebhostingguy
 
SQL Server 2008 Consolidation
SQL Server 2008 ConsolidationSQL Server 2008 Consolidation
SQL Server 2008 Consolidationwebhostingguy
 
Master Service Agreement
Master Service AgreementMaster Service Agreement
Master Service Agreementwebhostingguy
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...webhostingguy
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...webhostingguy
 
Managing Diverse IT Infrastructure
Managing Diverse IT InfrastructureManaging Diverse IT Infrastructure
Managing Diverse IT Infrastructurewebhostingguy
 
Web design for business.ppt
Web design for business.pptWeb design for business.ppt
Web design for business.pptwebhostingguy
 
IT Power Management Strategy
IT Power Management Strategy IT Power Management Strategy
IT Power Management Strategy webhostingguy
 
Excel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for MerchandisersExcel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for Merchandiserswebhostingguy
 
Parallels Hosting Products
Parallels Hosting ProductsParallels Hosting Products
Parallels Hosting Productswebhostingguy
 
Microsoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 MbMicrosoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 Mbwebhostingguy
 

More from webhostingguy (20)

File Upload
File UploadFile Upload
File Upload
 
Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Framework
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guide
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Load-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serversLoad-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web servers
 
SQL Server 2008 Consolidation
SQL Server 2008 ConsolidationSQL Server 2008 Consolidation
SQL Server 2008 Consolidation
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
 
Master Service Agreement
Master Service AgreementMaster Service Agreement
Master Service Agreement
 
Notes8
Notes8Notes8
Notes8
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
 
Managing Diverse IT Infrastructure
Managing Diverse IT InfrastructureManaging Diverse IT Infrastructure
Managing Diverse IT Infrastructure
 
Web design for business.ppt
Web design for business.pptWeb design for business.ppt
Web design for business.ppt
 
IT Power Management Strategy
IT Power Management Strategy IT Power Management Strategy
IT Power Management Strategy
 
Excel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for MerchandisersExcel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for Merchandisers
 
OLUG_xen.ppt
OLUG_xen.pptOLUG_xen.ppt
OLUG_xen.ppt
 
Parallels Hosting Products
Parallels Hosting ProductsParallels Hosting Products
Parallels Hosting Products
 
Microsoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 MbMicrosoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 Mb
 
Reseller's Guide
Reseller's GuideReseller's Guide
Reseller's Guide
 

PHP: Best Mailing Practices

  • 1. PHP: Best Mailing Practices Wez Furlong Lead Architect <wez@omniti.com>
  • 2. we're hiring: http://omniti.com/people/jobs About the author O r,“w hy i thi guy tal ng to m e about thi s s ki s?” • Day-job is lead architect on the fastest MTA on Earth • Some of our customers are large scale senders and receivers of mail • I also know a little bit about PHP
  • 3. we're hiring: http://omniti.com/people/jobs What we will cover • Constructing mail • Sending mail • Reliability, Performance • Bounce processing • Responsibility
  • 4. we're hiring: http://omniti.com/people/jobs Constructing mail (rfc2822) From: ‚Wez Furlong‛ <wez@omniti.com> To: ‚Me‛ <wez@php.net> Subject: a simple message Date: Sun, 10 Sep 2006 07:39:06 -0400 (EDT) Here’s the body of the message.
  • 5. we're hiring: http://omniti.com/people/jobs Constructing mail (ZF) require_once ‘Zend/Mail.php’; $mail = new Zend_Mail(); $mail->setBodyText(‘Here’s the body of the message.’); $mail->setFrom(‘wez@omniti.com’, ‘Wez Furlong’); $mail->addTo(‘wez@php.net’, ‘Me’); $mail->setSubject(‘a simple message’); $mail->send(); # uses mail() by default
  • 6. we're hiring: http://omniti.com/people/jobs Constructing Mail (eZ) require_once ‘example_autoload.php’; $mail = new ezcMailComposer(); $mail->from = new ezcMailAddress(‘wez@omniti.com’, Wez Furlong’)); $mail->addTo(new ezcMailAddress(‘wez@php.net’, ‘Me’)); $mail->subject = ‚a simple message‛; $mail->plainText = ‚Here’s the body of the message‛; $tr = new ezcMailMtaTransport(); $tr->send($mail);
  • 7. we're hiring: http://omniti.com/people/jobs Performance • mail() forks a process on each call • this has performance implications for – batch sending – busy servers • You can avoid these issues by using SMTP
  • 8. we're hiring: http://omniti.com/people/jobs Sending over SMTP (ZF) require_once 'Zend/Mail/Transport/Smtp.php'; $tr = new Zend_Mail_Transport_Smtp( 'mail.example.com'); Zend_Mail::setDefaultTransport($tr); $mail = new Zend_Mail; … $mail->send();
  • 9. we're hiring: http://omniti.com/people/jobs Sending over SMTP (eZ) require_once ‘example_autoload.php’; $mail = new ezcMailComposer(); $mail->from = new ezcMailAddress(‘wez@omniti.com’, Wez Furlong’)); $mail->addTo(new ezcMailAddress(‘wez@php.net’, ‘Me’)); $mail->subject = ‚a simple message‛; $mail->plainText = ‚Here’s the body of the message‛; $tr = new ezcMailSMTPTransport(‚mail.example.com‛); $tr->send($mail);
  • 10. we're hiring: http://omniti.com/people/jobs Batch sending over SMTP require_once 'Zend/Mail/Transport/Smtp.php'; $tr = new Zend_Mail_Transport_Smtp( 'mail.example.com'); Zend_Mail::setDefaultTransport($tr); $tr->connect(); foreach ($batch as $item) { $mail = new Zend_Mail; … $mail->send(); } $tr->disconnect();
  • 11. we're hiring: http://omniti.com/people/jobs Batch Sending over SMTP (eZ) require_once ‘example_autoload.php’; $mail = new ezcMailComposer(); $mail->from = new ezcMailAddress(‘wez@omniti.com’, Wez Furlong’)); $mail->addTo(new ezcMailAddress(‘wez@php.net’, ‘Me’)); $mail->subject = ‚a simple message‛; $mail->plainText = ‚Here’s the body of the message‛; $tr = new ezcMailSMTPTransport(‚mail.example.com‛); $tr->keepConnection(); $tr->send($mail);
  • 12. we're hiring: http://omniti.com/people/jobs Batch sending from a web page • If you have a page that sends notification mail to a bunch of people in response to a submission • Try to avoid sending one mail per recipient right there: – multi-recipient mail (no good for VERP) – delegate mail sending to a background process
  • 13. we're hiring: http://omniti.com/people/jobs Reliability • Using mail() (on unix) submits to a local MTA to handle the harder part of getting the mail where it needs to go • Switching to SMTP can improve performance • Connectivity and load issues on the SMTP host can introduce reliability issues from your app • Best to use SMTP to submit to a local MTA, or other local process that will generate/send.
  • 14. we're hiring: http://omniti.com/people/jobs Responsible sending • Goals: – Provide useful service to those that want it – Avoid being mis-categorized as a spammer
  • 15. we're hiring: http://omniti.com/people/jobs Responsible sending • General Requirements: – Avoid sending mail unless you know someone wants it – Paying attention to bounces and acting on them in a timely manner
  • 16. we're hiring: http://omniti.com/people/jobs opt-out Someone decides to add a user to the list site sends mail user has to take action to de-list themselves
  • 17. we're hiring: http://omniti.com/people/jobs opt-in User fills out a web form site adds user to mailing list
  • 18. we're hiring: http://omniti.com/people/jobs Double or confirmed opt-in User fills out a web form site sends user an email asking for confirmation user replies to email site adds user to mailing list
  • 19. we're hiring: http://omniti.com/people/jobs Abuse issues • Double opt-in is clearly much more user- friendly • In implementing it, you should build in throttling behavior so that the confirm mails are not sent in bulk
  • 20. we're hiring: http://omniti.com/people/jobs Bounces • What happens when mail could not be delivered? – 5xx – Mail Delivery Notification (MDN) – Delivery Status Report (DSN)
  • 21. we're hiring: http://omniti.com/people/jobs Mail Envelope • To:and From :headers are w hat’ w ri s tten on the “letter” • The envel sender are w hat’ w ri ope s tten on the packaging • MTAs route based on the envelope • The envelope can change during transit; aliasing, forwarding and so on
  • 22. we're hiring: http://omniti.com/people/jobs Return Path • Return Path is another name for the envelope sender • I s the address to w hi bounces shoul be t’ ch d sent • I s usualy the sam e as the From :address t’ l • But can be changed in transit using schemes like SRS
  • 23. we're hiring: http://omniti.com/people/jobs Bounce processing • I you send m ai and i f l i s i portant to f l t ais, t’ m determine why • Typical reasons: – user doesn’ exi t st – user over quota – site/user regards your mail as spam
  • 24. we're hiring: http://omniti.com/people/jobs Bounce processing • Sending mail to non-existent mailboxes is a spammy behavior – you might find that your other mail is penalized as a result • If your mail is being classed as spam you should contact the user or their site to find out why. – m aybe the user coul t fi out how to stop getti dn’ nd ng your mail and resorted to a block on their side
  • 25. we're hiring: http://omniti.com/people/jobs Bounce processing • If your mail is not getting through due to transient errors (like being over quota) you might want to re-try your mail later. – Would the user benefit from getting it later? – Would the user get swamped by a flood of mail from you once they’ accepti m ai agai re ng l n? – Would that cause them to block you as a spammer?
  • 26. we're hiring: http://omniti.com/people/jobs Variable Envelope Return Paths (VERP) • Bounce processing is made difficult because there i t w i sn’ despread adopti ofD SN on standards, making it hard to determine which address bounced • VERP is a mechanism for creating a per recipient bounce address; if you receive mail to such a VERP address it must be a bounce
  • 27. we're hiring: http://omniti.com/people/jobs VERP Return-Path: <bounces-wez=omniti.com@example.com> From: ‚my list‛ <my-list@example.com> To: wez@omniti.com Subject: a message • Users replies go to <my-list@example.com> • Bounces go to <bounces-wez=omniti.com@example.com> • When they arrive you know that you were trying to send to wez@omniti.com • You can encode whatever you want into your VERP – mailing ID, user ID, other tracking information
  • 28. we're hiring: http://omniti.com/people/jobs Sending using VERP $mail->setReturnPath(‘bounces- wez=omniti.com@example.com’); • i you’ usi m ai( ,passi –f will set the f re ng l) ng return path. • i you’ tal ng SM TP di f re ki rectl the M AI y, L FROM: that you send to the server is the return path.
  • 29. we're hiring: http://omniti.com/people/jobs Sending to a third party on behalf of a user User adds a 3rdParty address to a web form site sends email to 3rdParty because User is trusted 3rdParty gets em ai that m aybe they di t w ant. l dn’ Does this sound like opt-out?
  • 30. we're hiring: http://omniti.com/people/jobs Sending to a third party on behalf of a user • I your users turn i abusers,i s your f nto t’ responsibility to do something about it. • It may be their fault but it came from your network, so you get the blame, and possibly blacklisted. • You need to take steps to reduce the impact ofsuch an occurrence,so i doesn’ af ect t t f your business.
  • 31. we're hiring: http://omniti.com/people/jobs Renkoo: opt-out
  • 32. we're hiring: http://omniti.com/people/jobs Sending to a third party on behalf of a user • Allow 3rdParty to opt-out • Throttle sending to 3rdParties that are not also users • Throttle sending from users to an unusually high number of 3rdParties
  • 33. we're hiring: http://omniti.com/people/jobs Joe Jobs, Phishing • Joe Job: – Spam forged to look like it came from you, designed to get you blacklisted. • Phishing: – Mail forged to look like it came from you, designed to extract user credentials. Your users are the people that will get hurt.
  • 34. we're hiring: http://omniti.com/people/jobs Mitigating Risks of forged mail • Adopting standards like DKIM and Sender ID allow you publish information about what constitutes valid mail from your site. • While not a silver bullet, they help.
  • 35. we're hiring: http://omniti.com/people/jobs Domain Keys Identified Mail • DKIM uses cryptography to sign portions of each message that you send. The public key is published in your DNS so that the receiver can validate the signature. • An invalid signature is clearly a forgery • A m i ng si ssi gnature doesn’ m ean anythi t ng – unless the receiver has special knowledge about the sender
  • 36. we're hiring: http://omniti.com/people/jobs Sender ID • Sender ID (and SPF) publish information about legitimate sending hosts and your sending policy in DNS. • A receiver can look up the information and compare it against fields in the message to determine if it was sent from your site.
  • 37. we're hiring: http://omniti.com/people/jobs Authentication, Reputation • DKIM and Sender ID allow the receiver to determine if the sender is who they say they are. • They don’ assert that the sender i or i not, t s, s a spammer or a fraud.
  • 38. we're hiring: http://omniti.com/people/jobs Summing up • I s easy to send m ai f t’ l rom a w eb app • That doesn’ m ean that you shoul t thi a t dn’ nk bit harder about it • How you send, and how you let others send through your site affect your ability to send mail • This affects your business
  • 39. we're hiring: http://omniti.com/people/jobs Questions? • These slides are available from http://omniti.com/resources/talks • W e’ l ng f re ooki or: – Junior Web Developers – Mid-level Systems Engineers – jobs@omniti.com – http://omniti.com/people/jobs