//collapse mobile menus
How to reliably send email from your website

How to reliably send email from your website

How to reliably send email from your website 3
Solving email delivery problems

Almost all websites need to send out emails for one reason or another, the most common reason being your contact form, but there are plenty of other emails which website owners often do not consider when checking email deliverability, such as:-

  • Notifications to your blog or newsletter subscribers.
  • Plugin notifications
  • Notifications, warnings or reports from your security plugins
  • comments on blog posts
  • Register emails
  • Password reset emails

There are many issues which can affect your outgoing email deliverability and getting your website to send out emails reliably can sometimes be a problem.

Some of the common questions I see on my WordPress groups include:-

  • “why are emails from my website going into junk mail folder”
  • “I am not receiving emails from my contact form”
  • “emails from my website have vanished”

Here I will cover some of the things you need to check and configure to ensure that email from your website is sent reliably.

Check email FROM address

This is one of the most common causes I find when troubleshooting email issues for clients.

When you send out email from your website, you must make sure that the email is sent FROM your own domain, i.e. the domain of the website where the email is being sent from.

I will often find that clients have set their forms to use the email address of the person filling in the form. As a result, the email is going to fail any authentication checks and will be flagged as spam or blocked (see below).

If you want to be able to reply directly to the person who completed the form, then you should set their email as the REPLY-TO header instead. Most form plugins will allow you to do this.

Email Authentication

One of the key factors in making sure your email does not get flagged as spam and your domain does not get blacklisted is email authentication. There are multiple authentication methods available, which include SPF, DKIM and DMARC.

SPF is the most widely deployed solution and should suffice for the purpose of this article, so is the only one I will discuss here. However, I would suggest that you follow the links above and educate yourself on all the methods to further mitigate spam and blacklisting problems.

SPF (Sender Policy Framework)

How to reliably send email from your website 4

What it is: SPF is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send mail from that domain.

How it works: Brands sending an email will publish SPF records in the Domain Name System (DNS). These records list which IP addresses (servers) are authorized to send email on behalf of their domains.

During an SPF check, email providers (MTA’s) verify the SPF record by looking up the domain name listed in the “envelope from” address in the DNS. If the IP address sending the email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication and thus receive a spam score.

There are no specific rules about how to treat an email failing an spf check. Different providers (MTA’s) will apply different rules, some will just give it a spam score and some will reject the email altogether.

Why it matters: An SPF-protected domain is less attractive to phishers, and is, therefore, less likely to be blacklisted by spam filters, ensuring legitimate email from that domain is delivered.

Your SPF records must cover all servers/IP’s that will send mail for your domain. You can use the SPF wizard to create your SPF record.

Backlist Monitoring

is your domain blacklisted
Is your domain blacklisted

Blacklists are another common issue that most website owners are not aware of. Server IP addresses and domain names often get blacklisted due to sending spam, which results in your emails being blocked.

Most mail servers (MTA) will be set to check a number of blacklists for each incoming email, and if either the sending MTA or domain is on any of those blacklists, this will increase the spam score. Different providers will use different blacklists and apply different scores.

This is a common problem for hosting providers, especially where everything related to your domain is hosted on the same server, which is the setup for most hosts.

So if any other customer on the same server is sending out spam, or their website gets hacked, then this will affect your domain reputation as well.

I recommend that you setup blacklist monitoring for your domain in order to keep tabs on this problem.

There are a ton of blacklist monitoring services out there, but the ones I use are MX Toolbox and Hetrix Tools.

This is one reason why I do not recommend to use your web server for sending email, instead use an external service (see below).

Use external SMTP relay service

SMTP Relay Services

Due to the reasons mentioned above, and for general email reliability and business continuity, I generally recommend separating your email from your website hosting and using an external email provider such as Google G Suite or at the very least an SMTP relay service for your website email.

There are several SMTP plugins available for WordPress which make this extremely easy.

If you choose to send through SMTP using your an email account that is hosted on the same server as your website, this may not solve your problem due to the reasons mentioned above.

Gmail or G Suite

If you use Gmail or g suite, then you can use this account for relaying email from your website too. However you should be aware of the following caveats.

  • The Gmail sending limit is about 100-150 emails per day via SMTP. The limit via the Gmail interface is 500 per day.
  • The limit for G Suite accounts is 2000 emails per day, which is more than enough for most sites. See here for more details.
  • If you use your own email account to send smtp mail, remember that changing your email password, this will break outgoing email from your website, so you must remember to also change it on your website too. It is better to have a separate email account just for sending email from the website.

If you are a G Suite customer, then you can also use their SMTP relay service instead, which would be preferable.

If you use WordPress then I suggest using the gmail-smtp plugin, which uses OAuth to send emails instead of authenticating with your username and password, which solves a number of issues, including the one mentioned above.

Mailgun

Mailgun is a popular solution, as they allow up to 10,000 emails per month for free, which is more than enough for most websites. You also lots of advanced features such as mailing lists, tracking, bounce processing, logs, analytics and more.

As with any bulk email relay service, they are sending millions of emails per hour, and their IP’s do get blacklisted, which can cause some issues as they do not do a brilliant job of monitoring the blacklists and getting IP’s removed.

However they do have the option of a dedicated IP address if you are willing to pay, which means you are the only domain sending email from that IP address, so the only person that can get you blacklisted is you.

Other SMTP Relays

There are a ton of other SMTP relay providers out there to choose from such as Sendgrid, sendinblue, mailchannels, smtpauth etc, depending on your requirements and budget. Just do a Google search and take your pick.

If you need any help with email authentication, blacklist removal, mailing lists or anything mentioned here, feel free to get in touch.

Google Find My Device not working

Google Find My Device not working

Ever since Google updated its “find my device” page for Android a couple of years ago, it has not been working for us.

We would still get the old version of the page with a message saying “This page cannot load Google maps correctly”.

Google Find My Device not working 5
Google find my device page

Clicking on the “try the new and updated find my device” link, would just redirect back to this same page.

The issue only affected my g suite account but not my regular, free, gmail account.

I tried contacting Google support back when I first noticed the issue but did not get anywhere since this is not a supported service.

Today I thought I would give it another try, and this time I got through to an agent more willing to help, and finally, we solved the mystery.

In your Google g suite admin you need to enable the “user device wipe on android” option.

Google Find My Device not working 6

This can be found under Device Management -> Android Settings -> General settings.

Check this box and click save, and you should now be able to access the new “find my device” page.

This is obviously a rather cryptic setting, and there is no logical reason why not enabling this option should just keep redirecting you to the old and broken find my device page. However the Google support agent did say it was “intended behaviour”.

My Facebook account was disabled, WTF?

My Facebook account was disabled, WTF?

My Facebook account was disabled, WTF? 7

I got a big shock this week, I went to login to my facebook account only to be met with the dreaded “Account disabled” message.
Why the heck had my account been disabled?

I was very confused at first since I had received no warning or notifications and I could not think of any reason why. Then later that day, I got an automated email from Facebook. The short answer, because their AI (Automated Idiot) system is seriously flawed, screwed up, and incorrectly banned me for copyright infringement that never happened.

The long answer

I did some work for a client a few months back, and this client screwed me over and refused to pay me for any of the work I had done, but continued using the logos I had created on his facebook page (and other places).

As per the law and my terms and conditions, I still owned all intellectual property rights (IPR), which I reminded him of and asked him politely to stop using the images and remove them from his Facebook page, which he ignored. So I submitted copyright infringement reports to facebook to get the images removed.

The images in question were removed by Facebook, but that same automated AI also came to the ridiculous conclusion that I was the one committing the copyright infringement instead of the person reporting it and claiming copyright, and subsequently disabled my account for infringing my own copyright on my own images.

In addition, it seems that once you have been disabled, Facebook will do whatever it can to stop you from creating a new account. Any attempt to do so thus far had resulted in each account being disabled within 24 hours. Presumably, they are picking up the name and ip address or possibly the Windows tracking ID.

This is clearly completely unwarranted and unethical behaviour by Facebook to disable accounts in this way with ZERO verification of facts and way to get a mistake reversed. It also causes a bucketload of other problems as Facebook is the only method I have for contacting some people, it is also my default login (Single Sign On) method for multiple websites, meaning I can no longer get into those websites either.

I also had multiple business pages for my various websites, plus I also managed pages and ad campaigns for clients, all of which are also now gone.

What can I do about this? Nothing it seems, as the entire Facebook system, is completely automated and there is no human being to interact with. No one to contact, no email addresses, no phone numbers, nothing. So when Facebook F*cks up, you simply have to live with their mistake and suffer the consequences. You cannot get more unethical than that.

I have written a letter to the Facebook UK HQ based in London, explaining the obvious mistake their system has made, in the hope someone with morals and ethics might read it and care enough to sort it out, but I won’t hold my breath as Facebook do not have a reputation for being either caring or ethical.

If anyone reading this happens to know someone at Facebook who can fix this screw up, please send me a message.

The other very worrying thing I realized from this whole situation, is how open to abuse Facebook’s system is. It is obviously very easy to get someone banned from facebook simply by submitting a bunch of bogus complaints about them, which the automated system will blindly believe without any kind of validation or human interaction.

UPDATE 2nd May 2019 : My account has been re-enabled

I got a surprise today when my wife told me that my profile was back online.

I have no idea how or why, but clearly someone I contacted has resolved this for me, so thank you to that person.

For the benefit of anyone else who finds themselves in this situation, here are the various actions I took to try and get my account reactivated.

  • I owned multiple appeal cases, which resulted in a canned response. But I replied to that email every single day. I doubt this was ever read by a human being though.
  • I continued to reply to the original emails I received regarding the copyright infringement.
  • I sent continued emails to the facebook abuse address
  • I sent a message to the Facebook business page
  • I wrote a letter to the Legal Dept at the Facebook London office and sent it recorded delivery.
  • I looked up Facebook employees on Linkedin and sent tweets and emails to several people listed as management.

I am inclined to believe it is the letter that did the trick.

I have now taken the precaution of creating a backup Facebook account using a completely different name, email address, phone number etc, and giving that user ADMIN rights on my business and all my pages. So if this ever happens again, I won’t lose access to anything.

Update 10th May 2019

My Facebook account was disabled, WTF? 8

I received this canned response template letter from Facebook’s London office today, basically telling me that the website is nothing to do with them and they have no control over it or access to user accounts, so I have to contact Facebook in Ireland.

So clearly they are not the ones who re-activated my account. So I therefore must assume that it was one of the people I emailed or tweeted who resolved it for me anonymously.

Fix Windows 10 deactivated itself after Update

Fix Windows 10 deactivated itself after Update

Fix Windows 10 deactivated itself after Update 9

I turned on my PC the other day, only to find that my License was no longer active, and there was that message in the bottom right-hand corner telling me to activate Windows.

I tried to activate Windows, but it failed, telling me “We can’t activate Windows on this device because you don’t have a valid digital license or product key”. It was also reporting Windows 10 home as the only valid digital license. Both statements were wrong as have Windows Pro and a valid license key, which it wouldn’t accept either when I tried to re-enter it. Since I upgraded from home to pro some time ago, my guess was that it was picking up the previous digital license.

To cut a long story short, I ended up having to contact Microsoft support and they had to generate a new digital key, I then had to wait 24 hours and try activating again, which worked.

Here are the steps to be performed.

Open command prompt (windows key + R )
Type “slmgr -rearm” (without the “)
-go to services (Windows key + r > type services.msc)
Look for windows update service > restart it
-restart your computer
Wait 24 hours, then try to reactivate Windows

If it still does not work, then I suggest contacting Microsoft support and they will reset your license.
Do this by running the “get support” app from your start menu.
You will need to go through the automated suggestions until it gives you get the option to speak to a real person. At this point, you want to choose  Windows –> Technical support in order to get the chat option.
Do not mention license activation issues, as this just sends you to the knowledge base or forums and will not give you the chat option.

OneDrive protects you from Ransomware

OneDrive protects you from Ransomware

OneDrive protects you from Ransomware 10

I just discovered that Microsoft introduced a new OneDrive feature a few months ago that will make it easier to recover from ransomware attacks. Files Restore which was previously a OneDrive business feature has made its way over from OneDrive for Business to personal OneDrive accounts. The catch is you’ll need an Office 365 subscription to get access to the new Files Restore feature. OneDrive users can now use it to simply restore files from any point in time within the last 30 days. If you accidentally delete a file you’ll be able to restore it, or if you make some bad changes and want to roll back to an earlier copy.

Microsoft is marketing the Files Restore feature as a good way to protect against ransomware attacks that lock files on a local PC, and often try to delete copies that are stored in synced folders – replicating those changes in the cloud. We’ve seen a number of these attacks recently, and victims have been forced to pay money to try and get their files back.

If OneDrive detects mass deletion of cloud files, Microsoft will alert users through an email or mobile / desktop notification and a recovery process will let you quickly restore to a time before the ransomware attack. “It’s the first of its kind in the industry,” says Seth Patton, general manager of Office 365. “We believe OneDrive is the safest place to store your files.”

OneDrive protects you from Ransomware 11

 

Alongside this new Files Restore feature, Microsoft has also added password protected sharing links for OneDrive to make it a little more secure when you share out sensitive files or folders. This has been a long time coming and is a feature Google drive has had since forever.

Outlook.com is also getting updated with email encryption for Office 365 subscribers. The email encryption can be enabled on individual messages, and Outlook.com will even prompt you to encrypt emails if it detects information like social security numbers in messages. Recipients will be able to read the messages in Outlook.com, Outlook for iOS and Android, the Windows Mail app, or just by visiting a link in the email if the level of security at the recipient doesn’t meet Microsoft’s encrypted connection standards. Outlook.com users will also be able to prevent recipients from forwarding or copying emails sent from the service.

If you need help getting set up with OneDrive or Office365, feel free to get in touch.

Parents Beware: Playstation4 is not suitable for kids

Parents Beware: Playstation4 is not suitable for kids

Parents Beware: Playstation4 is not suitable for kids 12A couple of years ago my son Bret was begging for a PS4, based on the premise that most of his friends had or were getting a PS4, so he would be able to play online with them, so I bought him one for Christmas, and it has caused nothing but problems due to the ridiculous dictatorship that Sony imposes and the terrible attitude of Playstation support towards its users.

Now don’t get me wrong, I am not particularly a Microsoft or an XBOX fanboy either, I could complain all day long about Microsoft and Xbox support and all the problems they have caused us over the years with their incompetence. I owned a PlayStation 1 back in the day, and several Playstation 2’s, in fact I only got rid of my PS2’s last year. But the issues with kids and parental controls did not affect those consoles, these issues really only really began once consoles were doing everything online.

We have had XBOX 360’s in the house for as long as I have had kids, one of the things I have always liked about the Xbox is the extensive and granular parental controls it allows. You as the parent have full control over what your kids can and cannot do, the amount of play time, whether they can play online or accept friend requests, age restrictions etc, the decisions are yours, nothing is forced upon you.

Herein lies the problem with the PlayStation. First off, the parental controls are a joke. Sony has decided in their dictator style wisdom, that they will determine what is and is not suitable for your children and how they will use the Playstation, and you as the parent will not be given any choice in the matter.

In order to use your Playstation properly or play online games, you first need signup for a Sony/Playstation account, for which you must be over 18. If your kid’s signup then they have to lie about their age and of course would have access to 18+ content as well as no protection from abusive users or predators. Also, if Sony finds out they are a child, the account will be blocked forever, and they will lose all their games and content. It seems Sony will pretty much ban any account for any reason why see fit, no matter how daft.

So to stay within the rules, you as the parent must signup, and then you create child sub-accounts inside your parent account. This is where your problems start.

The first thing we discovered on Christmas day was that child accounts cannot play online, there is no way to override this, it is Sony’s rule, they have decided that nobody unde rthe age of 18 is allowed to play online, period. So if you purchased the PS4 and games specifically so your kids could play online with their friends, you are now screwed. We could not find this information actually mentioned anywhere and had to wait until after Xmas to contact support to find out this was the reason why online gaming would not work. Needless to say that Bret’s Christmas was completely ruined by this. Had I known about this in advance, I would never have purchased him a PS4.

Despite their anti-child rules, Sony will happily sell you games intended for under 18’s which have online play, knowing full well that your kids will never be able to play online.

We have had numerous issues since with support screwing us around. Such as a controller which stopped working properly, while it was still within warranty, but PlayStation support messed us about for months until the warranty had passed, and then refused to help.

The next nightmare we had to deal with was the PSN PLUS subscription, which allows you to play online and gives you a number of downloadable games each month. Due to the initial issues mentioned above, I created the subscription on my own account, which means that I owned all the downloaded games. However, any other user on the console could benefit from my subscription and could also play those games and have online gaming access as long as my subscription remained active and this was set as my primary console.
If you cancel your subscription, then you lose access to all the games you downloaded, which is another limitation that I find very unfriendly and also very greedy of Sony. The equivalent on XBOX is the XBOX Live Gold subscription, but any games you download while subscribed are yours forever. So even if you cancel your subscription, you still get to play all the games you downloaded.

Obviously, the inability to play online was a complete show stopper and not something we could live with, otherwise, I may as well of just sold the PS4. So like most other people I had no choice but to create an adult account for my son to use. This unfortunately still incurred some issues with the PSN PLUS subscription being on my account, there were things he still could not do.
So we contacted PlayStation support and asked them what would happen if I cancelled my subscription and moved it over to his account. They informed us that we would still have access to all the games I had downloaded, because they were assigned to the console, and it only required any user to have an active subscription. So base on this advise, I set up a new subscription for my son, and allowed mine to expire.

I’m sure you can probably guess what happened when my subscription expired, yes the support agent was an incompetent idiot and had gotten it completely wrong or had told us a bunch of porky pies. As soon as my subscription expired, all the games vanished from the console. I contacted PlayStation support once again, but of course, they denied all responsibility and refused to resolve the situation in their usual unhelpful style. I asked them if they would just transfer all my games licenses to my son’s account, but no, of course, that would too easy and helpful. So now the only solution is to maintain 2 subscriptions, which is a complete waste of money, as  I do not even use the PlayStation.

We have also had several instances where my son has contacted PlayStation support, and they have been quite rude and unhelpful to him and he has come away not only upset but also thinking they are complete idiots. If a 10 year old thinks you are an idiot, then you have a problem LOL.

On one occasion, after he had been in the support queue for over 30 minutes, they simply refused to speak to him because he was a child, he even told them that his dad was standing right next to him, and they could speak to me, but they just said “no thanks” and hung up on him. He was of course pretty upset about this after waiting so long to get through. Again no apology when I complained, just complete denial.

Definately should have gone for an Xbox One instead.