Almost all websites need to send out emails for one reason or another, the most common reason being your contact form, but there are plenty of other emails which website owners often do not consider when checking email deliverability, such as:-
Notifications to your blog or newsletter subscribers.
Notifications, warnings or reports from your security plugins
comments on blog posts
Password reset emails
There are many issues which can affect your outgoing email deliverability and getting your website to send out emails reliably can sometimes be a problem.
Some of the common questions I see on my WordPress groups include:-
“why are emails from my website going into junk mail folder”
“I am not receiving emails from my contact form”
“emails from my website have vanished”
Here I will cover some of the things you need to check and configure to ensure that email from your website is sent reliably.
Check email FROM address
This is one of the most common causes I find when troubleshooting email issues for clients.
When you send out email from your website, you must make sure that the email is sent FROM your own domain, i.e. the domain of the website where the email is being sent from.
I will often find that clients have set their forms to use the email address of the person filling in the form. As a result, the email is going to fail any authentication checks and will be flagged as spam or blocked (see below).
If you want to be able to reply directly to the person who completed the form, then you should set their email as the REPLY-TO header instead. Most form plugins will allow you to do this.
One of the key factors in making sure your email does not get flagged as spam and your domain does not get blacklisted is email authentication. There are multiple authentication methods available, which include SPF, DKIM and DMARC.
SPF is the most widely deployed solution and should suffice for the purpose of this article, so is the only one I will discuss here. However, I would suggest that you follow the links above and educate yourself on all the methods to further mitigate spam and blacklisting problems.
SPF (Sender Policy Framework)
What it is: SPF is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send mail from that domain.
How it works: Brands sending an email will publish SPF records in the Domain Name System (DNS). These records list which IP addresses (servers) are authorized to send email on behalf of their domains.
During an SPF check, email providers (MTA’s) verify the SPF record by looking up the domain name listed in the “envelope from” address in the DNS. If the IP address sending the email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication and thus receive a spam score.
There are no specific rules about how to treat an email failing an spf check. Different providers (MTA’s) will apply different rules, some will just give it a spam score and some will reject the email altogether.
Why it matters: An SPF-protected domain is less attractive to phishers, and is, therefore, less likely to be blacklisted by spam filters, ensuring legitimate email from that domain is delivered.
Your SPF records must cover all servers/IP’s that will send mail for your domain. You can use the SPF wizard to create your SPF record.
Blacklists are another common issue that most website owners are not aware of. Server IP addresses and domain names often get blacklisted due to sending spam, which results in your emails being blocked.
Most mail servers (MTA) will be set to check a number of blacklists for each incoming email, and if either the sending MTA or domain is on any of those blacklists, this will increase the spam score. Different providers will use different blacklists and apply different scores.
This is a common problem for hosting providers, especially where everything related to your domain is hosted on the same server, which is the setup for most hosts.
So if any other customer on the same server is sending out spam, or their website gets hacked, then this will affect your domain reputation as well.
I recommend that you setup blacklist monitoring for your domain in order to keep tabs on this problem.
There are a ton of blacklist monitoring services out there, but the ones I use are MX Toolbox and Hetrix Tools.
This is one reason why I do not recommend to use your web server for sending email, instead use an external service (see below).
Use external SMTP relay service
Due to the reasons mentioned above, and for general email reliability and business continuity, I generally recommend separating your email from your website hosting and using an external email provider such as Google G Suite or at the very least an SMTP relay service for your website email.
There are several SMTP plugins available for WordPress which make this extremely easy.
If you choose to send through SMTP using your an email account that is hosted on the same server as your website, this may not solve your problem due to the reasons mentioned above.
Gmail or G Suite
If you use Gmail or g suite, then you can use this account for relaying email from your website too. However you should be aware of the following caveats.
The Gmail sending limit is about 100-150 emails per day via SMTP. The limit via the Gmail interface is 500 per day.
If you use your own email account to send smtp mail, remember that changing your email password, this will break outgoing email from your website, so you must remember to also change it on your website too. It is better to have a separate email account just for sending email from the website.
If you are a G Suite customer, then you can also use their SMTP relay service instead, which would be preferable.
If you use WordPress then I suggest using the gmail-smtp plugin, which uses OAuth to send emails instead of authenticating with your username and password, which solves a number of issues, including the one mentioned above.
Mailgun is a popular solution, as they allow up to 10,000 emails per month for free, which is more than enough for most websites. You also lots of advanced features such as mailing lists, tracking, bounce processing, logs, analytics and more.
As with any bulk email relay service, they are sending millions of emails per hour, and their IP’s do get blacklisted, which can cause some issues as they do not do a brilliant job of monitoring the blacklists and getting IP’s removed.
However they do have the option of a dedicated IP address if you are willing to pay, which means you are the only domain sending email from that IP address, so the only person that can get you blacklisted is you.
Other SMTP Relays
There are a ton of other SMTP relay providers out there to choose from such as Sendgrid, sendinblue, mailchannels, smtpauth etc, depending on your requirements and budget. Just do a Google search and take your pick.
If you need any help with email authentication, blacklist removal, mailing lists or anything mentioned here, feel free to get in touch.
Ever since Google updated its “find my device” page for Android a couple of years ago, it has not been working for us.
We would still get the old version of the page with a message saying “This page cannot load Google maps correctly”.
Clicking on the “try the new and updated find my device” link, would just redirect back to this same page.
The issue only affected my g suite account but not my regular, free, gmail account.
I tried contacting Google support back when I first noticed the issue but did not get anywhere since this is not a supported service.
Today I thought I would give it another try, and this time I got through to an agent more willing to help, and finally, we solved the mystery.
In your Google g suite admin you need to enable the “user device wipe on android” option.
This can be found under Device Management -> Android Settings -> General settings.
Check this box and click save, and you should now be able to access the new “find my device” page.
This is obviously a rather cryptic setting, and there is no logical reason why not enabling this option should just keep redirecting you to the old and broken find my device page. However the Google support agent did say it was “intended behaviour”.
Part of getting your business seen online is SEO, and an important part of this is getting your business registered with Google my business and Google maps.
Not only have I had to do this for my own business and my wife’s business but it is a service I provide to clients. When it works, this is a simple process, which involves Google sending a postcard to the business address with a code on it, which you then use to verify the business address.
However, sometimes the postcard doesn’t turn up, or some miscreant might report your listing and claim it is fraudulent or misleading and gets it suspended for review, at which point you have to contact Google my business support and request manual verification, which is where things get ridiculous.
You would be quite right to think, why on earth would Google discriminate against small businesses, this makes no sense and completely contradicts the whole purpose of Google my business.
Yet I have had this issue myself a few times now, and most recently when I changed my own listing to add my virtual office address.
According to Harisha at Google my business support, in order to pass the manual verification, every business must provide photos of their premises, must have their own dedicated entrance which is not shared with other businesses and must show signage with the company name in front of the building, WTF?
These requirements are clearly unfair, unethical and discriminate against every small to medium businesses in the world that uses shared/managed office spaces, people who work from home (including disabled people) or have virtual offices.
There are 125 million formal micro, small and midsize businesses in the world, including 89 million in emerging markets. How many of those do Google think have their own building, with their own entrance and signage?
What makes this even more illogical is how disparate this is from the automated postcard method. As long as you can receive that postcard with the verification code on it, then no other evidence is required, your office could literally be in your garden shed.
This means that most of the businesses already listed on Google (using the postcard method) do not meet these supposed requirements either, which I couldn’t actually find any mention of on the Google my business eligibility guidelines by the way.
Quite ironically, as I pointed out to Harisha, this also includes all the other business that reside at the same managed offices as myself.
So what’s the solution?
In the case of the postcard not turning up, I suggest trying a few more times before giving up. In my most recent attempt, I had to request the card 5 times before it finally arrived (thankfully bypassing this issue).
If you just cannot get that card or have your listing suspended for some other reason, and really have no other choice other than to comply with Google’s unfair demands, then Photoshop is your friend (nudge nudge, wink wink).
If you do not have the skills to manipulate images yourself, just pop along to fiverr.com and you will find someone willing to do some image manipulation for $20 or less 🙂
I got a big shock this week, I went to login to my facebook account only to be met with the dreaded “Account disabled” message. Why the heck had my account been disabled?
I was very confused at first since I had received no warning or notifications and I could not think of any reason why. Then later that day, I got an automated email from Facebook. The short answer, because their AI (Automated Idiot) system is seriously flawed, screwed up, and incorrectly banned me for copyright infringement that never happened.
The long answer
I did some work for a client a few months back, and this client screwed me over and refused to pay me for any of the work I had done, but continued using the logos I had created on his facebook page (and other places).
As per the law and my terms and conditions, I still owned all intellectual property rights (IPR), which I reminded him of and asked him politely to stop using the images and remove them from his Facebook page, which he ignored. So I submitted copyright infringement reports to facebook to get the images removed.
The images in question were removed by Facebook, but that same automated AI also came to the ridiculous conclusion that I was the one committing the copyright infringement instead of the person reporting it and claiming copyright, and subsequently disabled my account for infringing my own copyright on my own images.
In addition, it seems that once you have been disabled, Facebook will do whatever it can to stop you from creating a new account. Any attempt to do so thus far had resulted in each account being disabled within 24 hours. Presumably, they are picking up the name and ip address or possibly the Windows tracking ID.
This is clearly completely unwarranted and unethical behaviour by Facebook to disable accounts in this way with ZERO verification of facts and way to get a mistake reversed. It also causes a bucketload of other problems as Facebook is the only method I have for contacting some people, it is also my default login (Single Sign On) method for multiple websites, meaning I can no longer get into those websites either.
I also had multiple business pages for my various websites, plus I also managed pages and ad campaigns for clients, all of which are also now gone.
What can I do about this? Nothing it seems, as the entire Facebook system, is completely automated and there is no human being to interact with. No one to contact, no email addresses, no phone numbers, nothing. So when Facebook F*cks up, you simply have to live with their mistake and suffer the consequences. You cannot get more unethical than that.
I have written a letter to the Facebook UK HQ based in London, explaining the obvious mistake their system has made, in the hope someone with morals and ethics might read it and care enough to sort it out, but I won’t hold my breath as Facebook do not have a reputation for being either caring or ethical.
If anyone reading this happens to know someone at Facebook who can fix this screw up, please send me a message.
The other very worrying thing I realized from this whole situation, is how open to abuse Facebook’s system is. It is obviously very easy to get someone banned from facebook simply by submitting a bunch of bogus complaints about them, which the automated system will blindly believe without any kind of validation or human interaction.
UPDATE 2nd May 2019 : My account has been re-enabled
I got a surprise today when my wife told me that my profile was back online.
I have no idea how or why, but clearly someone I contacted has resolved this for me, so thank you to that person.
For the benefit of anyone else who finds themselves in this situation, here are the various actions I took to try and get my account reactivated.
I owned multiple appeal cases, which resulted in a canned response. But I replied to that email every single day. I doubt this was ever read by a human being though.
I continued to reply to the original emails I received regarding the copyright infringement.
I sent continued emails to the facebook abuse address
I sent a message to the Facebook business page
I wrote a letter to the Legal Dept at the Facebook London office and sent it recorded delivery.
I looked up Facebook employees on Linkedin and sent tweets and emails to several people listed as management.
I am inclined to believe it is the letter that did the trick.
I have now taken the precaution of creating a backup Facebook account using a completely different name, email address, phone number etc, and giving that user ADMIN rights on my business and all my pages. So if this ever happens again, I won’t lose access to anything.
Update 10th May 2019
I received this canned response template letter from Facebook’s London office today, basically telling me that the website is nothing to do with them and they have no control over it or access to user accounts, so I have to contact Facebook in Ireland.
So clearly they are not the ones who re-activated my account. So I therefore must assume that it was one of the people I emailed or tweeted who resolved it for me anonymously.
Privacy policies are one of the most overlooked aspects of most websites. If you stop to look around most of the popular sites you visit, you’ll find they all have unique privacy policies (though the specific page’s traffic is usually low). Even so, these documents are important if you want your website to comply with local and international regulations.
Let’s talk privacy!
What Privacy Policies Are (And Why They’re Important)
Privacy policies can look intimidating, but you should always read them when possible.
Privacy policies are legal documents informing users what you do with their data. For example, if you collect email addresses, names, and birthdays during the user signup process, you need to tell users what happens with their information. For example, some websites might use it for internal purposes only (such as customer profiling). Others might sell the information to third-party services, in which case consent is necessary.
As you’ll be aware, privacy policies are usually skipped over by the majority of visitors. However, there are several benefits to adding one to your website:
The next section will explore some tools to generate full privacy policies with little input from your end. Even then, it’s essential you have a working understanding of what their basics are.
1. How and What Type of Information You Collect
This clause is the bread and butter of privacy policies. It details the exact information you collect, and how. To recall our earlier example, you can get email addresses and names directly from signup forms. However, there is also data you can obtain without the user knowing. For example, Google Analytics tracks the user’s preferred web browser, which needs to be mentioned.
Personally Identifiable Information refers to information that tells us specifically who you are, such as your name, email address, or phone number. Downloading information or logging in may allow the Company to “recognize” you to allow us to personalize our service for you.
This first section discusses what we consider to be personal information, as opposed to anonymous data we might collect. It also mentions we may use the information to personalize your user experience. In our case, logging in is only necessary to download products you may have purchased, so it’s not obligatory.
2. What You Do With the Information You Collect
For our Clients, we use personal information mainly to provide the Services and contact our Clients regarding account activities, new version and product offerings, or other communications relevant to the Services. We do not sell or share any personally identifiable or other information of End Users to any third parties, except, of course, to the applicable Client whose website you are using.
For example, if your ZenMSP service is about to expire, we send you an email reminder. In this case, we’re using your personal information to provide an update.
In any case, if you’re not comfortable with the way a website uses your information, the GDPR outlines the ‘right to be forgotten‘. This means sites are bound by law to delete your information if you ask them to cancel your account, for example.
Cookies are files on your computer that contain personal settings for specific websites. The term itself supposedly comes from ‘magic cookies’, which are a type of token used by UNIX-based Operating Systems (OS).
The above explains how cookies are used and what they are. Later on in the policy, we would also discuss how you can opt out of using cookies, including those served by third-party services on our website (such as Google and MailChimp).
Lets you customize your policy using your company’s information.
Enables you add necessary clauses for several popular third-party services, including Amazon Associates and Google Analytics.
Provides automatic updates to your policy based on any new regulations.
TermsFeed enables you to generate basic privacy policies in minutes, and customize them using your site’s information. Each time you want to create a new policy, the service will walk you through a questionnaire to help you determine the clauses you need. When the process is over, you’ll receive your new policy via email in seconds. The platform also offers you the option of updating your policies automatically as laws change.
Enables you to generate custom privacy policies using a simple questionnaire.
Lets you adjust your policy to comply with national and international laws.
Provides automatic policy updates whenever the law changes.
Enables you to outline how you deal with customer payment information.
Price: Free, but you need a Shopify subscription to get the most out of it | More Information
For this portion of the piece, we’ll use iubenda given its ease of use and reasonable pricing structure. To get started, go to the service’s home page and click on the GENERATE YOUR POLICY button to the top right of the page. On the next window, enter your website’s URL and click the blue button:
Clicking on the button will show you a list of clauses you can add:
When you’re done adding services, click on the Next button at the bottom of the page. You’ll now need to enter your company’s name and address, then click on Next again:
On the final screen, you’ll find options to embed your policy into your website:
Website privacy policies don’t get the spotlight they deserve. However, they’re essential elements of any website that takes data protection regulations seriously. On top of enabling you to keep your operations above board, privacy policies also outline how your site handles personal information, which should help put visitors’ minds at ease.
TermsFeed: This simple service enables you to create a basic policy through a questionnaire.
I have recently been setting up MSP Control (formerly WebsitePanel) on my new CFML Developer server. Unfortunately, it doesn’t support MariaDB out of the box and so won’t detect if you have it installed. Fortunately, this is an easy hack.
Open up your MSPControl database in SSMS, and open the providers table.
Now find the MySQL providerID that matches your MariaDB install
i.e. MySQL 5.7 for MariaDB 10.1
Now add a new entry into the SERVICES table, using the providerID you got from the last step and the appropriate serverID for the server you want to add it to. You get he ServerID from the servers table, or just edit the server in the control panel and get it from the URL.
Now just edit this server in MSP Control, and you should see MySQL listed, just edit and setup as you would MySQL.