//collapse mobile menus
How to reliably send email from your website

How to reliably send email from your website

How to reliably send email from your website 3
Solving email delivery problems

Almost all websites need to send out emails for one reason or another, the most common reason being your contact form, but there are plenty of other emails which website owners often do not consider when checking email deliverability, such as:-

  • Notifications to your blog or newsletter subscribers.
  • Plugin notifications
  • Notifications, warnings or reports from your security plugins
  • comments on blog posts
  • Register emails
  • Password reset emails

There are many issues which can affect your outgoing email deliverability and getting your website to send out emails reliably can sometimes be a problem.

Some of the common questions I see on my WordPress groups include:-

  • “why are emails from my website going into junk mail folder”
  • “I am not receiving emails from my contact form”
  • “emails from my website have vanished”

Here I will cover some of the things you need to check and configure to ensure that email from your website is sent reliably.

Check email FROM address

This is one of the most common causes I find when troubleshooting email issues for clients.

When you send out email from your website, you must make sure that the email is sent FROM your own domain, i.e. the domain of the website where the email is being sent from.

I will often find that clients have set their forms to use the email address of the person filling in the form. As a result, the email is going to fail any authentication checks and will be flagged as spam or blocked (see below).

If you want to be able to reply directly to the person who completed the form, then you should set their email as the REPLY-TO header instead. Most form plugins will allow you to do this.

Email Authentication

One of the key factors in making sure your email does not get flagged as spam and your domain does not get blacklisted is email authentication. There are multiple authentication methods available, which include SPF, DKIM and DMARC.

SPF is the most widely deployed solution and should suffice for the purpose of this article, so is the only one I will discuss here. However, I would suggest that you follow the links above and educate yourself on all the methods to further mitigate spam and blacklisting problems.

SPF (Sender Policy Framework)

How to reliably send email from your website 4

What it is: SPF is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send mail from that domain.

How it works: Brands sending an email will publish SPF records in the Domain Name System (DNS). These records list which IP addresses (servers) are authorized to send email on behalf of their domains.

During an SPF check, email providers (MTA’s) verify the SPF record by looking up the domain name listed in the “envelope from” address in the DNS. If the IP address sending the email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication and thus receive a spam score.

There are no specific rules about how to treat an email failing an spf check. Different providers (MTA’s) will apply different rules, some will just give it a spam score and some will reject the email altogether.

Why it matters: An SPF-protected domain is less attractive to phishers, and is, therefore, less likely to be blacklisted by spam filters, ensuring legitimate email from that domain is delivered.

Your SPF records must cover all servers/IP’s that will send mail for your domain. You can use the SPF wizard to create your SPF record.

Backlist Monitoring

is your domain blacklisted
Is your domain blacklisted

Blacklists are another common issue that most website owners are not aware of. Server IP addresses and domain names often get blacklisted due to sending spam, which results in your emails being blocked.

Most mail servers (MTA) will be set to check a number of blacklists for each incoming email, and if either the sending MTA or domain is on any of those blacklists, this will increase the spam score. Different providers will use different blacklists and apply different scores.

This is a common problem for hosting providers, especially where everything related to your domain is hosted on the same server, which is the setup for most hosts.

So if any other customer on the same server is sending out spam, or their website gets hacked, then this will affect your domain reputation as well.

I recommend that you setup blacklist monitoring for your domain in order to keep tabs on this problem.

There are a ton of blacklist monitoring services out there, but the ones I use are MX Toolbox and Hetrix Tools.

This is one reason why I do not recommend to use your web server for sending email, instead use an external service (see below).

Use external SMTP relay service

SMTP Relay Services

Due to the reasons mentioned above, and for general email reliability and business continuity, I generally recommend separating your email from your website hosting and using an external email provider such as Google G Suite or at the very least an SMTP relay service for your website email.

There are several SMTP plugins available for WordPress which make this extremely easy.

If you choose to send through SMTP using your an email account that is hosted on the same server as your website, this may not solve your problem due to the reasons mentioned above.

Gmail or G Suite

If you use Gmail or g suite, then you can use this account for relaying email from your website too. However you should be aware of the following caveats.

  • The Gmail sending limit is about 100-150 emails per day via SMTP. The limit via the Gmail interface is 500 per day.
  • The limit for G Suite accounts is 2000 emails per day, which is more than enough for most sites. See here for more details.
  • If you use your own email account to send smtp mail, remember that changing your email password, this will break outgoing email from your website, so you must remember to also change it on your website too. It is better to have a separate email account just for sending email from the website.

If you are a G Suite customer, then you can also use their SMTP relay service instead, which would be preferable.

If you use WordPress then I suggest using the gmail-smtp plugin, which uses OAuth to send emails instead of authenticating with your username and password, which solves a number of issues, including the one mentioned above.


Mailgun is a popular solution, as they allow up to 10,000 emails per month for free, which is more than enough for most websites. You also lots of advanced features such as mailing lists, tracking, bounce processing, logs, analytics and more.

As with any bulk email relay service, they are sending millions of emails per hour, and their IP’s do get blacklisted, which can cause some issues as they do not do a brilliant job of monitoring the blacklists and getting IP’s removed.

However they do have the option of a dedicated IP address if you are willing to pay, which means you are the only domain sending email from that IP address, so the only person that can get you blacklisted is you.

Other SMTP Relays

There are a ton of other SMTP relay providers out there to choose from such as Sendgrid, sendinblue, mailchannels, smtpauth etc, depending on your requirements and budget. Just do a Google search and take your pick.

If you need any help with email authentication, blacklist removal, mailing lists or anything mentioned here, feel free to get in touch.

Google Find My Device not working

Google Find My Device not working

Ever since Google updated its “find my device” page for Android a couple of years ago, it has not been working for us.

We would still get the old version of the page with a message saying “This page cannot load Google maps correctly”.

Google Find My Device not working 5
Google find my device page

Clicking on the “try the new and updated find my device” link, would just redirect back to this same page.

The issue only affected my g suite account but not my regular, free, gmail account.

I tried contacting Google support back when I first noticed the issue but did not get anywhere since this is not a supported service.

Today I thought I would give it another try, and this time I got through to an agent more willing to help, and finally, we solved the mystery.

In your Google g suite admin you need to enable the “user device wipe on android” option.

Google Find My Device not working 6

This can be found under Device Management -> Android Settings -> General settings.

Check this box and click save, and you should now be able to access the new “find my device” page.

This is obviously a rather cryptic setting, and there is no logical reason why not enabling this option should just keep redirecting you to the old and broken find my device page. However the Google support agent did say it was “intended behaviour”.

Google discriminates against small businesses

Google discriminates against small businesses

Google discriminates against small businesses 7
Does google live up to it’s own motto “Don’t be Evil”

Part of getting your business seen online is SEO, and an important part of this is getting your business registered with Google my business and Google maps.

Not only have I had to do this for my own business and my wife’s business but it is a service I provide to clients. When it works, this is a simple process, which involves Google sending a postcard to the business address with a code on it, which you then use to verify the business address.

However, sometimes the postcard doesn’t turn up, or some miscreant might report your listing and claim it is fraudulent or misleading and gets it suspended for review, at which point you have to contact Google my business support and request manual verification, which is where things get ridiculous.

You would be quite right to think, why on earth would Google discriminate against small businesses, this makes no sense and completely contradicts the whole purpose of Google my business.

Yet I have had this issue myself a few times now, and most recently when I changed my own listing to add my virtual office address.

According to Harisha at Google my business support, in order to pass the manual verification, every business must provide photos of their premises, must have their own dedicated entrance which is not shared with other businesses and must show signage with the company name in front of the building, WTF?

Google discriminates against small businesses 8

These requirements are clearly unfair, unethical and discriminate against every small to medium businesses in the world that uses shared/managed office spaces, people who work from home (including disabled people) or have virtual offices.

There are 125 million formal micro, small and midsize businesses in the world, including 89 million in emerging markets. How many of those do Google think have their own building, with their own entrance and signage?

What makes this even more illogical is how disparate this is from the automated postcard method. As long as you can receive that postcard with the verification code on it, then no other evidence is required, your office could literally be in your garden shed.

This means that most of the businesses already listed on Google (using the postcard method) do not meet these supposed requirements either, which I couldn’t actually find any mention of on the Google my business eligibility guidelines by the way.

Quite ironically, as I pointed out to Harisha, this also includes all the other business that reside at the same managed offices as myself.

So what’s the solution?

In the case of the postcard not turning up, I suggest trying a few more times before giving up. In my most recent attempt, I had to request the card 5 times before it finally arrived (thankfully bypassing this issue).

If you just cannot get that card or have your listing suspended for some other reason, and really have no other choice other than to comply with Google’s unfair demands, then Photoshop is your friend (nudge nudge, wink wink).

If you do not have the skills to manipulate images yourself, just pop along to fiverr.com and you will find someone willing to do some image manipulation for $20 or less 🙂

My Facebook account was disabled, WTF?

My Facebook account was disabled, WTF?

My Facebook account was disabled, WTF? 9

I got a big shock this week, I went to login to my facebook account only to be met with the dreaded “Account disabled” message.
Why the heck had my account been disabled?

I was very confused at first since I had received no warning or notifications and I could not think of any reason why. Then later that day, I got an automated email from Facebook. The short answer, because their AI (Automated Idiot) system is seriously flawed, screwed up, and incorrectly banned me for copyright infringement that never happened.

The long answer

I did some work for a client a few months back, and this client screwed me over and refused to pay me for any of the work I had done, but continued using the logos I had created on his facebook page (and other places).

As per the law and my terms and conditions, I still owned all intellectual property rights (IPR), which I reminded him of and asked him politely to stop using the images and remove them from his Facebook page, which he ignored. So I submitted copyright infringement reports to facebook to get the images removed.

The images in question were removed by Facebook, but that same automated AI also came to the ridiculous conclusion that I was the one committing the copyright infringement instead of the person reporting it and claiming copyright, and subsequently disabled my account for infringing my own copyright on my own images.

In addition, it seems that once you have been disabled, Facebook will do whatever it can to stop you from creating a new account. Any attempt to do so thus far had resulted in each account being disabled within 24 hours. Presumably, they are picking up the name and ip address or possibly the Windows tracking ID.

This is clearly completely unwarranted and unethical behaviour by Facebook to disable accounts in this way with ZERO verification of facts and way to get a mistake reversed. It also causes a bucketload of other problems as Facebook is the only method I have for contacting some people, it is also my default login (Single Sign On) method for multiple websites, meaning I can no longer get into those websites either.

I also had multiple business pages for my various websites, plus I also managed pages and ad campaigns for clients, all of which are also now gone.

What can I do about this? Nothing it seems, as the entire Facebook system, is completely automated and there is no human being to interact with. No one to contact, no email addresses, no phone numbers, nothing. So when Facebook F*cks up, you simply have to live with their mistake and suffer the consequences. You cannot get more unethical than that.

I have written a letter to the Facebook UK HQ based in London, explaining the obvious mistake their system has made, in the hope someone with morals and ethics might read it and care enough to sort it out, but I won’t hold my breath as Facebook do not have a reputation for being either caring or ethical.

If anyone reading this happens to know someone at Facebook who can fix this screw up, please send me a message.

The other very worrying thing I realized from this whole situation, is how open to abuse Facebook’s system is. It is obviously very easy to get someone banned from facebook simply by submitting a bunch of bogus complaints about them, which the automated system will blindly believe without any kind of validation or human interaction.

UPDATE 2nd May 2019 : My account has been re-enabled

I got a surprise today when my wife told me that my profile was back online.

I have no idea how or why, but clearly someone I contacted has resolved this for me, so thank you to that person.

For the benefit of anyone else who finds themselves in this situation, here are the various actions I took to try and get my account reactivated.

  • I owned multiple appeal cases, which resulted in a canned response. But I replied to that email every single day. I doubt this was ever read by a human being though.
  • I continued to reply to the original emails I received regarding the copyright infringement.
  • I sent continued emails to the facebook abuse address
  • I sent a message to the Facebook business page
  • I wrote a letter to the Legal Dept at the Facebook London office and sent it recorded delivery.
  • I looked up Facebook employees on Linkedin and sent tweets and emails to several people listed as management.

I am inclined to believe it is the letter that did the trick.

I have now taken the precaution of creating a backup Facebook account using a completely different name, email address, phone number etc, and giving that user ADMIN rights on my business and all my pages. So if this ever happens again, I won’t lose access to anything.

Update 10th May 2019

My Facebook account was disabled, WTF? 10

I received this canned response template letter from Facebook’s London office today, basically telling me that the website is nothing to do with them and they have no control over it or access to user accounts, so I have to contact Facebook in Ireland.

So clearly they are not the ones who re-activated my account. So I therefore must assume that it was one of the people I emailed or tweeted who resolved it for me anonymously.

How to create a privacy policy for your website

How to create a privacy policy for your website

How to create a privacy policy for your website 14

Privacy policies are one of the most overlooked aspects of most websites. If you stop to look around most of the popular sites you visit, you’ll find they all have unique privacy policies (though the specific page’s traffic is usually low). Even so, these documents are important if you want your website to comply with local and international regulations.

More importantly, you don’t need to be a lawyer to add a thorough privacy policy to your website. In this article, we’ll talk more about why privacy policies are significant and we’ll teach you about some essential clauses. Then we’ll introduce you to three tools you can use to help you create a privacy policy for your website.

Let’s talk privacy!

What Privacy Policies Are (And Why They’re Important)

Privacy policies can look intimidating, but you should always read them when possible.

Privacy policies are legal documents informing users what you do with their data. For example, if you collect email addresses, names, and birthdays during the user signup process, you need to tell users what happens with their information. For example, some websites might use it for internal purposes only (such as customer profiling). Others might sell the information to third-party services, in which case consent is necessary.

As you’ll be aware, privacy policies are usually skipped over by the majority of visitors. However, there are several benefits to adding one to your website:

Although some countries don’t require the use of a privacy policy, you can still be held liable under international law for not following regulations. If you have European Union (EU) users, for example, you need to comply with the GDPR. Given the chances of getting fined for non-compliance, adding a privacy policy to your website is simple – and it’s a smart business move.

Ideally, you’d enlist the help of a lawyer to help you draft your privacy policy. However, that’s not a practical option for the vast majority of site owners. Knowing this, a lot of online services have sprung up to help fledgling websites craft basic privacy policies to cover their bases. However, before discussing them, let’s look at what your privacy policy should contain.

3 Clauses Your Website’s Privacy Policy Should Include

These three clauses won’t, in most cases, be enough to craft a well-rounded privacy policy. Think of them only as the basics that any such document should include. We encourage you to do further research into other critical clauses.

The next section will explore some tools to generate full privacy policies with little input from your end. Even then, it’s essential you have a working understanding of what their basics are.

1. How and What Type of Information You Collect

This clause is the bread and butter of privacy policies. It details the exact information you collect, and how. To recall our earlier example, you can get email addresses and names directly from signup forms. However, there is also data you can obtain without the user knowing. For example, Google Analytics tracks the user’s preferred web browser, which needs to be mentioned.

Ideally, visitors would take a look at this clause and decide if they’re comfortable using your services, but more pertinently, it covers your bases legally. Here’s an excerpt from a common privacy policy, discussing what type of information we collect and how we do it:

Personally Identifiable Information refers to information that tells us specifically who you are, such as your name, email address, or phone number. Downloading information or logging in may allow the Company to “recognize” you to allow us to personalize our service for you.

This first section discusses what we consider to be personal information, as opposed to anonymous data we might collect. It also mentions we may use the information to personalize your user experience. In our case, logging in is only necessary to download products you may have purchased, so it’s not obligatory.

2. What You Do With the Information You Collect

Plenty of websites engaged in the practice of selling or sharing user data. Other services use this to personalize content and ads, among other elements. Other potential applications include using the information to enforce terms of use, improving your website’s services, and more.

Regardless of the application, this clause is critical because although users may consent to share personal data, they might not be happy with how you decide to use it. Here’s a short paragraph from our privacy policy outlining our general use of private information:

For our Clients, we use personal information mainly to provide the Services and contact our Clients regarding account activities, new version and product offerings, or other communications relevant to the Services. We do not sell or share any personally identifiable or other information of End Users to any third parties, except, of course, to the applicable Client whose website you are using.

For example, if your ZenMSP service is about to expire, we send you an email reminder. In this case, we’re using your personal information to provide an update.

In any case, if you’re not comfortable with the way a website uses your information, the GDPR outlines the ‘right to be forgotten‘. This means sites are bound by law to delete your information if you ask them to cancel your account, for example.

3. Your Use of Cookies

Cookies are files on your computer that contain personal settings for specific websites. The term itself supposedly comes from ‘magic cookies’, which are a type of token used by UNIX-based Operating Systems (OS).

In any case, websites use cookies to track what you do within them. For example, cookies enable you to stay logged in even if you leave the website (although there are limitations). According to the European Union’s Cookie Law and new ePrivacy Regulation, sites need to inform visitors about their use of cookies and provide an option to disable them. Here’s an excerpt from a privacy policy’s section on cookies:

We use cookies, tracking pixels and related technologies on our website. Cookies are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalize the website. Also, cookies may also be used to track how you use the site to target ads to you on other websites.

The above explains how  cookies are used and what they are. Later on in the policy, we would also discuss how you can opt out of using cookies, including those served by third-party services on our website (such as Google and MailChimp).

3 of the Best Privacy Policy Generation Services to Consider

Although we fully recommend the services we include in this section, you should always review the language of any privacy policy you generate with any of them, just to be safe. Let’s take a look at the options.

1. iubenda

How to create a privacy policy for your website 15

iubenda is an online website privacy policy generator that stands out thanks to its ease of use. It uses modules to help you pick the exact clauses your privacy policy should include, and adjust their terms depending on which services you use. For example, if you’re part of the Amazon Associates program, you can add the necessary language to your policy with a single click.

Key Features:

  • Uses simple module system to build a comprehensive privacy policy.
  • Lets you customize your policy using your company’s information.
  • Enables you add necessary clauses for several popular third-party services, including Amazon Associates and Google Analytics.
  • Provides automatic updates to your policy based on any new regulations.

Price: Free and paid plans available | More Information

2. TermsFeed

How to create a privacy policy for your website 16

TermsFeed enables you to generate basic privacy policies in minutes, and customize them using your site’s information. Each time you want to create a new policy, the service will walk you through a questionnaire to help you determine the clauses you need. When the process is over, you’ll receive your new policy via email in seconds. The platform also offers you the option of updating your policies automatically as laws change.

Key Features:

  • Enables you to generate custom privacy policies using a simple questionnaire.
  • Lets you adjust your policy to comply with national and international laws.
  • Provides automatic policy updates whenever the law changes.

Price: Free and paid plans available | More Information

3. Shopify’s Privacy Policy Generator

Shopify's Privacy Policy Generator.

Shopify’s Privacy Policy Generator is a bit more narrow in scope than the other tools we’ve discussed. Its clauses are tailored for Shopify websites specifically. However, you can generate one of their policies in seconds and use it to check out essential clauses regarding how to deal with payment information.

Key Features:

  • Lets you generate a privacy policy for your Shopify store.
  • Enables you to outline how you deal with customer payment information.
  • Gives you the ability to customize your privacy policy based on your store and its location.

Price: Free, but you need a Shopify subscription to get the most out of it | More Information

How to Create a Website Privacy Policy Using iubenda

For this portion of the piece, we’ll use iubenda given its ease of use and reasonable pricing structure. To get started, go to the service’s home page and click on the GENERATE YOUR POLICY button to the top right of the page. On the next window, enter your website’s URL and click the blue button:

Entering your website's URL.

The service will ask you to register a free account or log in using Facebook. Either way, when you’re in, you’ll see an option to add any services your website uses to your privacy policy:

Add new services to your privacy policy.

Clicking on the button will show you a list of clauses you can add:

A sample of the services you can add to your privacy clause.

As you include more services, they’ll be added to your privacy policy automatically. You can preview it at any time by clicking on the Preview widget to the right of your dashboard:

Previewing your privacy policy.

When you’re done adding services, click on the Next button at the bottom of the page. You’ll now need to enter your company’s name and address, then click on Next again:

Entering your company name and address.

On the final screen, you’ll find options to embed your policy into your website:

Embedding your privacy policy into your website.

That’s it! If you’ve included all aspect of how you collect data, your privacy policy will be good to go. Do remember to give it a full read before publishing it, though!


Website privacy policies don’t get the spotlight they deserve. However, they’re essential elements of any website that takes data protection regulations seriously. On top of enabling you to keep your operations above board, privacy policies also outline how your site handles personal information, which should help put visitors’ minds at ease.

If you don’t know where to start when it comes to creating a website privacy policy, here are three online generators that are easy to use and feature-packed:

  1. iubendaA module-based privacy policy generator that supports dozens of third-party services.
  2. TermsFeedThis simple service enables you to create a basic policy through a questionnaire.
  3. Shopify’s Privacy Policy GeneratorThis generator is tailor-made for Shopify stores.

If you still need help, then feel free to contact me.

Add MariaDB support to MSP Control

Add MariaDB support to MSP Control

I have recently been setting up MSP Control (formerly WebsitePanel) on my new CFML Developer server. Unfortunately, it doesn’t support MariaDB out of the box and so won’t detect if you have it installed. Fortunately, this is an easy hack.

  1. Open up your MSPControl database in SSMS, and open the providers table.
  2. Now find the MySQL providerID that matches your MariaDB install
    i.e. MySQL 5.7 for MariaDB 10.1
    Add MariaDB support to MSP Control 19
  3. Now add a new entry into the SERVICES table, using the providerID you got from the last step and the appropriate serverID for the server you want to add it to. You get he ServerID from the servers table, or just edit the server in the control panel and get it from the URL.
    Add MariaDB support to MSP Control 20
  4. Now just edit this server in MSP Control, and you should see MySQL listed, just edit and setup as you would MySQL.
  5. Now you just enable MySQL on your hosting plans.