|«« Sarcastic Dictionary (Part 1 of Many)||firstname.lastname@example.org no more »»|
I'm Ryan Lowe, a Software Engineering graduate living in Ottawa, Canada. I like agile software development and Ruby on Rails.
I write this blog in Canadian English and don't use a spell checker. Typos happen.
» Full-time Ruby on Rails freelancer
» Full-time with Rails since May 2005
» Former committer for RadRails (now Aptana)
» I also have a few Rails side-projects in development:
1. wheretogoinTO.com Toronto nightlife
2. Hey Heads Up! TODO list and sharing
3. Layered Genealogy family history research
4. foos for foosball scoring
5. fanconcert for music fans (on hold)
Hiring Rails developers? I can telecommute by the hour from Ottawa, Canada
»» Email: rails AT ryanlowe DOT ca
Now hosted on Hey! Heads Up -- check it out!
Derek Lowe's (Ryan's older brother) words at Ryan's funeral
email@example.com no more
Forging Email Headers: Good, Bad or Ugly?
Sarcastic Dictionary (Part 1 of Many)
Twisting Rails is Risky Business
Risky Business? My Take on Early Alphas
Whoa, it's August 2007
A Postscript to "Growth at the grassroots"
»» All Blog Posts
David Heinemeier Hansson
James Duncan Davidson
Signal vs. Noise
Amy Hoy: (24)slash7
Luis de la Rosa
Forging Email Headers: Good, Bad or Ugly?
My new Ruby on Rails project Hey! Heads Up (H! for short) sends quite a bit of email to notify people about updates from others. Should those updates appear to come from H! or from the person that triggered the notification? I don't know enough about email to answer that question but I'll outline the problem and you can let me know what you think.
Hey! Heads up lets you manage "temporary" links. They are temporary because you don't know if you want to keep them yet or not. Maybe someone sent you an article/video/website but you don't have time to check it out. You'll still want to keep track of it until you do read it but do you really want to bookmark it in the browser or on a site like del.icio.us? H! is a "TODO" list of these temporary links, so you can prioritize them.
Once you do check out the article, H! lets you send it to other people that use H! (and soon to anyone by email). When H! "sends" the item the other people are notified by email that there's a new item in their H! incoming list. Right now this email appears to be from Hey! Heads Up <firstname.lastname@example.org>. Replies to this email address get forwarded to me, the website administrator.
But there are all sorts of problems with this approach to notifying by email, primarily spam filters. Many people are now filtering email by their contact list and/or a whitelist to reduce spam. Unless email@example.com is on their whitelist, people don't get H! notifications.
So my question is: would it be better to "forge" these notification emails to appear as though they are coming from the sender of the item? Presumably these people are already in the contact lists of the people they are sending H! items to, so the notification has a much better chance of making it through the spam filters.
As well, seeing a notification coming from a specific person instead of firstname.lastname@example.org for everyone could make it easier to sort and prioritize these notification emails in a person's email inbox.
Why is forging emails bad? Some spam filters could flag emails sent by mail software from one domain (like heyheadsup.com) and forged with a "from" with another (like gmail.com). But I've seen the technique used in a lot of places, so it's hard to say how much it is frowned upon. As a website creator, forging emails would essentially be sending emails on a person's behalf.
How about the industry leaders? Facebook's notification emails have a from text that looks like: Facebook <email@example.com>. The strange reply address could be used to sort feedback but otherwise it's a little confusing. To top it off, using a similar-but-not-quite-the-same-domain (facebookmail.com instead of facebook.com) for emails is a common phishing technique.
Are there more precedents? Is there any consensus? Opinions are appreciated. Would you want a site to send notification emails in your name?
BTW, if you want to give H! a try it is in alpha testing. Fire me an email at blog[at]ryanlowe[dot]ca to join the alpha test group.Posted at October 19, 2007 at 12:22 PM EST
Last updated October 19, 2007 at 12:22 PM EST