« September 2007 April 2008 »
blog header image
# Forging Email Headers: Good, Bad or Ugly?

My new Ruby on Rails project Hey! Heads Up (H! for short) sends quite a bit of email to notify people about updates from others. Should those updates appear to come from H! or from the person that triggered the notification? I don't know enough about email to answer that question but I'll outline the problem and you can let me know what you think.

Hey! Heads up lets you manage "temporary" links. They are temporary because you don't know if you want to keep them yet or not. Maybe someone sent you an article/video/website but you don't have time to check it out. You'll still want to keep track of it until you do read it but do you really want to bookmark it in the browser or on a site like del.icio.us? H! is a "TODO" list of these temporary links, so you can prioritize them.

Once you do check out the article, H! lets you send it to other people that use H! (and soon to anyone by email). When H! "sends" the item the other people are notified by email that there's a new item in their H! incoming list. Right now this email appears to be from Hey! Heads Up <help@heyheadsup.com>. Replies to this email address get forwarded to me, the website administrator.

But there are all sorts of problems with this approach to notifying by email, primarily spam filters. Many people are now filtering email by their contact list and/or a whitelist to reduce spam. Unless help@heyheadsup.com is on their whitelist, people don't get H! notifications.

So my question is: would it be better to "forge" these notification emails to appear as though they are coming from the sender of the item? Presumably these people are already in the contact lists of the people they are sending H! items to, so the notification has a much better chance of making it through the spam filters.

As well, seeing a notification coming from a specific person instead of help@heyheadsup.com for everyone could make it easier to sort and prioritize these notification emails in a person's email inbox.

Why is forging emails bad? Some spam filters could flag emails sent by mail software from one domain (like heyheadsup.com) and forged with a "from" with another (like gmail.com). But I've seen the technique used in a lot of places, so it's hard to say how much it is frowned upon. As a website creator, forging emails would essentially be sending emails on a person's behalf.

How about the industry leaders? Facebook's notification emails have a from text that looks like: Facebook <notification+m1--ujud@facebookmail.com>. The strange reply address could be used to sort feedback but otherwise it's a little confusing. To top it off, using a similar-but-not-quite-the-same-domain (facebookmail.com instead of facebook.com) for emails is a common phishing technique.

Are there more precedents? Is there any consensus? Opinions are appreciated. Would you want a site to send notification emails in your name?

BTW, if you want to give H! a try it is in alpha testing. Fire me an email at blog[at]ryanlowe[dot]ca to join the alpha test group.

posted at October 19, 2007 at 12:22 PM EST
last updated November 0-, 2007 at 15: 2 PM EST

»» permalink | comments (2)

# Sarcastic Dictionary (Part 1 of Many)

Forgive the diversion, I have two new words for our ever-expanding English lexicon. Consider these my definitions, others may exist.

pre·tire·ment is when a person take themselves "off the market", moves from downtown to the suburbs and subsequently raises kids on a responsibly-attained fixed income. Fun is sometimes deferred until the retirement years and money is (again) responsibly saved to pay for it. Other features of pretirement include a mortgage, car lease payments, thirty pounds and a sudden interest in interior decorating.

As the name suggests pretirement often directly preceeds retirement, although this isn't always the case, see: born-again bachelor on page 862.

An un·ter·view or a re·cruit and switch occurs when a person is recruited to work at a company, but the company interviews the person as though they had applied for the job. The affect is amplified when the recruiter doesn't participate in the first interview and the reasons for recruitment in the first place are lost in the shuffle. Relatively common in the high tech industry.

Standard Disclaimer

Entries in the Sarcastic Dictionary volumes I through XIV are not to be taken seriously ...with the possible exception of volume IX, it's exceptionally biting.

posted at October 04, 2007 at 12:05 PM EST
last updated November 0-, 2007 at 12: 1 PM EST

»» permalink | comments (0)

Search scope: Web ryanlowe.ca