Sending Mail to Hotmail Users?

Cafesolo wonders: "I'm developing a web application using PHP. It has a user registration system that sends a link via email to activate new accounts. I've found that sending mails to Hotmail accounts is very difficult, because the spam filter is very strong and it filters lots of non-junk messages. I think the spam filter blocks any email whose domain isn't in an internal whitelist (which might contain popular domains, like hotmail.com itself, gmail.com, yahoo.com, msn.com, etc). Most of my users have Hotmail emails. I can't simply tell my users to read the junk folder because most of them are not computer-savvy and that seems to be a bit confusing to them. Has anyone managed to solve this problem? Did somebody try to contact Microsoft? Is there any way to get whitelisted? Can an independent programmer get his domain whitelisted?"

See slashdot article...

[crazyjeremy]

Did you see this article? http://yro.slashdot.org/yro/04/05/05/1237245.shtml [slashdot.org]?
Also, have you tried sending the email spoofing the receivers email address? You can set the "from" header to their own address. Of course, this won't help ip based whitelists, but it will help many emails make it through for some mail hosts (few users block their own email address)

Re:See slashdot article...

[Spazmania]

Also, have you tried sending the email spoofing the receivers email address?

Never do this. Forging the return address is one of the few things that actually is illegal.

Tools are available

[Anonymous Coward]

Welcome to my world. I work on email deliverability for a financial services company, so no, I'm not a spammer. Hotmail makes two tools available to you to help you get your email delivered:

MSN Smart Network Data Services: http://postmaster.msn.com/snds/ [msn.com]
This will let you put in your SMTP's IP address and it will give you consolidated stats on how much mail was received, and how much was filtered as spam.

Sender Score Certified: http://www.senderscorecertified.com/ [senderscorecertified.com]
This company will "certify" you as a safe sender, and Hotmail will let your emails in unfiltered. The catch is you have to pay for this.

Good luck. It isn't easy, but at least there are some tools at your use.

Re:See slashdot article...

[Violet Null]

I've run into this same sort of problem, and I've discovered that spoofing the from address is a really, really bad idea; there's a sizable chunk of mailservers that will reverse DNS the IP address they're receiving the email from, and if it doesn't match the domain in the from address, they'll reject it.

Do yourself a favour

[Bogtha]

Grab something like SpamAssassin, and set it up to add headers telling you what rules have been triggered. Then send an email from your web application to that account, and examine the headers. While Hotmail probably don't use the exact same rules as SpamAssassin, it's an easy way to spot obvious stuff for you to fix. For example, using too much HTML, particular phrases, too many capital letters, being on blacklists, etc, can all be remedied by you without Microsoft's involvement.

I also seem to remember that Hotmail strongly discriminates against senders who don't have SPF set up, so it's probably a good idea to enable that for your domain.

Add a SPF record.

[Utopia]

My domain has a SPF record and I never had issues sending email to anyone on hotmail or other services.

See:
http://www.microsoft.com/mscorp/safety/content/tec hnologies/senderid/wizard/ [microsoft.com]

&
http://openspf.org/wizard.html [openspf.org]

Re:Tools are available

[doti]

Also check:
http://wiki.apache.org/spamassassin/AvoidingFpsFor Senders [apache.org]
http://www.senderbase.org/ [senderbase.org]
http://www.truste.org/ [truste.org]
http://www.bondedsender.org/ [bondedsender.org]

It's Probably Your Headers

[Anonymous Coward]

I've noticed that Hotmail is very particular about the headers you send along with the message. If you send the message as a content-type: text/plain and specify a valid Message-ID, it should get through. Here is what I use for extra headers:

$PlainMailHeaders= "MIME-Version: 1.0\r\n"
. "Content-Type: text/plain\r\n"
. "Content-Transfer-Encoding: 7bit\r\n" ."Message-ID: \r\n";

Hope it helps.

Helpful suggestions

[Spazmania]

1. Publish an SPF record. For a custom setup like yours, you can choose a subdomain just for your application and publish a record just for it, even if you don't want to use SPF for the main domain.

2. Process the bounces. Hotmail notices and ranks the source accordingly.

3. Make sure the reverse DNS for your server matches the forward DNS and that both resolve to a server name that is not obviously a dynamic IP address. Mail from a machine named customer43.dsl.bigisp.com tends to get weighted as spam for reasons which should be obvious.

Re:Add a SPF record.

[Keeper]

I'll second that. Awhile back there was a big broohaha about how Hotmail was going to crank up the sensativity of spam filters run on mail from domains without SPF records.

Re:See slashdot article...

[Anonymous Coward]

And what law may this be?

The CAN-SPAM Act [wikipedia.org], actually. Deliberately falsifying headers is a direct violation.

Don't be such an insufferable smartass ... when you're wrong.

Re:See slashdot article...

[19thNervousBreakdown]

(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly--
...
(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,

So, it's only illegal if it's for commercial purposes, and unless I'm reading it wrong, you're fine even then as long as it's within your state and the affected business is also within state.

Re:See slashdot article...

[Spazmania]

unless I'm reading it wrong

You're reading it wrong.

"Whoever, in or affecting interstate or foreign commerce, knowingly" is pretty close to boilerplate. Judicial precedent has interpreted it to mean "virtually everything except for very rare circumstances where there is no possible tangential connection that pushes it over state lines." A grain of sand is covered in this language because it could reasonably be caught in someone's shoe and carried to another state. No, really, how do you think the EPA gets its authority to regulate solid waste despite the supposed constitutional seperation?

"Multiple commercial electronic mail messages," reads as "more than one message that's neither personal nor from a registered tax exempt organization."

"Intentionally initiates the transmission," means it wasn't done by a hacker controlling your computer.

Re:See slashdot article...

[kv9]

i had the exact same problem with yahoo mail ending up in the bulk folder (mailserver ip was X-YahooFilteredBulk). it was easily fixed by contacting support and filling out a hefty form. so, your best bet is (surprisingly enough) tech support. i'm sure even MS has people that can help you with that.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Very big assumptions.

[Jasin Natael]

Exactly. When I need to do a mass-mailing from my PHP apps, I use a custom class that emulates some of the sendmail interface by opening a socket to a SMTP host. See 'fsockopen' in the PHP docs -- SMTP is super-simple, and if you want, I'll share my class source with you.

You just have to make sure that your production server has a trusted connection to the MTA, or write a few lines of code to authenticate against the server. Also remember that one thing that really pisses SPAM filters off is when you try to forge headers to make it look like your mail came from a desktop mail client like Outlook or Thunderbird. If your message says "I came from Outlook", and then doesn't put the headers in the same order as Outlook, or uses encodings or MIME organization that Outlook wouldn't, expect it to get dumped pretty quickly by Bayesian algorithms.

Re:Very big assumptions.

[bogeskov]

I don't know if this is the one you are referring to, but I use http://dnsreport.com/ [dnsreport.com] for the quick list of problems, and http://www.dnsstuff.com/ [dnsstuff.com] for the rest.