Guilty by association to spam
Date: 12/08/06
(PHP Community) Keywords: php, html, database, web, spam, google
I've got an interesting problem that's stumped both the senior programmer and me.
Situation:
A user is looking for a company to provide a service, they find our site at or near the #1 position on a google search result, they find a company where they need the service done, and they send a request for a quote via a php form. The form processes this request, logs it into the DB, and at a set time, that record is dropped into a MTA. This is the problem.
`From: $UserProvidedEmailAddress`
Problem:
In an ideal world, this would be fine, but thanks to spam... this sets of just about every single spam filter I know of and then a day/week later we are suddenly blacklisted by everyone including our own email service provider. In the last two months we've had to call up the spam database companies and get taken off the list (after a day or week of them doing necessary investigation to find we are in fact not spamming). The next logical step would be to replace the from field with a real email account like `info@ourserver.com` and then put the user provided email address in the `reply-to:` field of the email header instead. But my senior argues that we will still set off the spam filters and I agree and I can't see how to fix this.
So to review:
There are 3 parties involved in these script generated emails.
Customers who provide us their email addresses via the form. We protect the email addresses and flush them after 60 days (legal reasons)
Advertising clients who pay us to get these emails from our top listed site.
Ourselves, all transactions are bcc to us so we can track initial user to advertiser interactions and make sure we are providing the product our clients are paying us for( customers and web presence)
Why:
My employers want to keep it as simple as possible for our clients to respond to potential customers, hence the customer email address in the from field. But that doesn't work because of spam.
Thoughts:
Also, we can't put advertising client email addresses on the site or make them accessible to humans because spam-spiders will get them and proceed to spam the client's.
My senior has written a working prototype for an in-site messaging system using rails, but the fear is that some of our clients are to lazy/stupid to use it... I agree, some of these people are pretty dumb.
Another thought would be to put some sort of mailto: url in the emails, but not everyone uses html enabled email clients.
Source: http://community.livejournal.com/php/518711.html