• Hi,

    Great plugin. Very easy to use.

    But my emails are flagged by gmail with a nasty warning “This message may not have been sent by…”

    It looks like there are two ways to solve it DKIM or SPF. Is there any chance you can provide suggestions for integrating one of these methods into email-users?

    Thanks!

    https://www.ads-software.com/plugins/email-users/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Mike Walsh

    (@mpwalsh8)

    Google flags email like that when the headers added by the underlying mail transport don’t match what Email Users has added based on how the plugin is setup. This is very common on shared hosting where the mail headers added by the MTA don’t resemble ayting similar to the domain for the sender.

    I am not familiar with DKIM nor SPF – if you can point me to something I’d be happy to read up on it.

    Thread Starter mirgcire

    (@mirgcire)

    Thanks for the very prompt reply.

    Here is a link I got from gmail: https://support.google.com/mail/troubleshooter/2411000?p=sent_warning&rd=1

    Here is another one if that doesn’t work: https://support.google.com/mail/answer/180707?hl=en

    probably both should be good.
    Thanks
    -Eric

    Plugin Author Mike Walsh

    (@mpwalsh8)

    I took a look at these two things and the issue you’re running into is the second item under the “Why is this message being shown?” section of the first link you posted:

    The sender emailed it through a website (for example, a website sharing a news article with you)

    I read through some of the second link and I am not sure how you’d implement DKIM for WordPress specifically. If I understand it, you need to implement DKIM at the server level.

    Thread Starter mirgcire

    (@mirgcire)

    You are the expert. Not me.
    But I am curious how you came the conclusion that it is server based.

    Here are the reasons I came to the conclusion that this is a capability that needs to be implemented in the sender.

    1) On the gmail site (https://support.google.com/mail/answer/180707?hl=en)

    If you’re a sending domain

    Messages with DKIM signatures use a key to sign messages. Messages signed with short keys can be easily spoofed (see https://www.kb.cert.org/vuls/id/268267), so a message signed with a short key is no longer an indication that the message is properly authenticated. To best protect our users, Gmail will begin treating emails signed with less than 1024-bit keys as unsigned, starting in January 2013. We highly recommend that all senders using short keys switch to RSA keys that are at least 1024-bits long.

    The way I read this is that the sender (such as “Email Users” and “Mail Chimp”) need to add the signature to the email messages that they send.

    2) MailChimp claims they support it: https://mailchimp.com/about/authentication/

    Actually, they claim to support four different signing protocols.

    3) When mailchimp sends mail to my mailing list, this warning is not triggered.

    I am not trying to be right. I just want to figure out how I can use your plugin, because I can’t find anything else that works as nicely on the wordpress side.

    I suspect that the implementation of any authentication method is going to require installing keys on a server, and providing key to the users.

    Thanks for looking into this.

    Plugin Author Mike Walsh

    (@mpwalsh8)

    The reference to signature above is not the same as the type of signature you insert (manually or automatically) into your email. If you read through the links you pointed to there is discussion about configuring DNS records and things like that which are way outside the scope of WordPress much less a WordPress plugin.

    MailChimp has built all this in to their server architecture but they have an article which explains what you need to do if you want to take it on yourself. The process outlined in this MailChimp technote is essentially what you need to do with your own web server to implement authentication.

    Unless there is something I’ve missed completely, there isn’t anything you can insert into a mail header or body (e.g. a signature) which implements authentication as you’ve outlined it.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘This message may not have been sent by…’ is closed to new replies.