Mailinback like function in PMG ?

[PMB]

Hello all,

I've read the docs and searched the forums but found nothing.

Is there any way to have a function to reply back to the first e-mail we get from a new recipient with a link to confirm he is a real person? something like mailinback.com offers?

Can it be done it any of the existing options inside pmg?

Basicaly on the first time someone contacts you he gets a an e-mail back like this:

"Good moorning

You have just sent me an e-mail for the first ime. As a security measure my mailbox is protected byt the mailinblack anti-spam service.

For the delivery of your e-mail please click on the button and solve the captcha to prove you are not a robot"


Even something like "press this link" would be good

Can we get it with PMG ?

best regards,

Pedro

 

[BJ78945]

Hi,

this sounds like an good solution. But I can imagine that it is not as easy as you think. First of all there are a lot of mails from automatic systems. You must known them to whitelist them otherwise your users couldn't get this mails. For example password reset mails from webservices or forums, newsletters, invoices, etc. What is if someone changed the mail address from where invoices will be send?

The next problem is that your server will send mails to everyone which passed your spam filter. This will also be spoofed addresses, fake addresses or also spam traps in reply to. So your mailserver will loose its reputation really fast.

I think it is much better to relay on the service of an expert in this case instead of program some short code to bringe such a feature.

 

[Stoiko Ivanov]

Is there any way to have a function to reply back to the first e-mail we get from a new recipient with a link to confirm he is a real person? something like mailinback.com offers?

Not really - and currently I don't think that it would be a good feature:
* in case an actual person wrote the e-mail this functionality only causes mails to be delayed (and maybe some irritation with the person, who wants to send you a mail)
* in case it's just a bot I think that you should get quite close functionality wise by just enabling greylisting (which delays the first mail - and causes no delay as long as you are sending e-mails somewhat regularly)

 

[PMB]

Hey all,

Hi,

this sounds like an good solution. But I can imagine that it is not as easy as you think. First of all there are a lot of mails from automatic systems. You must known them to whitelist them otherwise your users couldn't get this mails. For example password reset mails from webservices or forums, newsletters, invoices, etc. What is if someone changed the mail address from where invoices will be send?

The next problem is that your server will send mails to everyone which passed your spam filter. This will also be spoofed addresses, fake addresses or also spam traps in reply to. So your mailserver will loose its reputation really fast.

I think it is much better to relay on the service of an expert in this case instead of program some short code to bringe such a feature.

I get the password reset problem, I sincerely do not know how mailinback works in that case but if it is a whitelist then it is a never ending whitelist with lots of maintenance.

Regarding the mail back, if they don't pass the spam filter then great, if they do then you have to train the spam filter better no? This could be a feature that you could turn on and off, so train the Spam first, then enable that option.

Not really - and currently I don't think that it would be a good feature:
* in case an actual person wrote the e-mail this functionality only causes mails to be delayed (and maybe some irritation with the person, who wants to send you a mail)
* in case it's just a bot I think that you should get quite close functionality wise by just enabling greylisting (which delays the first mail - and causes no delay as long as you are sending e-mails somewhat regularly)

If you are adding security then I think the mail delay won't be a problem.

Regarding greylisting I think it is a great feature but not sure it works that well.. The spammer only has to retry several times and the mail is delivered. Although spam is rapidly detected so maybe on the 2nd time the spammer retries it is already considered spam(?).. Hum... I think I answered my own question.

The idea is that the mailinback should add a spam score of, for example, -1 (not whitelisting) and those emails will always have a very low spam score.

The problem is what the latter said you do need to maintain a list where the forum and password recovery systems are allowed thru.


best regards,

P.

 

[BJ78945]

I had a deeper look with this. There is some Interface / App where the endusers have to verify the incoming mails. A lots of mails where proceed by users decisions and auto learning from the "cloud".

But for PMG there could be a feature to directly deliver known senders and all other will be on hold. In webgui the enduser could direct accept messages or click verify. Then an Mail will be send to the sender to verify and after this the enduser receives the mail. But first I don't think it is easy to handle and second again I think you can lose your mailserver reputation when you send bulk mails to spoofed / hacked addresses. So relay on a service from an company which implemented such a feature and well know what they do ist much better then implementing something in pmg.

 

[PMB]

I had a deeper look with this. There is some Interface / App where the endusers have to verify the incoming mails. A lots of mails where proceed by users decisions and auto learning from the "cloud".

This could be done under a New Quarentine section of PMG (something like Verify Senders Section for example).

But for PMG there could be a feature to directly deliver known senders and all other will be on hold. In webgui the enduser could direct accept messages or click verify. Then an Mail will be send to the sender to verify and after this the enduser receives the mail. But first I don't think it is easy to handle and second again I think you can lose your mailserver reputation when you send bulk mails to spoofed / hacked addresses. So relay on a service from an company which implemented such a feature and well know what they do ist much better then implementing something in pmg.

It could only send emails if the user says so. If not he can delete it or have it delivered. Basicaclly It woudl be an aditional option on the Quarentine Dashboard called "Verify". What it would do was send an email back to that recipient.

This could come disabled by default and you could enabled on demand.

best regards,

P.

 

[BJ78945]

Could be but the problems I see will not be solved. The User must decide who should be verified and sending bulk mails to a mass of mail addresses could decrease your reputation. Also this function will not protect you against spear phishing with an hacked account based on an real communication. I see no additional benefits in such a system. When someone see benefits it would be better and safer to relay on an existing company who's an expert.

What you described perhaps could be done with the actual whitelist and mail filter rule system. You can Check for spam after this delivered whitelisted mail addresses and when it is not on whitelist you can put it in quarantine. But the "Are you a real human" mail is missing. But you could send it by yourself. Also it is hard to handle for bigger users count but for a small group it could work without develop new features.

 

[Stoiko Ivanov]

Again - I don't think that adding a 'manual verification captcha' into any e-mail workflow is something that makes sense - most people expect e-mails to just flow - or be rejected (I personally would really avoid clicking on such a mail in response to mail I just sent).

It makes one of the most common ways of contact (with all it's problems and drawbacks) nowadays cumbersome for all legitimate users.

If you're user-base is small enough, and you really want to do this - I think @BJ78945 's approach of just putting a rule which puts everything into quarantine and if the mail is legit - you, as admin can add them to a whitelist (where mail get's analyzed and then sent on to the recipient)

Technically speaking this 'Addressbook' also has a small potential for DOSing (just send a few million mails and click on the 'verification captchas' in an automated way)

I hope this explains it!

 

[PMB]

Hi all,

Thanks for the replies.

The "Everything to Quarantine" is not a bad idea but very time consuming. One thing I have some doughts is: Can the user receive an e-mail each time an e-mail gets quarantined or does it get in the daily report?

If the user/recepient can get an email for each quarantine item that could be an option, if it only get a per daily then, if the e-mail is urgent then that is a problem.

Is there any way to have a user create a rule for himself? For example he could have a Quarantine all itens in there for his e-mail address and the he can login thru the ticketing system and Whitelist the e-mails he wants.


best regards,

P.

 

[Stoiko Ivanov]

If the user/recepient can get an email for each quarantine item that could be an option, if it only get a per daily then, if the e-mail is urgent then that is a problem.

Theoretically yes - just add a Notify action to the Quarantine rule
However consider that you're sending a new mail to notify someone about a mail, that they received, but need to access via the quarantine interface

Is there any way to have a user create a rule for himself? For example he could have a Quarantine all itens in there for his e-mail address and the he can login thru the ticketing system and Whitelist the e-mails he wants.

No - the global whitelist can only be edited by an admin

 

[PMB]

Theoretically yes - just add a Notify action to the Quarantine rule
However consider that you're sending a new mail to notify someone about a mail, that they received, but need to access via the quarantine interface

If it is a urgent e-mail than it can be justifiable but if it is not then.... I understand your point.

No - the global whitelist can only be edited by an admin

But when the user logs in thru a ticket or when he receives the spam report he can whitelist the items.....


Another thing is there an option to send the daily report on demand? Like I need to generate a report now of a specific user/all users for them to see the report and access the system. This would be an alternative to sending for every mail, eventually it could be sent every X mails or every x Hours.

What do you think?

best regards,

P.