tags:

views:

340

answers:

1
+2  Q: 

Best practices: Sending email on behalf of users

The company I work for provides testing services for the healthcare industry. As part of our services, we need to send email to our clients' employees. Typically, these are temp, part-time, or contract employees, and so have private email addresses (eg Hotmail, GMail, Yahoo!, etc).

Up to now, we've been sending from an internal address, but this means that replies come back to us when employees aren't paying attention or don't know to send queries to our clients. I'd like to change this, so that the person who requests that the email is sent is the person that is replied to.

We've used reply-to: in the past, but it seemed to cause additional mail to be trapped by spam filters.

I've been reading about sender: and on-behalf-of: headers, and was wondering what the current best-practice was for sending email in a scenario where we need to send email such that the reply goes to a domain we don't control.

+1  A: 

The on-behalf-of header is the best way to do that, but you are also going to get trapped by spam filters. The best to mitigate or lessen the likelihood that you will end up in the spam filter is to implement all the industry standards around verifying your domain and mail server. As indicated in this article:

http://www.codinghorror.com/blog/2010/04/so-youd-like-to-send-some-email-through-code.html

However that is very tough to do, because you need to stay on top of SPAM standards, and abide by CAN-SPAM laws and everything else. The better bet is to use a on-demand cloud based SMTP server like this one:

https://www.socketlabs.com/od

Use a company that is a domain expert in the area of sending email and has gone through all the leg work to get the highest deliverability rate. And will stay on top of the standards for you, and monitor black lists for problems.

Nick Berardi  2010-05-06 15:50:55
We already do most of what is recommended in the codinghorror blog (which I read). We use an SPF/Sender-ID record, we have a proper reverse PTR to our web system's SMTP relay. We don't have a problem getting spam trapped at the moment, sending from our own domain. The problem is getting replies routed to the correct parties.
Ben Doom  2010-05-06 15:59:04
The problem is that the two methods you listed are for verifying your domain as a valid sender. You need to take the next step and sign every email that is delivered. With a domain key. You need to implement the DKIM, if you read wikipedia (http://en.wikipedia.org/wiki/DKIM) it says "... the transit path; or an indirect handler, **such as an independent service that is providing assistance to a direct handler**...". It is going to be hard if your emails code is all over the place, or if your SMTP server doesn't automatically sign them, another reason to get the service I mentioned above.
Nick Berardi  2010-05-06 18:33:39
After you sign every email you can use `on-behalf-of` or you can even just put the actual email in the `from` address which is the bullet proof solution.
Nick Berardi  2010-05-06 18:35:32
I'll start testing DKIM and see if I can get it running correctly on our mail server(s). I'll let you know if it works.
Ben Doom  2010-05-06 21:01:28

related questions

I ALMOST understand how email works, but I'm missing something.
Sending Email in .NET Through Gmail
MS hotfix delayed delivery.
How to send email from a program _without_ using a preexisting account?
Email SMTP validator
Maximum length of a MIME Content-Type header field?
If email is not the answer then what is?
Accessing an Exchange Server without Outlook
Recommendations for a .NET component to access an email inbox
Email queueing in php
How do I open the default mail program with a Subject and Body in a cross-platform way?
How do I send a file as an email attachment using Linux command line?
Read from .msg files
What was your biggest mistake involving programmatically sending email?
Good email service for bulk emailing
parsing raw email in php
Is there any wiki engine that supports page creation by email?
Sending emails without looking like spam
What's in your .procmailrc
Why won't Entourage work with Exchange 2007?
Can I use JavaScript to create a client side email?
E-mail Notifications
Is a "Confirm Email" input good practice when user changes email address?
MAPI and managed code experiences?
How do you make sure email you send programmatically is not automatically marked as spam?