views:

340

answers:

1

The company I work for provides testing services for the healthcare industry. As part of our services, we need to send email to our clients' employees. Typically, these are temp, part-time, or contract employees, and so have private email addresses (eg Hotmail, GMail, Yahoo!, etc).

Up to now, we've been sending from an internal address, but this means that replies come back to us when employees aren't paying attention or don't know to send queries to our clients. I'd like to change this, so that the person who requests that the email is sent is the person that is replied to.

We've used reply-to: in the past, but it seemed to cause additional mail to be trapped by spam filters.

I've been reading about sender: and on-behalf-of: headers, and was wondering what the current best-practice was for sending email in a scenario where we need to send email such that the reply goes to a domain we don't control.

+1  A: 

The on-behalf-of header is the best way to do that, but you are also going to get trapped by spam filters. The best to mitigate or lessen the likelihood that you will end up in the spam filter is to implement all the industry standards around verifying your domain and mail server. As indicated in this article:

http://www.codinghorror.com/blog/2010/04/so-youd-like-to-send-some-email-through-code.html

However that is very tough to do, because you need to stay on top of SPAM standards, and abide by CAN-SPAM laws and everything else. The better bet is to use a on-demand cloud based SMTP server like this one:

https://www.socketlabs.com/od

Use a company that is a domain expert in the area of sending email and has gone through all the leg work to get the highest deliverability rate. And will stay on top of the standards for you, and monitor black lists for problems.

Nick Berardi
We already do most of what is recommended in the codinghorror blog (which I read). We use an SPF/Sender-ID record, we have a proper reverse PTR to our web system's SMTP relay. We don't have a problem getting spam trapped at the moment, sending from our own domain. The problem is getting replies routed to the correct parties.
Ben Doom
The problem is that the two methods you listed are for verifying your domain as a valid sender. You need to take the next step and sign every email that is delivered. With a domain key. You need to implement the DKIM, if you read wikipedia (http://en.wikipedia.org/wiki/DKIM) it says "... the transit path; or an indirect handler, **such as an independent service that is providing assistance to a direct handler**...". It is going to be hard if your emails code is all over the place, or if your SMTP server doesn't automatically sign them, another reason to get the service I mentioned above.
Nick Berardi
After you sign every email you can use `on-behalf-of` or you can even just put the actual email in the `from` address which is the bullet proof solution.
Nick Berardi
I'll start testing DKIM and see if I can get it running correctly on our mail server(s). I'll let you know if it works.
Ben Doom