In this article we will teach the basics of how to avoid being flagged as spam when sending our newsletters. How to do it? Let’s see it together.

The scenario is utterly common: you send an email and it ends in spam folder. But why does that happen?

The first thing you’ll may notice is a rather weird behavior. When you send emails to Gmail accounts they are correctly delivered, while with Hotmail accounts they’re marked as spam. This suggests the first important consideration: mailbox providers adopt different techniques to decide when an email is or isnt spam. It’s important to underline that this behaviour isn’t limited to the big players: even when you get a personal domain and your provider gives you a mailbox (like stefano[at]thenewsletterplugin.com), there are spam filters in place.

Essentially, everything could be reduced to a simple concept, the spam score. Spam filters take a message and analyze it:

• Which server does it come from? Is it black listed? What about its reputation?
• Is that mail server allowed to send emails for the sender domain?
• What about the content? Has it known spam links?
• Was the messages signed with a DKIM signature?
• Is there an SPF or a DMARC record in the domain DNS?

As you can see, some questions contain very technical terms and some of them require specific (and not always easy) configurations to reduce the spam score of sent messages. There could be even a filter on the sender’s provider: for example many hosting providers let blogs send emails but they check them before trying the delivery. Doing this, they aim to prevent hacked blogs from sending tons of spam that may result in a blacklisting of their network.

The minimum checklist to prevent spam – with WordPress

If you’re sending newsletters from your blog without any special configuration, you’re probably sending them from the same server where your blog resides and with a sender email like newsletter@youdomain.com (this is the default on Newsletter).

1. Be sure the sender email address uses your domain name (in my case the sender is newsletter[at]thenewsletterplugin.com) and make sure that is a real email address or at least an alias. A simple test you may perform: you should be able to send an email to that address without having back a delivery error message. Sometimes, providers don’t allow to set a sender address. Open a ticket to their support to get more information.
2. Using as a sender address something like myname@gmail.com because you don’t have an email service associated to your domain, almost surely won’t work. See below for a simple explanation. Anyway, considered you’re trying to use your blog to send beautiful and interesting newsletters,  we strongly suggest you to get an email service associated to your domain.
3. On your blog, set Newsletter with a Return Path email address using a real mailbox you check from time to time: that lets you to have the delivery errors reported. That address can be the same of the sender address. Sometimes providers do not allow the setting of a return path, this is why Newsletter will leave this field empty by default.

If you have an external STMP email service

If you have a mail service (and you should, since you’re using newsletter@youdomain.com which is a real mailbox, right?), you probably have an SMTP available to send emails from your favourite email client. You can try to send email through that mail service (SMTP) which is more spam-proof. Ask the provider your credentials and set them up on Newsletter SMTP settings.

If the SMTP test fails, ask the provider hosting your blog if there are limitations in connecting to external SMTP services. If the provider is the same for both the website and the mail (as it is with Bluehost, Hostgator, Siteground and many more) there should be no blocks in place. Should something not work, open a ticket on their support service.

SPF records

This is a bit technical but it’s worth a mention. An SPF record is something that basically says: emails from @mydomain.com can be sent by that list of servers (SMTP). Modern providers giving you the mail service and an SMTP (see above) should already have those records set for you. Ask them to check that.

Too complicated! Is there a simple solution?

Yes, partially. There are many mail delivery services you can choose from, which deal with most of those problems quite well. For example, we sends our emails with Amazon SES (after Mandrill changed its price scheme) using our Amazon SES Extension (with its one click setup). Sendgrid is cheap and reliable and even Mailgun is a great alternative.

Two important notes:

1. Those providers could require a few tech configuration on DNS, which your hosting provider should be able to deal with quite easily.
2. Don’t use free mail delivery services, as almost all of them will process your email with a second class server and the spam problem could be even worse.

Why you shouldn’t use  a Gmail address as sender

If you use as a sender address something like myname@gmail.com, people will see your newsletter from myname@gmail.com. Hence, there is no reason preventing you to use anothername@gmail.com to deliver your email, sending message apparently from another person. This is actually… spam.

To block those kind of dishonest behaviours, more and more mail services started to check incoming emails asking something like: are messages from Gmail allowed to be sent from that server?  If the server you’re sending from isn’t listed in Google allowed servers list, the email will be refused (actually dropped). Of course the same reasoning applies to hotmail.com, outlook.com, yahoo.com.

إقرأ المزيد

How-to Get WordPress To Inbox Emails No Spam Box

My friend told me that he had to look into the Spam folder to pick up the Comment-Reply-Email from my blog.

wp-emails-spam-folder

The problem is that the From-Email address is the VPS and it could be marked spam as many hosts are sending lots of emails per day (imaging lots of other VPS users). You can set up your own Email server but that involves too much technical work.

The solution is to use your own email address e.g. GMAIL via the SMTP instead of inbuild mail() function to send emails and that would be marked as spam.

CLICK TO TWEET

You would need the SMTP plugins to direct all WP emails using SMTP settings which can be found: https://wordpress.org/plugins/wp-mail-smtp/

wp-email-settings

The following is a handy list of configurations that you would need if you use GMAIL. If you let WP send emails using you GMAIL SMTP, you would find all the outgoing emails (as backup) in the sent folder, which is really nice.

Gmail SMTP port (TLS): 587

Gmail SMTP port (SSL): 465

Gmail SMTP TLS/SSL required: yes

Simple as that, problem solved.

إقرأ المزيد

How to Fix the WordPress Not Sending Emails Issue

When we open mail.log we can see so many undelivered, delay mail status, some time server security will break and hackers sent bulk Spam mails from our servers. we can find it using terminal.

UN-authorized word-press themes, plug-ins, server security risks , permission faults,file upload validation are occur this errors and hacker can inject codes to our website

Find spam script using mailq

• Switch to a user with sudo rights
• Check the mail queue with command mailq
• The first column of the mail queue list shows unique mail ID’s, pick one from an obvious spam email and copy it
• Check this email’s details with command postcat -q <ID> using the unique mail ID you copied in place of <ID>
• Identify the line starting with “X-PHP-Originating-Script”. This should show which script is generating the spam emails
• Empty the mail queue with command postsuper -d ALL
• Check the mail queue again with command mailq

Remove spam script using SED command

‘sed’ which stands for ‘stream editor’. Whenever you want to modify any text, any string sed always comes handy.so we can use SED to remove injunction code from wordpress site, this particular code check each and every php files and remove injected code

In our case injected code starting like this <?php $zdwyyyta and script middle part is $gyeemsq then ends with $hrhaior-1; ?>

So open your terminal and go to the injected website, example domain.com/public-html the run particular command

find . -type f -print0 | xargs -0 sed -ri ‘1 s/.*<\?php \$zdwyyyta.*\$gyeemsq.*\$hrhaior-1; \?>//g’ *.php

It will search particular code in all php files and replace with white space.so injected code is cleaned from your website and files

Again check the mail queue again with command mailq to see if more emails are now generated. If the problem persists, repeat the above steps and see if you find other scripts causing you problems.

spam script sent mails again, what is next ?

This time we want to find particular  mail script in wordpress website or any other php files, we need to find php.ini  file

if your using php 7 , php.ini location is /etc/php/7.0/apache2/php.ini, it will change per version and Linux distro so please check INTERNET or visit www.php.net

• Open php.ini file
• Add following line mail.add_x_header = On
• Also add mail.log = /var/log/phpmail.log
• Then create a file in log directory touch /var/log/phpmail.log
• Give permission chown httpd:httpd /var/log/phpmail.log or chmod 777 /var/log/phpmail.log
• restart your server, example sudo service apache2 restart
• Check the login file nano /var/log/phpmail.log

Then you can see which script sent spam mail example

[18-Jan-2018 17:58:35 UTC] mail() on [/home/yourdomain.com/public_html/wp-includes/hack.php:698]: To: mail@domain.com — Headers: Date: Thu, 18 Jan 2018 17:58:35 +0000 From: xxx xxx

remove this particular file or script, it will solve your issue

PHP mailer script sending spam from WordPress

what happend when you see class-phpmailer.php sent spam script ?

[18-Jan-2018 17:58:35 UTC] mail() on [/home/yourdomain.com/public_html/wp-includes/class-phpmailer.php:698]: To: mail@domain.com — Headers: Date: Thu, 18 Jan 2018 17:58:35 +0000 From: xxx xxx

it does not send the spam by itself,it is being triggered probably by spamhackbots, misusing some vulnerable extension, or leftover backdoor malware scripts, or both

We alts solution Suggest you to install WordFence or Better WordPress security plugin to find vulnerabilities

https://wordpress.org/plugins/wordfence/

https://wordpress.org/plugins/better-wp-security/

At last you found it but, delete or uninstall the plug-in or theme,  might loose the client data and files which they have uploaded. so please backup and check it carefully .

We believe that this article has helped you with the information on WordPress security. If you have any doubt regarding this topic, please make sure to comment, the professional techies at  Alts solution are always happy to help you. Alts solution is one of the top most Digital marketing and App Development company. We offer high-quality service in Web Design and development, SEO, Web Hosting, App Development and Social Media Marketing,Online Reputation Management. We are one of the top Online Reputation Management in India.

إقرأ المزيد

Seeing the “parallelize downloads across hostnames” warning in Pingdom, GTmetrix, or Google PageSpeed Insights? This is because web browsers are limited to the number of concurrent connections they can make to a host. This is mainly due do HTTP/1.1 in which browsers open on average 6 connections per hostname. This warning is typically seen on websites with a large number of requests. In the past, the only way to get around this limitation is to implement what they call domain sharding.

Note: If you are running over HTTPS with a provider that supports HTTP/2, this warning can usually be safely ignored now. With HTTP/2 multiple resources can now be loaded in parallel over a single connection.

Depending upon the tool or software reporting it, the warning might appear in a couple different ways:

• “parallelize downloads across hostnames”
• “increase download parallelization by distributing these requests across multiple hostnames”

If you are still running over HTTP and haven’t migrated to HTTP/2 yet, you can follow the tutorial below on how to implement domain sharding. Again, most of the techniques are now considered deprecated. Over 77% of browsers now support HTTP/2 when running over HTTPS, as well as many CDN and web hosting providers, including Kinsta. It is also important to note that Pingdom doesn’t support HTTP/2 yet since it uses an older version of Chrome.

Fix “Parallelize Downloads Across Hostnames” Warning

Domain sharding refers to spreading out your assets across multiple subdomains. By doing this you can multiply the number of simultaneous requests. Using domain sharding also gives you the ability to load content on cookie-free subdomains. However, it is also important to note that there are a couple drawbacks to this. By introducing additional subdomains you are adding more DNS requests which increases resolution times and you lose a lot of your caching benefits. Follow the steps below to set it up.

1. Setup Additional Subdomains

The first thing you will need to do is create additional subdomains and or CNAME records to spread across the request for your static assets. You can do this at your DNS registrar or if you are a Kinsta customer you can also edit your DNS records from within your My Kinsta dashboard. Typically no more than 4 are recommended. You will want to point your additional CNAMEs at your /wp-content directory. An example of a configuration might be:

domain.com
static1.domain.com
static2.domain.com

2. Edit WordPress Config

You then have to configure WordPress to parallelize the downloads across subdomains. Simply add the following code to your WordPress theme’s functions.php file (src: GitHub). And replace the $subdomains values with your subdomains. All subdomains/hostnames MUST have the same structure/path.

function parallelize_hostnames($url, $id) {

 $hostname = par_get_hostname($url); //call supplemental function

 $url = str_replace(parse_url(get_bloginfo('url'), PHP_URL_HOST), $hostname, $url);

 return $url;

}

function par_get_hostname($name) {

 $subdomains = array('media1.mydomain.com','media2.mydomain.com'); //add your subdomains here, as many as you want.

 $host = abs(crc32(basename($name)) % count($subdomains));

 $hostname = $subdomains[$host];

 return $hostname;

}

add_filter('wp_get_attachment_url', 'parallelize_hostnames', 10, 2);

 This same technique above can also be used with CDN providers such as KeyCDN, MaxCDN, and CloudFlare to fix the “parallelize downloads across hostnames” warning. However, almost all CDN providers now support HTTP/2 in which domain sharding is not recommended. And you can still serve assets from a CDN via HTTPS even if you haven’t migrated your WordPress site yet to HTTPS.

إقرأ المزيد

How to Automatically Post to Facebook From WordPress

In today’s internet, the channels by which you can connect to your customers are very diverse and we don’t see that changing any time soon. One of the best ways of reducing this burden of updating and managing various channels is to AUTOMATE as much of the work as possible.

So today we are going to look at connecting your Facebook account to WordPress.         

First to define terms, there are two types of connections between WordPress and Facebook:

First there are feed updates.  These are simply items from your Facebook feed displayed on your website. They reflect your Facebook activity on your website. These are NOT the type of connections that we are discussing.

Second there are WordPress – Facebook publishing connections. This is a connection that takes your latest WordPress blog or post and publishes it on Facebook. The content is driven from your website rather than from Facebook. This is exactly the type of connection we shall be exploring.

A Reminder

Now before we start, some will say that you should not use third party services or connections to drive your Facebook content. This is mainly related to an article that was published back in 2011, stating that Facebook was penalising posts from third party apps. Things have changed since then and Facebook has publicly stated that they were dealing with this problem. However, we don’t advise simply automating your Facebook and then forgetting about it. Social media is all about interaction and nothing can replace that human interface. But you can reduce a lot of the strain and simply ensure that you are interacting with customers when they post to your feed or ask questions.

Ok so let’s get started…

1. JETPACK

Firstly, lets look at WordPress’ native method. WordPress has created a plugin called Jetpack. This comes with a number of different features, such as image optimization etc. But one of those features is Publicize, which will auto post to your social media. To use Jetpack you first need to create a WordPress.com account, but once that is set up you can then post your blog posts to the following social media accounts:

Facebook, Twitter, LinkedIn, Tumblr, Path and Google+. 

This is a reliable service and has native WordPress support. It justifiably, is a popular plugin. There are a number of limitations though. It will only work for Admin, Editior and Author user profiles.  If you are a contributor to a blog, it wont work for that. It also only works for new posts and that have never been published before. Post are only posted to your social media accounts when the posts are made public on WordPress. Draft posts cannot be published. Plus your post will be published to all the connected social media feeds at the same time.  You cannot schedule your social media posts. Though if your post is scheduled on WordPress, Publicize will still work and your post will go across when your post appears on WordPress.

Cost: FREE

2. IFTTT

We love IFTTT! It is one of our favourite methods for posting to Facebook from WordPress. It is a great tool for connecting many services together. IFTTT stands for “If this then that”.  It’s very easy to use and consumer focused. IFTTT lists 131 different connections you can create between WordPress and Facebook.

IFTTT works by setting a trigger and then an action.  In IFTTT these connections are called Recipes. So for example, a trigger could be “When you publish a new post on WordPress”. Then you set your action. Now IFTTT covers way more than just Facebook, but for the purposes of this blog, we’ll concentrate on Facebook. So an action could be “Post to Facebook Page”.

Not only can you automatically post your WordPress blog to your Facebook page, you can reverse it and post Facebook updates to your website. It is definitely worth taking a look at this method. Here is the list of possibilities between WordPress and Facebook.

One advantage with this method is that it does not require any additional plugins, so that’s one less plugin to remember to update. Excellent!

Cost: Free plan available

3. ZAPIER

Zapier is very similar to IFTTT, but is more focused on the business end than IFTTT. Think of it as the IFTTT for business. Zapier has over 500 different app connections available and many of them are business focused. In Zapier these connections are referred to as Zaps.

The principle is the same however: set up a trigger and an action. You can also set a chain of actions, so that one action becomes a trigger for a second action. Then the options become almost endless. Currently on the free plan you can have 5 Zaps and they sync every 15 minutes. This is certainly more than enough to sync your WordPress to Facebook.

At WP Hero we use Zapier for a number of different activities and we would happily recommend their service. Again no plugins are required to get Zapping.

Cost: Free Plan Available

Third Party Plugins

Now we come to third party WordPress Plugins, which has been the traditional way of connecting WordPress to Facebook. There are a plethora of plugins available with varying features. Some better than others of course. Some free, some paid. It would be impossible to list them all, so we will mention the one that we think is the best free one currently available, and that honour goes to…

4. NEXTSCRIPTS

Nextscripts is great, it will automatically publish to all of your social media accounts. You can also use it to repost previously published content at certain intervals, thus covering periods of inactivity. Another feature is that you can use it to send out a broadcast message to be published on social media. This can be anything, like the announcement of a new service or product.

When posting your content the plugin will automatically grab the post title, URL and featured image and include that info in the social media post. Another awesome feature is that you can create a custom social media message, such as a tweet for each post you publish on your blog.

There is a setup process, but they provide an excellent guide to help you. The plugin also makes 100% white labeled posts, meaning the posts will look as if you posted them directly – no “shared via NextScripts.com or posted by SNAP for WordPress” messages.

Did I mention that it’s also FREE!? Definitely one of the better plugins for automating your WordPress.

Cost: Free

So that’s our 4 recommended methods of publishing from WordPress to Facebook. Do you have any other suggestions? Then please share your thoughts in the comments below.

Bonus Tip

But before I go there is one other service that deserves a mention in the context of WordPress and Facebook, and that is Buffer. Buffer is a queuing service for social media. Basically you send your posts to Buffer, which in turn creates a queue of content. This might be Instagram posts, blogs, photos etc. You then set a posting schedule in Buffer for each social profile.  So for instance you could post to Facebook once per day and Twitter twice per day. The beauty of this is that you create a drip feed effect in your social media accounts, rather than a content explosion every time you upload your blog. So our recomended process for updating your Facebook actually looks like this…

WP Hero specialises in making your life easy. We maintain your WordPress site and specialise in automating regular WordPess content updates. Give us a shout to automate your site.

إقرأ المزيد