I am using MvcMailer with my website to send html emails.
seems good, but im just wondering how i can view the created emails in a browser.
eg in some newsletters they say "view this email in a browser", so i am just wondering how I can do that with MvcMailer.
The easiest way is to put a link in the email back to your site, and then create a controller/action that uses the same view, and builds a model the same as the one you used when creating the email.
If all the data you need is in the database, you may be able to just pass a key in the querystring (note: if the mail contains potentially sensitive information, make sure the url is tamper-proof), otherwise you might need to pass in more data to allow you to reconstruct the same view that you did when generating the email.
Related
Hi I have a pardot form handler set up on a website for a client and it is receiving a lot of spam submissions. We set up a honeypot and recaptcha and while they are working, they not seem to be effective in stopping the spam.
We now think the spam submissions are coming from outside our site. I set up a field on our site that sends the url of the page to Pardot when the form is submitted. The ones we sent from our site have the correct url, while the spam submissions don't have the field filled out at all.
Has anyone come across something like this and how did you stop the spam?
I just stumbled across this question now so you may have already got a solution.
If not...
There are bots out there that will be looking for forms that post to Pardot and spamming them. The bot will hit the Form Handler URL directly (e.g go.pardot.com/l/2232) - it will not actually fill in the form on your site.
It seems like you may have already tried to use the Pardot honeypot technique:
https://help.salesforce.com/articleView?id=pardot_forms_add_honeypot.htm&type=0
Alas, this won't really work as the bots aren't filling in those fields.
Some possible solutions:
Use a Pardot Form, instead of a Pardot From Handler, if you can. These forms have additional spam protection.
Instead of your form posting directly to Pardot, send the information to another service first and try to detect spam there. For example, we use Wordpress forms and we clean out spammy enquiries within the Wordpress code before sending it on to Pardot (using CURL). You'll need your web developer to help with this though.
Lastly, use unique "External Field Names", combined with the Honeypot technique listed above. So instead of fields names such as "firstName", "phone" etc, use "web_first_name", "web_phone".
I have come across the same issue - Bots attack Pardot Form Handlers and their URLs.
A bot is scraping our website, looking for the form URL. The later they target precisely this URL separately and that's why captcha or honey pot or anything done on the actual website is not helping!
How did I solved this?
Instead of the form posting to the Pardot Form Handler URL, I changed so that the form is posting to our own server side. Then from our server side we're posting to the Pardot Form Handler URL, but only if the visitor is not a bot.
I've removed the url from the form action and set it dynamically once the submit button is being clicked. That moment, I am combining the url in several steps, e.g.
let actionURL = "https://":
actionURL += "go.company.com";
actionURL += "/1234445457/deeger";
actionURL += "/sdfsddffffd";
$('#subscribeForm').attr('action', actionURL);
$("#subscribeForm").submit();
This prevents the bot from scanning the url on the form in plain text.
If the endpoint url is already compromised, you have to create a new form handler first.
I am creating a web app using Laravel 5.3 where only authorised users can view the images in that app. For example, lets says something like Facebook where only friends can view the user's avatar if the permission is set like that. When the image is viewed from the app, the api check the auth credentials, check the permission and displays the user image accordingly. However, my question is, if I am sending a notification emails to users, how can I display the protected images in email messages? For example, if I add the img url like this in html email:
<img src="http://example.com/api/image/useravatarname.jpg" />
the above will fail since it doesnt have a token in it. In these cases, how are protected emails displayed in emails? How does website like Facebook does it?
These are the methods I have thought of but not happy with:
1) Embed Image Binary Data: I don't know if adding the image binary data will work in html emails. Even if it does, it doesn't seem like a good method when sending emails.
2) Image URL Parameter: I was thinking maybe to add some parameters like the user's email address ?xyz#gmail.com to the img source url and then from the api locate the user with that email id and verify if they have the permission to view the image. But the problem with it is, some people can view the image by adding the email id parameter easily by guessing.
3) Facebook Notification Email: When I checked the facebook notification email, I see the avatars in the email are displayed something like this and I have no idea what they are doing here:
https://ci5.googleusercontent.com/proxy/lkjasdlkjsaldjalsjdlasjdlkjasdljsaldjasldlasdljqljaldjsaldjsaldlsajdlsajdlkasjdkljasldkjaslkdjsakldjsaljdlsajdlasjdla#https://scontent-syd2-1.xx.fbcdn.net/v/t1.0-1/p100x100/ljsdlkjsdljsdljsd_23232323_23232_n.jpg?oh=askaslkalsjalsjalksjalkjsas&oe=58C270EEE
Is there another way?
Is it possible to read the content of lets say the last email in a specific email inbox? I´m developing an app for a company and I would like for anyone to be able to send an email to a specific address, and then the content of that email would be visible in a text field inside the app. But for that to work the app will have to be able to have access to a specific email. I bet there are other ways of updating a textfield inside an app but this would make it so easy for everyone to be able to update this news feed.
Thanks!
Third-party apps have no access to the system Mail app’s database. If you want to access the contents of an email, you’ll need to connect to that server and retrieve its mail yourself.
I'm building an app with some 'mail tracking' feature and want to notify google analytics about a click in a link from ruby.
I've already changed all external links from email to go to my server to be redirected, so I know what and when the user clicked.
I want to send this click just knowing the 'UA-XXXXX' and the clicked url.
Is there a way? Or the best solution is to render a html page and with JS send the click event?
UPDATE: Ok, I've found gabba but don't know how to send an 'click' event.
Generally its better to use the JS api, since it has access to all of the other data that analytics tracks, like the visitor browser/os/geoip and can tie all that to a 'visit'.
If you are embedding links in emails, you might consider using the source/medium/campaign flags in the links.
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1033867
So technically its not tracking the 'clicks' as an event, more like tracking the fact that the user came to your site from that particular email. You could use a separate campaign label if you wanted the individual click granularity. (If, for example you had the same url in the email more than once and you wanted to know whether they clicked the first or second one in the email)
I am building an MVC application (using the Zend Framework).
When users first register, the applicaiton sends them an email. My question is, where should I trigger this email from? The model or the controller? My thoughts are as follows:
In some ways, the model makes sense, since sending a registration email is part of my business logic. Users must click the link in the mail to validate their email address.
But by putting it in the model, I am 'encumbering' the model. The model's registerUser action is then only useful within the context of an application that needs emails sent for every registration.
Instead, by triggering the email from within the controller, my controller would be a litter 'fatter', but my model a little more 'fine grained'.
I have written an email service which actually configures and sends the email, and I think this is a good design decision. I am really just asking where I should be calling this service from.
Your thoughts are most appreciated!
According to Zend Framework's definition of MVC, you should put send the email from the controller:
Controllers...decide which view to display based on the user's request.
Models, on the other hand, contain:
...basic functionality behind a set of abstractions.
An email may be considered a "view" in that it displays information to the user. It is the controller's job to activate this "view."
In my opinion, I would want this in the model, as I would consider this an assumed process of the create user method, rather than any specific interaction with the user making the request.
In other words, since I would always want this email sent, regardless of the source of the request, I would identify this as a natural byproduct of the create user action, similar to a record being saved in a database.
You might want to look into using something like NServiceBus to queue messages to be sent to your Email Service.
This way you can have NServiceBus subscribe to an event that occurs and omit any manual firing of the email service etc.
Ultimately you want a failsafe way of ensuring your messages get to the intended people. This kind of framework will greatly help you ensure that this happens.
Alternatively you could store the emails to be sent inside your database and have your email service check the database queue every x minutes for new emails to send and omit the need for triggering the email sending.
Again, doing it this way will ensure at the least that the emails get sent. Should the network go down or some other disruption occur during the sending of each email you can simply leave them in the queue until the network comes back up.