I'm doing a Rails app. and at a point where I need to send out mails (
confirmation email, weekly newsletter etc.)
I'm confused (and overwhelmed) about the choices to make for mail servers in
our staging and production environments.
There is the danger of getting marked as SPAM or blacklisted. There are
various guidelines around the internet that we can follow. Also, running the
mails through SpamAssassin might help. Anything else you particularly found
useful to do?
First off, make sure that whatever solution you end up with has SPF
set up correctly, and DKIM if possible. Both of these serve to
indicate to receiving mail servers that the mail really *is* from you,
and not forged by a spammer.
Also, we allow some customization of invite mails. What then, is a good way,
to make sure that user entered text doesn't cause us to end in spam?
You may want to try one of the spam checking services like Akismet -
they're mostly used for comments, but there's no reason that invites
couldn't be screened. If you have a form where the general public can
send emails, you WILL get linkspammers attacking it.
The choice of mail server -- third party, our own dedicated, or Google Mail.
Whether this should be same in staging & production environments or
different? Should we use a separate machine dedicated for email only? Can we
initially start by using Google and later transition to some other choice?
Google for Domains is OK for very small setups; note that they have a
500 unique recipient per day limit on the free service. I've used
AuthSMTP with a fair degree of success, although they can get very
touchy about spam reports. You should be fine sending emails from the
web server for at least a while; postfix (or equivalent) are pretty
light on resources.
The choice of domain from which to send the mails -- whether should be same
as our website or different?
Once again, at first, you should definitely send emails from the same
domain as the site. It will help users understand why they're getting
the mails. And trust me, you'll need as much help as you can here.
I've had users open an activation email, activate their account, get
2/3rds of the way through profile creation and only THEN decide that
the activation email is spam.
And the fact that in Staging, we shall be testing things out and hence don't
want to send email accidentally to real people and confuse them! Should we
send all our staging emails to some particular address(es) always?
Well, I just saw this: http://github.com/myronmarston/mail_safe -
maybe it would help.
In the long run, there are "feedback loop" services for AOL, Yahoo,
and several other of the larger mail providers. They give you direct
access to spam reports against your domain, and are worth looking into
if you start getting big enough to have spam problems.
One last tip: in almost any case, you should be verifying emails (via
activation or similar) before sending any other mails. You'd think
that users could spell their email addresses correctly, but you'd be
wrong. I counted 50+ unique misspellings (most were repeated) of
"yahoo.com" in a 35k user application that was running without email