Home
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas

Contributor lemeur

Automatic tracking of failed email addresses in tokens  
Written by lemeur the 3 Jan 10 at 14:33. Related project: 1.x all. Implemented
Limesurvey tokens already have a field named token status that takes the "OK" default value. When this field is updated withj any other value, the token email can be automatically bypassed by LimeSurvey invitation/reminder process.

The goal of this idea is to design a new process that would make it possible to an external probe script, to send a failed-email-address notification to LimeSurvey so that the token status is automatically updated (right now this is only a manual update).

The probe script is external to limesurvey since its operation depends on the mail-server system used by the Administrator Bounce address.

Special care must be take to prevent anyone on the internet from sending a specially crafted fake bounced email that would disable valid tokens.
5
votes
implemented
Selected solution (#1): SMTP tagging, Probe and SOAP solution
Written by lemeur the 3 Jan 10 at 14:33.
* First of all, email messages sent by LS must be tagged in some way with an message-dest-id
This message destination id is made up of: the SurveyID, the target email address, the token code, and a specific integrity code.
This integrity code is used to make sure the bounce email is not a fake so that we don't disable some valid tokens.
The integrity code would be an ASCII verison of a HMAC of the previous elmeents encrypted with a key containing the token ID (internal element inside LS, and a global value specific to this LS installation and set in config.php).

* the probe will decode the bounced email to read the error message and get the original message-dest-id, then it would send the two data to LS-remote-command (via SOAP)

* The LSRC API will provide a service that would check the integrity and authentication of the message-dest-id and then update the token status accordingly.

Some references:
* Tagging with VERP solution: http://en.wikipedia.org/wiki/Variable_envelope_return_path
* Tagging in SMTP header (my preferred way): http://www.php.net/manual/fr/function.mail.php#78934

See the 1 comments or propose a solution (latest comment the 26 Jan 10 at 14:46) >>