Home
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #73: Automatic tracking of failed email addresses in tokens

bug This idea was marked as implemented the 28 November 10. Available starting 1.91.
Written by lemeur the 3 Jan 10 at 14:33. Related project: 1.x all. Status: Implemented
Rationale
Limesurvey tokens already have a field named token status that takes the "OK" default value. When this field is updated withj any other value, the token email can be automatically bypassed by LimeSurvey invitation/reminder process.

The goal of this idea is to design a new process that would make it possible to an external probe script, to send a failed-email-address notification to LimeSurvey so that the token status is automatically updated (right now this is only a manual update).

The probe script is external to limesurvey since its operation depends on the mail-server system used by the Administrator Bounce address.

Special care must be take to prevent anyone on the internet from sending a specially crafted fake bounced email that would disable valid tokens.
Tags: (none)

5
votes
implemented
Selected solution (#1): SMTP tagging, Probe and SOAP solution
Written by lemeur the 3 Jan 10 at 14:33.
* First of all, email messages sent by LS must be tagged in some way with an message-dest-id
This message destination id is made up of: the SurveyID, the target email address, the token code, and a specific integrity code.
This integrity code is used to make sure the bounce email is not a fake so that we don't disable some valid tokens.
The integrity code would be an ASCII verison of a HMAC of the previous elmeents encrypted with a key containing the token ID (internal element inside LS, and a global value specific to this LS installation and set in config.php).

* the probe will decode the bounced email to read the error message and get the original message-dest-id, then it would send the two data to LS-remote-command (via SOAP)

* The LSRC API will provide a service that would check the integrity and authentication of the message-dest-id and then update the token status accordingly.

Some references:
* Tagging with VERP solution: http://en.wikipedia.org/wiki/Variable_envelope_return_path
* Tagging in SMTP header (my preferred way): http://www.php.net/manual/fr/function.mail.php#78934


Duplicates


Comments
hauber wrote on the 26 Jan 10 at 14:46
This could be a pointer into the direction of more sophisticated e-mail management.

We sometimes have more than one e-mail address of a person, and want to be able to choose which one to use (e.g. by specifying the attribute name).

It would be nice having somthing like this: If the first e-mail address fails twice, use the second address.


Post your comment