XF 1.4 Automated Bounce Email Handling

Most forums need to deal with members whose email address becomes invalid. Sometimes the user will go ahead and change it, but other times your forum will fire off emails to this now invalid address. When this happens, if you have a bounce email address setup in XenForo (and possibly with the -f option enabled in the mail configuration), you will receive an email telling you about the failure.

Email delivery failures can happen for a wide variety of reasons. If you continually send to an address that has been disabled, for example, this can count against your domain/IP's email reputation. A lower email reputation can lead to reduced email deliverability as your domain may appear to be a spammer.

Therefore, when you are notified that an email can't be delivered, you may want to prevent further emails from being sent to that user. XenForo 1.3 added a new user state that represents an invalid email, but you had to manually change users into this state. With a decent size forum, this could be tedious and time consuming at best and impossible to manage at worst.

To handle this, XenForo 1.4 implements an automated bounce email processing system. This is a fairly detailed and technical system, but it allows an important maintenance action to be automated.

Automated Bounce Parsing
ss-2014-07-11_17-27-16.webp

The core component of this system is a process that reads emails from a specific account and then parses those emails to determine if they are bounce messages.

As bounce notifications will be sent to the value you enter for the "Bounced Email Address", you would enter the POP3 or IMAP details for that account here. Once you do that, the system will automatically start checking this account for bounce messages. Note that the emails in this account will be removed after reading so this account needs to be dedicated to bounces from your forum only.

Every email that is read from this account will be analyzed to determine if it fits a known type and the appropriate action will be taken (changing the user state to indicate that the email is invalid, if appropriate). This is all displayed in the email bounce log in the control panel:

ss-2014-07-11_17-38-46.webp


The action taken will depend on the content of the email. The sections below discuss why an email could be untrusted and the distinction between soft and hard bounces.

Bounce email notification parsing is notoriously difficult due to a wide range of servers that don't actually give good bounce responses. We have covered a number of common cases but this will certainly need to be expanded over time, so if you use this feature, keep an eye on the bounce log and let us know if you see emails that aren't being handled correctly. The "view original" link will take you to a raw output of the original email (headers and all encoded data). This data can be used to help us determine any additional cases to handle.

Note that you may get non-bounce emails to this address, such as delay notifications, challenge verifications and auto-replies. These will be logged, but they don't represent any errors so no action will be taken.

Bounce email logs will be maintained for 30 days.

VERP and Validation
While you would think that a bounce notification would always tell you who the email was sent to, you'd be wrong. Sometimes, the notification will only show you the address of the final recipient, and maybe they forwarded their email to another address. In rare cases, it might not list any address.

A common way around this is with a technique called Variable Envelope Return Path (VERP). The concept behind VERP is to encode the recipient email into the Return-Path header (which is where the bounce notification is sent).

Another important component is validating that the original email was actually sent by your forum. Without this, someone could manually create a bounce notification, send it to your bounce address, and trigger the bounce behavior for any email. By adding a validation hash into the return path, we can simply ignore any email that doesn't validate. This is what the "untrusted" component is in the email bounce log screenshot.

Let's look at a quick VERP example:
  • Bounce handler address: bounce@yourdomain.com
  • Email recipient: user@example.com
The VERP may look like: bounce+1234abcd+user=example.com@yourdomain.com. The "1234abcd" part is the validation key that is generated using a secret key.

Keep in mind that the Return-Path is never shown to the end user (unless they look at the raw email contents). The Return-Path and the From/Sender values are always unrelated.

ss-2014-07-11_17-58-14.webp


We would recommend enabling VERP support if you enable the automated bounce handling option. However, it does require that your SMTP server ignores anything after the + sign. This is quite common these days; Gmail does it, for example.

If you don't (or can't) enable the VERP option, we will embed this data in the original email via another header. Some bounce notifications include the original message (or the headers from it) and we can parse this data out of that. However, it may not be as reliable as the VERP option.

Soft and Hard Bounces
Bounce notifications report a wide range of issues. Some of these are unlikely to ever be resolved and others may be temporary or specific to a single message. This is where a soft and hard bounce distinction becomes necessary.

When a hard bounce happens, action will be taken immediately (setting the user state to indicate that their email is invalid). These issues are unlikely to ever be resolved, except maybe through dumb luck. Most commonly, this will be an invalid mailbox (the part to the left of the @ in the address).

Soft bounces include:
  • The recipient's mailbox being full
  • DNS/connectivity issues
  • The message being too long (as other messages may go through)
Soft bounces don't trigger the user state change until multiple messages bounce. The exact behavior is defined by a set of criteria:
ss-2014-07-11_18-06-50.webp

The criteria is designed to give the recipient (or their server admin) a chance to resolve the issue. If the limit was based solely on the number of emails, a flurry of messages in a short time span could trigger the soft bounce threshold.

Using the values in the screenshot, the email would only be considered invalid if:
  • We received 3 or more bounce notifications
  • The bounce notifications happened on 3 or more distinct days
  • The amount of time between the first and last bounce is at least 5 days
These values can be tuned to fit your needs and how strict you want to be.




Phew, that was a long one. Let us know if you have any questions or thoughts and keep an eye out for more 1.4 features being revealed soon.

Just a reminder: Please do not post suggestions in this thread (even if you feel they are related). Use the dedicated suggestion forum so they can be tracked; suggestions made in this thread are unlikely to be implemented.
 
There's a screenshot and an explanation for that very option in the first post of this thread.

upload_2015-1-8_14-46-58.webp


It even explicitly mentions VERP, several times.
 
Is there a dummies guide on how to configure this to work properly? I've checked "Enable automated bounced email handler" selected IMAP, entered my host, username, and password but still get tons of bounced emails.
 
I'd recommend posting in the support section showing details of your configuration (including outgoing mail configuration), any details about what's showing up in the bounce logs and anything else you thing is relevant.
 
With this feature users are set in Bounced status at the very first bounce they got?
Is it possible to retry after some time? This can prevent many false positive or temporary problem.
Some of my users got bounced and then they was asked to change their email, not only confirm. Is it supposed to working in this way?
 
With this feature users are set in Bounced status at the very first bounce they got?
Only under certain conditions would they be marked with a hard bounce and the bounce status applied. Otherwise a soft bounce applies and this will only lead to a hard bounce after several attempts as per the settings in email options.

Read the first post for more details and check your soft bounce settings.
 
I set this up after a new conversion and it was really simple to do, set up a bounce@ address, make that the catch-all, send out a message and watch the bounces roll in. Really nice feature!! It's been great considering that our old system really didn't have a very useable system for flagging bounces, so the system had a lot of rejections based on reputation. Switching IPs / servers and starting from scratch has reset that problem, and now with VERP in play, it should stay good.

The one thing that I would like to see is the option in the bounce log to go to the user account in question. Hovering over the e-mail address pops up the username but it's not clickable. I know. Suggest it in the suggestions forum....
 
I have over 150 bounces from an ACP generated bulk mail to about 1800 users. I've been looking at these, and the majority of them are 550 errors, many saying the account doesn't exist, etc, definitely what I would consider "hard bounces" but the are showing up as "unknown". Do I have something configured wrong?

Edit:

Running on a VPS, dedicated to just the one site, WHM, cPanel, using dedicated catch-all bounce account, it's pulling them all in and functioning correctly, just doesn't seem to be labeling them as hard bounces.
 
cPanel servers don't support plus sign things, but I guess I can create a bounce subdomain and a catch all email address for it.
cPanel neither supports plus addressing nor even delivers emails with a + in them, subdomains notwithstanding. VERP emails use +'s so how do you receive those emails?
 
cPanel neither supports plus addressing nor even delivers emails with a + in them, subdomains notwithstanding. VERP emails use +'s so how do you receive those emails?

That's a really old post. I no longer use cPanel, and host my own email server running nothing but dovecot and postfix :)

Liam
 
Back
Top Bottom