What is From Verification?
From Verification is a PoliteMail enforcement of what from addresses PoliteMail users are able to send tracked messages via the PoliteMail server as. To enforce this, the address being sent as must grant permission to the requestor to be able to send as them. This feature is available in v4.7+ and is able to be switched on and off in the web.config of the PoliteMail Server.
Enable From Verification
In the PoliteMail Management tool navigate to “Advanced”. Toward the bottom of the page is a variable called “ValidateFrom”. There are three From Verification modes: ‘None’, ‘Managed’, and ‘Strict’. None will not enforce from verification at any level, allowing all users to send as any email address. Managed only allows users to send from addresses that they have permission to send as, but PoliteMail administrators are able to manually add permissions. Strict mode only allows users to send from addresses that they have permission to send as and permission can only be granted by those emails.
When setting the mode to either Strict or Managed, the user will get a pop-up asking if they would like to allow users to send as all addresses that they have previously sent as. If ‘yes’ is selected, all current PoliteMail users will be granted From permissions for all addresses that they have previously sent as.
<add key=”ValidateFrom” value=”Managed” />
Send a From Request
In order to send messages through the PoliteMail server, any From address that is used must be bound to the PoliteMail user that is sending the message. This means that the user must be validated for all from addresses, even the users own address, that they are sending as.
When a user attempts to send via the PoliteMail server and does not have permission to send as a From, the send will be cancelled and the user will be prompted to send a From Request to the address they are sending as.
If the user selects yes, a From Request email will be sent to the address the user is attempting to send as. The user will be notified of this event and the inspector window should close. The user can continue to make From Requests but will be unable to send as that address until the request is validated.
Receiving a From Request
Once a Request has been sent the recipient will receive a From Request email.
From here the user has three options: They can allow the user to send as them, they can deny the user from sending as them, or they can allow all PoliteMail users to send as them. Once a link is clicked, a token will be validated on the server and the request will be fulfilled. The user will be directed to a site that will inform the user on the choice they have selected.
Note that after a From Request has been accepted it can always be denied at a later point. This will remove all user associations to that from that were made from that request. But once a request is denied, it can no longer be accepted. Requests will live for 3 days.
Ex: Karen accepts Bob’s From Request. Then Karen accidentally accepts All Users when Josh sends her a From Request. She then denies all users by selecting “Do not allow” on Josh’s request. Bob still has permission to send as Karen.
From Request Accepted/Denied
After a recipient either accepts or denies a From Request the requestor will get a notification email for either being allowed or denied From permissions.
If the user has been granted From permissions they will then be able to send as that address through PoliteMail Server.
While in managed mode, administrators are able to set the From permissions for users, from the users grid. This interface can be accessed by double clicking on a user row in the grid. In the user pop-up from permissions can be added and removed from the right hand section of the panel. Saving is not necessary to commit the changes to From permissions.