Dada Mail v9.4.0 Released – Rate Limiting

Dada Mail v9.4.0 has been released – download and install using the instructions here. Changelog is below:

Rate Limiting

We’ve enabled a Rate Limiting in Dada Mail! This is a safeguard against perhaps nefarious attempts at attacking the Dada Mail when there are many requests done in a short space of time. Before v9.4.0, Dada Mail would happily try to serve each request, and sometimes this would cause problems. One scenario:

Say you have a subscrption form, and say that form has been targeted by a bot in an attempt to exploit it. There aren’t any currently known exploits out there in the wild for Dada Mail, but perhaps the bot doesn’t know that, so it just tries to fill out your form multiple times a second. This can cause problems with resources on your hosting account reaching their limit, and cann also cause multiple emails to be sent to bogus addresses, and probably bounce back, which cause much annoyance. If you utilize a third party email service, like Amazon SES (which we highly recommend!), this can work against you, as this service monitors bounce rates closely and will not allow the rate to go too high. If it does, you’re in hot water with Amazon AWS.

Dada Mail’s Rate Limiting now monitors who is requesting what, and how many times. If it notices what could potentially be signs of abuse, it’ll deny the request for a small amount of time. This stops flagrant and out-of-control abuse of the app and does so easily.

Rate Limiting is enabled by default, and its options can be customized in Dada Mail’s included installer. More Information: http://dadamailproject.com/d/install_dada_mail-advanced_configuration.pod.html#Rate-Limiting


v9.4.0 Beta 1 is out – Rate Limiting!

Hello everyone, v9.4.0 Beta 1 is out.

Download and Install:

http://dadamailproject.com/support/documentation-9_4_0-beta1/install_dada_mail.pod.html

(Pro Dada versions are available)

This version has the new Rate Limiting feature built in. Seems to work really well! Now that it’s a part of the app, seems a little naked to run without it. Rate Limiting is currently enabled by default, and also has settings that can be customized in the installer. I’d love to get some more real-world feedback in seeing if the feature is working at all/as intended. I’m running it myself and seems to work well. It’s one of those, “Behind the scenes” features though, so nothing out of the ordinary seems to be different, unless something is terribly wrong!

Here’s what you need to know:

http://dadamailproject.com/support/documentation-9_4_0-beta1/install_dada_mail-advanced_configuration.pod.html#Rate-Limiting

Rate Limiting

When enabled, rate limiting keeps track of the requests of certain features in Dada Mail – features like trying to log into the list control panel, or subscribing to a mailing list. Dada Mail keeps track of these requests by IP Address and can be configured to have a maximum amount of requests per timeframe. If more than the maximum amount of requests are made within the timeframe, the rate limit is said to be exceeded, and further requests will be denied.

This feature is especially important in any feature that involves filling out a form, then having that feature send out an email, like a subscription confirmation. Potentially nefarious bots may be filling out your subscription form quite blindly, with various bogus email addresses, causing all this unneeded email to be sent, then bounced back. If you’re using a third party email sending service, like Amazon SES, this out of control behavior could potentially lead to problems with you not following their Terms of Service.

Although rate limiting in Dada Mail was first implemented for the above scenario, it’s used in many other places:

• Running the Cronjob Schedule

• Subscription by the classic subscription form

• Subscription via the RESTful API

• Subscription and Unsubscription Confirmation via the token URL (or any URL with a token in it)

• Logging in and out

• Encrypting a password

• Requesting to download a file attachment

• Profile activation/registering/resetting password/login and out

• Accessing the list control panel login screen

Enable Rate Limiting

Check this option to enable Rate Limiting. Enabled by default

Timeframe (in minutes):

Timeframe is the amount of time a number of requests for a certain feature/function can be made

Max Hits

Max Hits are the amount of requests for a certain feature/function that may be done in the Timeframe set above.

If more requests than the Max Hits happens within the Timeframe, the feature/function will be inaccessible, until the number of requests is below the Max Hits threshold. Any other feature mentioned will still be available to the user, and any other users of the app will not be affected (unless of course they’re being tied to that same IP Address)

Config Variable:

$RATE_LIMITING .

That’s it! Give it a try,


Dada Mail v9.3.0 Released

Dada Mail v9.3.0 has been released – download and install using the instructions here. Changelog is below:

Features

Subscriber Delivery Preferences editing on Membership – View screen

For discussion lists that have digest enabled, editing individual delivery preferences can be done on the Membership – View screen, rather than having to visit the individual subscriber’s membership screen to make the edit.

Delivery Preferences are now also exported, when you export Subscriber data via csv.

Changes

No Directory Listing in dada_mail_support_files directory

During installation/upgrade and when using the included Dada Mail Installer, the Installer will now create a .htacess file, with the following directive:

        Options -Indexes

This stops a directory listing to be returned for anyone/anything visiting the root of this directory. Since files/directories of older installs are backed up, and since some of the files in these backed-up directories could have exploits fixed in the more recent versions being installed, this simple removal of the directory index may stop these potential exploits.


Testimonial: Biz-comm.com

As a full-service marketing agency, one of my deliverables is providing maillists for my clients, both in a newsletter format and a news/announcement/text format. I was one of the very early subscribers to Dada Mail, more than 15 years ago, if memory serves. I bought a “lifetime” subscription and have installed the program on dozens of sites over the years. My oldest version, still functioning, is 3.3 and I recall updating that one, so best guess is that I owned one of the very first versions.

My preferred method of delivery is to create a responsive web page for the content. For some clients, I have set up an admin back end so they can fill in the content within the framework. For others, I write the content. Once the page is uploaded to server, I (or client) use the “Send a web page” feature in Dada for a clean, easy delivery. The web page is then included in a listing on the client’s website for future review by new visitors.

Over the years, I’ve watched as Dada has grown and grown. The features are very impressive. I really appreciate the database component for the listeroos. Either I didn’t know how to do the mysql feature in the beginning, or it was a later add-on, but I take full advantage of it now and it is a lifesaver for managing the list.

I have run into a few things that were a puzzle, especially when a new version came out, but Justin has always been patient with me and responds immediately.

I have recommended Dada to all my colleagues, on several lists. I am 100% satisfied not only with the program, but with the extreme level of personal customer support when something eludes me.

Thanks, Justin, for your product and for your support.

– Patrice Olivier-Wilson, Biz-comm.com


Testimonial: Orienteering Utah

We’ve been using Dada Mail for several years now to keep our orienteering club members informed about events and other news. For about five years now, Dada Mail has worked flawlessly for us without requiring support. The feature set is robust and meets our modest requirements, yet the product is clearly scalable as our organization membership continues to grow. It integrates well with our Joomla installation and looks nice on our website.

Service from Justin at Dada Mail is superb! He is very responsive. The website is often updated with news and important information about the product. The documentation is clear and easy to read. Sometimes, I watch the videos and read the documentation to make sure that I haven’t missed anything and am using the product to its fullest capacity for our requirements.

– Darren Stanger, Orienteering Utah


Testimonial: Texas State Archery Association

I began writing the newsletters for the Texas State Archery Association in around 1999, transitioning the TSAA from paper & snail mail to electronic emailing, and creating our website at the same time, texasarchery.org . I had to design and maintain a custom relational database of subscribers by hand to support that newsletter function.
So finding Dada Mail, a specific software designed to do all the hard work, a few years ago after searching and trying a variety of similar ‘wares was just incredible to me. The feature set was (and is) just huge! Dada Mail has a *lot* of useful features we can grow with, and I rest easier knowing we are fully compliant with the rules and regs for emailing newsletters. You do not want to expose your non-profit organization to “problems” and Dada Mail covers this base for us quite well.
I’ve done both the install myself, and then also paid the Pro fee for upgrades and things like optimizing sending via Amazon SES. Justin is fast and efficient, and the relief to me in having him “make sure” has been quite a comfort well worth the reasonable fees.
I have to also say that it is almost magic how easy it is to compose, test, and then release newsletters!

Justin is very personable, and a pleasure to work with. It’s hard to say whether the product or customer service is better but very easy to say they both are great.

A.Ron Carmichael, R.Ph.
USA Archery Level IV-NTS Coach
President, Texas State Archery Association