Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
April 13, 2012, 05:47:41 PM Last edit: April 19, 2012, 12:29:20 AM by Stephen Gornick |
|
Honestly, I hadn't considered PGP support, because so few people use it. Now that you mention it, though, it might not be too hard to implement. Say:
1. received email address 2. checked for public key associated with it 3. if found, sign the message before sending
I'll look into it a bit more. Right now, though, I don't see any downside to such an arrangement.
The reason a person might use Coinapult is likely because the person isn't technical. PGP is still mostly only for those who are technical. Maybe do risk assessment. Sending amounts over 2 BTC or something like that provides a warning to the sender that warns about the potential risk of loss.
|
|
|
|
bearbones (OP)
|
|
April 13, 2012, 06:03:30 PM |
|
Honestly, I hadn't considered PGP support, because so few people use it. Now that you mention it, though, it might not be too hard to implement. Say:
1. received email address 2. checked for public key associated with it 3. if found, sign the message before sending
I'll look into it a bit more. Right now, though, I don't see any downside to such an arrangement.
The reason I might use Coinapult is likely because the person isn't technical. PGP is still mostly only for those who are technical. Maybe do risk assessment. Sending amounts over 2 BTC or something like that provides a warning to the sender that warns about the potential risk of loss. I like this idea a lot. I have thought a lot about the security of the system, and think this is a good bit of transparency. I've modified the email text a bit, to make it more user friendly. Thanks Foxpup for the suggestions!
|
|
|
|
Foxpup
Legendary
Offline
Activity: 4508
Merit: 3180
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
April 14, 2012, 04:37:33 AM |
|
Honestly, I hadn't considered PGP support, because so few people use it. Now that you mention it, though, it might not be too hard to implement. Say:
1. received email address 2. checked for public key associated with it 3. if found, sign the message before sending
I'll look into it a bit more. Right now, though, I don't see any downside to such an arrangement.
Searching for public keys by email address is not reliable, as some people don't (and in some cases don't want to) have their public key on a keysever. Also, most keyservers don't verify keys, so it's all too easy for someone to upload a bogus key to the keyserver to prevent people from being able to receive their bitcoins (or steal the bitcoins, if they have access to the recipient's email). A better idea is to allow public key files to uploaded or copy/pasted, and/or specified by URL. Also, I think you mean encrypt the message before sending. Signing it won't achieve anything.
|
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
|
|
|
Realpra
|
|
April 15, 2012, 08:38:24 AM |
|
Did this myself manually, its a bit of a hassle copying .dat files, but not overly so.
(Compare to going shopping for some present)
This also meant I had complete control of the encryption process and made sure everything was safe.
Coinapult is still great, we need more like that, perhaps a program you could run offline on your computer?
|
|
|
|
bearbones (OP)
|
|
April 16, 2012, 05:59:54 PM |
|
After much poking with SPF and DKIM, I realized it is much easier and more trustworthy to allow a third party to send out our emails. As such, I created an Amazon SES account, and am in the process of integrating it. Should be up later today, and resolve the spam filter issue once and for all.
|
|
|
|
rjk
Sr. Member
Offline
Activity: 448
Merit: 250
1ngldh
|
|
April 16, 2012, 06:17:16 PM |
|
After much poking with SPF and DKIM, I realized it is much easier and more trustworthy to allow a third party to send out our emails. As such, I created an Amazon SES account, and am in the process of integrating it. Should be up later today, and resolve the spam filter issue once and for all.
SES sounds cool on the surface, but it is complicated to work with. I like http://sendgrid.com/ - although it is meant for bulk mailers and things, you can use it for most any email that you want your servers to send, and they will take care of reputation management and such things. You will need to play with SPF and DKIM when using it, but it is much nicer to live with.
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
April 16, 2012, 06:57:09 PM |
|
After much poking with SPF and DKIM, I realized it is much easier and more trustworthy to allow a third party to send out our emails. As such, I created an Amazon SES account, and am in the process of integrating it. Should be up later today, and resolve the spam filter issue once and for all.
SPF and DKIM are difficult? SPF is only an entry in your DNS settings. DKIM is also easy to integrate if you use exim on your server to process the emails. I should also tell you that it won't resolve your inboxing problems. Only email content and maybe $100k paid anualy to certain companies will resolve your inboxing problems. But only on hotmail and yahoo. In regards to gmail you are SOL...
|
|
|
|
ShadowOfHarbringer
Legendary
Offline
Activity: 1470
Merit: 1006
Bringing Legendary Har® to you since 1952
|
|
April 16, 2012, 07:34:19 PM |
|
After much poking with SPF and DKIM, I realized it is much easier and more trustworthy to allow a third party to send out our emails. As such, I created an Amazon SES account, and am in the process of integrating it. Should be up later today, and resolve the spam filter issue once and for all.
SPF and DKIM are difficult? Kind of, yes. It took me 2 days to configure DKIM + SPF on one server (3 domains). Of course, I am not the best sysadmin, still learning. Theoretically it is easy, but when it comes to practice, there are A LOT of ways in which it can go wrong, believe me.
|
|
|
|
bearbones (OP)
|
|
April 16, 2012, 08:37:24 PM |
|
After much poking with SPF and DKIM, I realized it is much easier and more trustworthy to allow a third party to send out our emails. As such, I created an Amazon SES account, and am in the process of integrating it. Should be up later today, and resolve the spam filter issue once and for all.
SPF and DKIM are difficult? SPF is only an entry in your DNS settings. DKIM is also easy to integrate if you use exim on your server to process the emails. I should also tell you that it won't resolve your inboxing problems. Only email content and maybe $100k paid anualy to certain companies will resolve your inboxing problems. But only on hotmail and yahoo. In regards to gmail you are SOL... Actually, the issue I've been having with DKIM is a bug in my hosting account. When I submit the DKIM entry into the DNS system they provide, it escapes some characters, rendering it invalid. I'm sure they could fix this if I contacted them, but I found a better solution anyway.
|
|
|
|
MPOE-PR
|
|
April 16, 2012, 08:44:47 PM |
|
We were actually thinking of developing something similar, sort of paypal-for-bitcoin. After all this is how paypal got its initial base, back in 2001 or whatever. Not as much for the money, more of a public service, to help the spread of bitcoins.
Since you made the first move, you get the domain bought for this purpose (bitpal.us) free of charge (you will need a namecheap account). Pm me for the push. Best of luck to you.
|
|
|
|
bearbones (OP)
|
|
April 17, 2012, 04:51:35 PM |
|
I just got turned on Amazon SES sending, which seems to have resolve the spam issue. Please let me know if any messages from now on get flagged as spam. Thanks!
|
|
|
|
|
|
notme
Legendary
Offline
Activity: 1904
Merit: 1002
|
|
April 17, 2012, 07:35:22 PM |
|
thanks for the quick resolution
|
|
|
|
moocow1452
Sr. Member
Offline
Activity: 240
Merit: 250
Don't mind me.
|
|
April 19, 2012, 04:22:50 AM |
|
Might want to put a contact link somewhere on the page, even if it just goes back to here.
Also, could the capacity to auto deposit Catapult Payloads sent to an email address be added, in case it catches on as a form of payment? Might want to consider staggered withdraw and reloadable deposits if you want to integrate on-site wallet functionality, but for your current scope, it looks great.
|
|
|
|
simplelove
Member
Offline
Activity: 170
Merit: 10
|
|
April 20, 2012, 07:50:54 PM |
|
anyone tried? reliable? no bicoins lost in the process? then I might give a try.
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
April 20, 2012, 09:11:12 PM |
|
anyone tried? reliable? no bicoins lost in the process? then I might give a try.
Don't need to try to know evoorhees and barebones ventures are as reliable as they can be. If bitcoins get lost in the process, most likely it won't because because of them. And if it is indeed because of them I have every reason to believe they'll do the right thing But don't take my word for it.
|
|
|
|
arby
Donator
Member
Offline
Activity: 112
Merit: 10
keybase.io/arblarg
|
|
April 21, 2012, 08:39:48 AM |
|
a very interesting concept, I especially like the API feature.
|
|
|
|
bearbones (OP)
|
|
April 22, 2012, 01:41:56 AM |
|
Thanks for the vote of confidence, psy, we always do our best to run an honest, tight ship. Some updates: Added a contact page. Modified the API to allow direct to Bitcoin address transactions. Added an optional 4-8 digit pin number to the API. I could easily allow people to enter a pin number on the home/send page, but I think this might cause too much confusion. The idea of a pin is that it isn't emailed to the user. So, for instance, BitInstant generates a pin and displays it for the user at the time they create their cash to bitcoin order. The pin is not included in the email, so the user is expected to note it and remember for fund retrieval. What do you folks think? Is there utility in allowing a pin to be entered on the website send form, or will this simply confuse?
|
|
|
|
mem
|
|
April 23, 2012, 05:07:12 AM |
|
a confirmation email sent to the from address would also be a nice feature
recipient never received email, no rejection email sent. Will follow up with site admin tonight.
|
|
|
|
|