- Dada Mail Changelog for v9.x
- Default, "Break" email protection does not work on publically viewed archived messages
- Plugin: password_protected_directories: Submission redirects to public Dada page
- Amazon SES "Verify" will give false negative if email address belongs to a subdomain, and only domain is verified #559
- Plugin: password_protected_directories: .htpasswd/.htaccess file not updated via cron
- List Control Panel tablet/mobile view does not show a "log out" button, if there is < 2 mailing lists
- Sending messages via the List Control Panel does not look for validity in template tags
- Incorrect .htaccess in the dada/extensions directory
- Mailhide encode sometimes fails with strange input
- Sending / Options - "Save For Selected Mailing Lists" button is editable not clickable
- Dada 3 -> 4 utility script was broken
- Subscription forms in Dada Mail using JSONP, rather than JSON
This is a bugfix release for issues found in the v9.6.0 release.
Changes to StopForumSpam Integration
Originally, if the StopForumSpam service was down, any address given to it to be checked would return a,
0 status, meaning that the address is listed as problematic in StopForumSpam's database. This could lead to a lot of false negatives, which is absurd default behavior.
This has now been changed: if the StopForumSpam service is unavailable, the check is basically skipped, until the service is back up.
We've forked the version of StopFormSpam that's available on CPAN, which reflects this new behavior. That version can be found here:
and is also shipped with Dada Mail.
Control Panel Notifcations: optimized
If you look within the menu items in the List Control Panel, you'll see various pieces of information, like the number of subscribers you have next to, Membership - View, or your Sending Options next to, Sending - Options
These pieces of information were being fetched individually; each one required a call to the Dada Mail app. This adds up, as there could be more than 9 little pieces of information that's fetched! To correct this, we've changed how this all works, so only one request from the app is required to fill in all these pieces of information.
Hourly email quota bounced Messages handled better
It seems that recently, cPanel-based hosts are bouncing back messages you send with an, "you're over your email quota!" message. These are now handled correctly by the Bounce Handler, by basically ignoring them, as the problem isn't because of the address you're trying to send to, so shouldn't count against an address in the Scorecard.
Bounce Handler will also not resend the bounced message to the List Owner if that option is enabled, since doing so will fail, and bounce back to the Bounce Handler. Sending "you're over your email quota!" bounced emails is extremely short-sighted, because of problems like this. For cPanel-based hosting accounts, it doesn't seem to be an easy way to see what your hourly email quota is, and no one way to query it programatically. (Why not?)
For reasons like this, we do highly suggest using Amazon SES with Dada Mail for people getting serious with their mailing lists:
Bridge accepting email messages sent from Dada Mail
There was a curious bug found in Bridge, where it would accept a subscrption confirmation message sent from Dada Mail, to itself. This causes an annoyance to say, a discussion mailing list. This problem has been fixed.
Bridge loses mails if stopforumspam is down
Bounce Scorecard now easily exportable
In the Bounce Handler's control panel, look for the new button labeled, Export Scorecard.
Save For Multiple Lists... support
Save Bounce Handler preferences for multiple mailing lists at once.
Scheduled Jobs now can be run without a cronjob
The Scheduled Jobs require a cronjob to be set up, but many times this cronjob is not correctly set up or is removed by accident, causing some of Dada Mail's advanced functonality to not work correctly. Now, Dada Mail will periodically run the required Scheduled Jobs, if it thinks the jobs have not been run recently. We still strongly suggest to set up the cronjob to have the best experience with using Dada Mail.
More information on Dada Mail's Scheduled Jobs (cronjob) http://dadamailproject.com/d/features-scheduled_cronjobs.pod.html
This option can be enabled/disabled in the included installer and is enabled by default. More information: http://dadamailproject.com/d/install_dada_mail-advanced_configuration.pod.html#Run-Periodically-After-App-Execution
Trend data now exportable
On the default screen of the Tracker plugin, you'll see a table and line graph of basic informaton about the performance of your mass mailings, allowing you to easily to see trends over time. This data can do be exported per page presented. Look for the link labeled, export page (.csv) to the right of the page navigation.
Abuse Protection: Detect and Stop Suspicious Activity by IP Address
Dada Mail has may systems to help prevent abuse of it's subscripton system:
Limiting double subcription confirmation sending
Rate Limiting attempts by IP Address in a short amount of time
Now Dada Mail can also detect possible suspicious activity by IP Address during a subscription request by looking at trends over time of previous requests. If multiple subscription requests are happening from the same IP Address, using different email addresses, the subscription request is blocked.
This new feature works well with the current systems: StopForumSpam doesn't always list every email address/IP address that causes abuse, and Dada Mail's own Rate Limiting feature works best for Denial of Service attack attempts, and not suspicious activity that happens slowly over the course of days. That's where this new feature comes in.
Enabled by default, you may enable/disable the feature in the List Control Panel, in Mailing List - Options, Look for the checkbox labeled, Enable Suspicious IP Address Activity Protection
Multiple Entries returned for same address if Delivery Preferences are used
Installer: Global Mass Mailing Options not read during upgrade
Blank PlainText archived messages can cause infinite loop when publicly accessed
The StopForumSpam service (http://stopforumspam.com/) keeps a database of email addresses, locations, and usernames known to be used for abuse attempts on web apps like forums, blogs, and mailing lists.
Dada Mail now supports looking up this information when a user goes through the subscription process. If the IP address or email address of the user is returned by the StopForumSpam service as being known to be abusive, the first step of the subscription process fails.
This new feature can help stop your mailing list from being abused, curbs the wasting of server resources, and keeps your mailing list cleaner. StopForumSpam integration should definitely be seen as a security enhancement, as these users being marked as abusive are possibly part of a botnet, trying to find vectors for attack.
This integration of StopForumSpam is currently enabled by default, and requires the LWP Perl CPAN library - if you can send a webpage using Dada Mail, you most likley have this library installed!
Options to enable/disable StopForumSpam integration can be found in the list control panel under Mailing List - Options. Look for the checkbox labeled, Enable StopForumSpam Protection.
WWW::StopForumSpam needs to be installed, a notification will be shown below this option to alert you.
Viewing the Unconfirmed Subscribers sublist
Dada Mail keeps track of subscribers that have started the subscription process, but haven't yet confirmed their subscription by clicking the confirmation link that's sent to them via email. Internally, this sublist type is called,
sub_confirm_list (catchy name, huh?). It's used primarily to make sure the same address isn't repeatedly submitted to be subscribed again and again by some automated process. Curbing abuse is a big part of web apps like Dada Mail!
We've now added the ability to view and interact with this sublist. In the, Membership - View screen, you will see a new tab labeled, Unconfirmed Subscribers. You may view, search, delete, and export addresses from this sublist. You may also resend the subscription confirmation email message: look for the button to the left of the email address. Pressing the button will resend the confirmation email message.
This sublist is tightly coupled with the subscription confirmation process itself. Dada Mail's subscription confirmation system works with a unqiue token embedded in the confirmation email that corresponds with records in its database. These records do expire after a while (60 days by default). When these tokens expire, addresses in this sublist will also automatically be removed, keeping your mailing list tidy, and your database trimmed and fast, without any additional work by you.
Viewing this tab can be enabled/disabled in the list control panel under, Membership - Options. Look for the checkbox labeled, Show "Unconfirmed Subscribers" sublist.
New Subscriber Export Options
In previous versions, Dada Mail could export your Subscribers (as well as other sublists), but the data it exports is not customizable. It would include the added/subscribed date (timestamp), the email address itself, profile fields, as well as the delivery preferences (if that option is enabled). Some users have problems then utilizing this information as-is, since some of the information is not needed. Although this exported informaton is in CSV format, which you can open the exported file into a spreadsheet app, and do more manipulation, but many users were having trouble with this cumbersome extra step.
Now, Dada Mail also allows you to specify what data you would like exported:
Email Address (always exported)
Delivery Preferences (if enabled)
Among other things, this allows Dada Mail's exported data to be easily read and imported back into Dada Mail itself - something it couldn't do (embarrassingly) before!
Using this new functionality is simple: instead of exporting the data right away, after you click the Export button, a modal menu will open up, allowing you to choose what data you would like the exported data to hold.
Email Parsing Engine Advanced Tuning Options
Dada Mail now allows you to easily tune the underlying email parsing engine (called,
MIME::Tools), so that you can either have a faster parser that's more memory intensive (the default), or a somewhat slower parser that uses less memory.
We'll be experimenting with the latter, as it should help with working with large, complex email messages with large attachments, as well as running Dada Mail as a long-running process.
More information on how to change these options are available at,
This is a bugfix release for a problem found in the v9.4.0 release.
We've slightly tweaked the schema for the new
dada_rate_limit_hits table, making some of the columns smaller, so that they'll better fit in the index for some MySQL configurations.
If you're running Dada Mail v9.4.0 without problem, you won't have any need to upgrade to this version.
We've enabled a Rate Limiting in Dada Mail! This is a safeguard against perhaps nefarious attempts at attacking the Dada Mail when there are many requests done in a short space of time. Before v9.4.0, Dada Mail would happily try to serve each request, and sometimes this would cause problems. One scenario:
Say you have a subscrption form, and say that form has been targeted by a bot in an attempt to exploit it. There aren't any currently known exploits out there in the wild for Dada Mail, but perhaps the bot doesn't know that, so it just tries to fill out your form multiple times a second. This can cause problems with resources on your hosting account reaching their limit, and cann also cause multiple emails to be sent to bogus addresses, and probably bounce back, which cause much annoyance. If you utilize a third party email service, like Amazon SES (which we highly recommend!), this can work against you, as this service monitors bounce rates closely and will not allow the rate to go too high. If it does, you're in hot water with Amazon AWS.
Dada Mail's Rate Limiting now monitors who is requesting what, and how many times. If it notices what could potentially be signs of abuse, it'll deny the request for a small amount of time. This stops flagrant and out-of-control abuse of the app and does so easily.
Rate Limiting is enabled by default, and its options can be customized in Dada Mail's included installer. More Information: http://dadamailproject.com/d/install_dada_mail-advanced_configuration.pod.html#Rate-Limiting
Subscriber Delivery Preferences editing on Membership - View screen
For discussion lists that have digest enabled, editing indivual delivery preferences can be done on the Membership - View screen, rather than have to visit the individual subscriber's membership screen to make the edit.
Delivery Preferences are now exported, when you export Subscriber data via csv.
No Directory Listing in dada_mail_support_files directory
During installation/upgrade and when using the included Dada Mail Installer, the Installer will now create a .htacess file, with the following directive:
This stops a directory listing to be returned for anyone/anything visting the root of this directory. Since files/directories of older installs are backed up, and since some of the files in these backed-up directories could have exploits fixed in the more recent versions being installed, this simple removal of the directory index may stop these potential exploits.
This is mostly a bug-fix release, fixing bugs found in the v9.2.1 release.
Resetting List Password after incorrect login attempt creates Server Error
Save for Multiple Lists does not work for Sending >> Options
Dada Mail Changelog for v9.x
This is mostly a bug-fix release, fixing bugs found in the v9.2.0 release.
Default, "Break" email protection does not work on publically viewed archived messages
Plugin: password_protected_directories: Submission redirects to public Dada page
Plugin: password_protected_directories: .htpasswd/.htaccess file not updated via cron
Sending messages via the List Control Panel does not look for validity in template tags
No CAPTCHA reCAPTCHA support
Dada Mail now support's Google's new reCAPTHCA service, aka reCAPTCHA v2 aka No CAPTCHA reCAPTCHA. v1 reCAPTCHA is still currently supported, but you may want to move over to v2.
More information on how to setup and utilize the CAPTCHA system in Dada Mail can be found at,
Tracker: Bounce Handler individual email reports not accessble if Bounce Handler itself is not activated, when logged in via the List Password
This is mostly a bug-fix release, fixing bugs found in the v9.1.2 release.
Of note were several minor bugs found in the Installer - some of which are documented below, but other small bugs include:
Bounce Handler always being enabled to be installed
The, "Hide Administration Link" always set, even if the option is not enabled.
Mandrill API support dropped
Mandrill has changed their ToS to disallow bulk mailing, so this service is a bad fit for something like Dada Mail. We've removed the API to streamline the underlying codebase.
Amazon SES docs expanded
We love Amazon SES! We've updated and expanded the docs to help you better set up Amazon SES in Dada Mail. Docs can be found here:
Ping Test in Sending Options Test for SMTP
We've added a simple ping test to see if the host at the port you've specified can be reached. Many times, problems sending via SMTP are because the outgoing port on the server Dada Mail is installed on is blocked, rather than the SMTP credentials being wrong, or there's a bug in Dada Mail. This small enhancement will help clarify where the problem may be.
Added .htaccess file in, "dada" directory
We've added a simple .htaccess file in the main dada directory to set the DirectoryIndex to the mail.cgi script. That way, one can just visit,
and will see Dada Mail's default screen instead of nothing, or the underlying directory structure.
Installer: SQL database port value not being read correctly?
Hide Disabled Screens not working with classic side bar
Installer: SQL database port value not being read correctly?
This is mostly a bug-fix release, fixing bugs found in the v9.1.1 release.
Incorrect .htaccess in the dada/extensions directory
There was an errant .htaccess file in the dada/extensions directory, disallowing access to any of the directory contents, including extensions you may have been running. This has been removed!
Mailhide encode sometimes fails with strange input
Sending / Options - "Save For Selected Mailing Lists" button is editable not clickable
This is a very strange, and quite large bug. It basically affects anything where you need an email sent for Profile work: registering, retrieving a new password, etc,
Dada 3 -> 4 utility script was broken
Looks like the following script was not working for v9 of Dada Mail:
This script is still useful, if you're upgrading from v3 of Dada Mail, are using the SQL backend, and also have profile fields. We've updated it to work correctly with v9.
Subscription forms in Dada Mail using JSONP, rather than JSON
Dada Mail's subscrption forms that you see on the default screen, as well as the list screen's now use JSONP in the background to do their work. This is to workaround Same Origin Policies, that even effect calls from diffrent subdomains of the same domain (ie: example.com and www.example.com)
Disabling IP Check in List Control Panel sessions
By default, Dada Mail will look at the IP address that a user is said to be logged in from, and compare it to the IP address in the session data. If they do not match, the session will fail, and you will be booted out of the session.
Sometimes, this does not work as expected, so we've now allowed you to disable this feature:
In the Installer under, Advanced Configuration, check, Configure Security Options. Then, uncheck the option, Check for Matching IP Addresses. Done!
This is mostly a bug-fix release, fixing bugs found in the v9.1.0 release - of note, we broke the Tracker plugin, with the v9.1.0 release. We've also added some additional .htaccess files in directories of Dada Mail that you may not want snooping in.
Tracker plugin does not run
Save to Multiple Lists at Once
Previously: One frustration of working with a large collection of different mailing lists with Dada Mail is that each mailing list must be administrated one at a time, so it was not possible to make changes to mailing list settings fo all mailing lists at once.
Now: with v9.1.0, we've introduced the ability to saving List Settings to multiple mailing lists at once.
The following list control panel screens support this feature:
Mass Mailing - Options
Membership - Options
Sending - Options
Sending - Mass Mailing Options
Archives - Options
Archives - Advanced Options
Appearance - Email Message Template
Appearance - HTML Screen Template
Plugins/Extensions - Tracker
To use this feature, log into a mailing list with your Dada Root Password, otherwise the feature will not be available. Look for the button labeled, Save For Multiple Lists.... When clicked, a modal window will open allowing you to select the mailing lists that you would like to save the list settings for that list control panel to.
By default, all the available mailing lists are selected, but you may customize this if you would like.
Login Switch links sometimes hit server security filters
This is mostly a bug-fix release, fixing bugs found in the v9.0.2 release
We've also made similar changes to the Tracker plugin's default screen, as well as preloading some of the easier-to-create data before the rest of the data is availabl. Crunching the numbers to show the table of analytics may take a while, if you have busy lists! Now, you'll have access to the individual message reports before the index report is ready.
Filter Subscribers Through the Black List Broken
Core5 Filemanager returns URL, relative to site root, which is broken when email w/image is sent
Alert boxes showing errors hard to distinguish
This is mostly a bug-fix release, fixing bugs found in the v9.0.0 + v9.0.1 release
Amazon SES Automatic Batch Settings
Dada Mail can set up your Batch Settings for your mailing list automaticaly, using your daily quota, and per-second limits set by Amazon SES. It does so fairly conservatively. This works - but for the majority of users, it could work better. So, we've made our automatic batch settings send at a more aggressive speed, having it taper it's speed back, as you come closer to your set quota.
Expect 10x speed up for mass mail sending if you haven't used any of your daily Amazon SES quota. And we're not joking.
Send a Webpage and Plaintext Messages
Dada Mail's Send a Webpage screen was initially envisioned to send out HTML-formated mailing list messages fetched via a URL. Users have said that they would like to use the same functionality to send PlainText-formatted messages. But when they try, Dada Mail complains about a missing HTML version of the webpage.
Dada Mail should now have proper support to explicitly NOT set an HTML version of a message, as well as the ability to correctly send a PlainText version of a message, without requiring an HTML version.
Setting a Plainted scheduled message with the Send a Webpage screen will also work correctly. Dada Mail should correctly sense if the PlainText version has been modified since the last mass mailing has been sent, and skip over a scheduled mass mailing (if you have set things up to do so).
Quoted Replies not formatted correctly in public archives
Discussion messages usually show some, or all of the original message they're replying to. Dada Mail formats this reply, so that it's easier to distiguish the reply, from the original message - just like your mail reader. This functionality seems to have been missing in v9 of Dada Mail, as the needed style was removed.
We've changed this functionality, so that quoted text shown in the public archives are simply wrapped in blockquote HTML tags.
In certain situations, file attachments were not properly being sent with mass mailings. We've done some work to ameliorate this problem. This problem may be related to the updated version of the Core 5 Filemanager that we ship with Dada Mail, and how it handles handing back the name of the file you have uploaded and selected.
Admin login if no mailing lists are public
If all your mailing lists are private, the admin screen shows NO popup menu to select your list, as well as a button labeled, "More..." that you can press to get a textbox to enter in your list shortname. This is silly.
Now, if the above scenario is in place, you'll see a textbox.
SQL Options in Dada Mail Installer when SQL is not available
Dada Mail requires the Perl driver for the SQL backed you would like to use. If none are available, the included Installer will simply not show any options, which will confuse the user into thinking that no backend configuration is needed, rather than perhaps allude to the fact that one of those required drivers needs to be separately installed. This should now be fixed.
Caching of js and css files
This is usually a very good idea! But, some users have been having trouble when upgrading Dada Mail, as the browser is using older versions of these files, breaking their just-upgraded Dada Mail. To help this problem, we're adding a simple query string to the end of the URLs for .css and .js files (that aren't already versioned), so that cache-hungry browser will use a new version of the file, when a user upgrades their Dada Mail.
Initial release of v9. Hurray!
This release introduces a new visual look, feel, and functionality to Dada Mail's Front End, thanks to the utilization of the Zurb Foundation Front End Framework:
Big wins to using the Foundation Framework are:
Removal of Crufty HTML
Dada Mail is a mature application, first written in 1999. Some of the HTML used for formatting was still relying on tables. Still! Almost all table-based layouts have now finally been removed, being replaced using Foundation's Grid Layout System:
Tables are still used, but usually only for tabular data.
Dada Mail takes full advantage of Foundation's support for Repsonsive Design, especially in the List Control Panel. That means you can more easily and comfortably use Dada Mail on your phone or tablet - the design will adapt to your screen's available real estate. For example: The List Control Panel's top bar menu will be hidden off-canvas if you're viewing on a phone device, but can be revealed via a hamburger menu on the upper left side of the toolbar menu.
At this point, we have not heavily customized Dada Mail's design - the app right now has the same look and feel of the default styling of Foundation. Future releases will move towards refining Dada Mail's own design. To do this, we will be utilizing Foundation's SASS workflow:
One-Click Unsubscribe has been reintroduced into Dada Mail in a much more secure form, as well as now being smart enough to know when the unsubscribe link has been visted by an actual user or an app that is scanning the received message and then following all links found within.
Enhanced Mailing List Login Security
Dada Mail now records the IP Address from a successful login. If this IP Address changes through a session, the session will be invalidated, and the user will be required to log in again.