Windows-based PHP installations configured to use PHP-CGI are specifically at risk as the vulnerability exploits Unicode processing in the CGI module.

CVE-2024-4577 is a critical vulnerability in PHP, specifically affecting Windows systems running PHP in CGI mode. This flaw allows attackers to execute arbitrary code remotely by exploiting an argument injection vulnerability. 

Affected systems

• PHP Versions:
  • 8.3.x (before 8.3.8)
  • 8.2.x (before 8.2.20)
  • 8.1.x (before 8.1.29)
• Default XAMPP Installations on Windows
• Windows Systems Running in Chinese and Japanese Locales
• Any Internet-Facing Windows Server Exposing php.exe or php-cgi.exe

Further reading and related sources

• How is CVE-2024-4577 Being Exploited?
• Security Now podcast
• Cybersecuritynews.com
• Securityaffairs.com

Opt-in forms is an essential tool for building your mailing list and successful email marketing. However, they are frequently exploited by bots and malicious actors, leading to various problems.

In this article we cover the following points:

• Automated bot signups, fake, malicious signups and form spamming.
• Understanding the risks.
• How and why it happens.
• Why you need to protect your opt-in forms.
• Available protection methods in nuevoMailer.
• Best practices: Double opt-in & more.
• Monitoring and automation.

Keywords: opt-in form protection, email deliverability, sender reputation, domain reputation, form spamming, double opt-in, Captcha methods, data protection, monitoring, list cleaning.

You can read the full article here.

Step 1

Create a newsletter with the URL(s) you want to track.

Step 2

Create a campaign that uses the newsletter from Step 1 and a mailing list that includes only your own email as a subscriber.

You can give a name to this campaign like "Signature tracker X".

Step 3

Send this campaign. When you receive the newsletter copy the trackable links and you can use them anywhere you like. Email signatures, banners etc.

Anonymous tracking

You may use "Anonymous tracking" for this campaign. If you do so the only metric you will be able to see is "All clicks". Just the total number without any other details.

if you do not use Anonymous tracking then when you click the "All clicks" metric you will see a detailed click history with date, time and IP and a timeline report. In addition, the clicks will show in your Home page report "Happening now".

Of course the "clicker" will always be your own email.

A step further: friendly URL with .htaccess

This is optional. You can add these two lines in your htaccess file of your domain.

RewriteEngine On
RewriteRule ^sig$ https://www.domain.tld/mailer/inc/rdr.php?xxxxxxxxxxxxxxxxxxxx [R=301,L]

https://www.domain.tld/mailer/inc/rdr.php?xxxxxxxxxxxxxxxxxxxx is the actual tracking link you can use as explained earlier in Step 3. Instead you can use https://www.domain.tld/sig and it will have the same effect. You may replace sig with whatever you prefer.

[R=301,L] may be omitted. 301 means permanent redirect, [L] stands for "last" and means that this is the last rule to be processed.

nuevoMailer SB v.10.3 has just been released.

• PHP 8.4 ready (even without the IMAP extension which is no longer bundled with PHP).
• Stripo & Unlayer custom image managers so you can use your images from your own assets folder.
• Use MS Exchange (with MS Graph API) to send your email campaigns and process bounces.
• Mailtrap API for sending campaigns and webhook for processing feedback.
• Varying levels for admin email alerts. 
• Numerous processes and functions improved. Read all the details here.
• Check the new demo.

The problem

Automated email scanners tend to follow all links in a newsletter without of course knowing what these are about.
This results in unintentional opt-outs and complaints from our subscribers.

The solution

Ask for an opt-out reason.
Only a human can complete this process (check a radio button and click the submit button). At least as of 2025 this still works. We will see when AI powered scanners or agents will change that.
You can set your own opt-out reasons in your Sender profile (Goodbye) .

This also gives you valuable insights as to why your subscribers are leaving you. You can see these reasons in your opt-outs report.

Alternatives?

Basically it is the list, global and suppression opt-out links that are one-click actions.
Alternatives to the above are:

1. Redirect the subscriber to the "Subscriber portal" (for a full profile update).
2. Redirect the subscriber to the "Update list preferences" built-in page (for updating lists only).
3. Use opt-out by email instead of opt-out links. Learn more about opt-out by email in the Docs.

Learn more about the different opt-out links you have in nuevoMailer.

Learn more about nuevoMailer safe-tracking mechanisms to improve the accuracy of your campaign reports.

nuevoMailer SB v.10.2 has just been released.

• Improved clicks & views reporting with  Safe tracking mechanisms that filter activity from automated email scanners and bots. You can read more here.
• Automatic link tracking for Text newsletters.
• Updated bounce manager for those using their own or their Host's SMTP servers.
• Several reports and charts were updated.
• New options for attachments management.
• And a lot more. Read all the details here.
• Check the new demo.

• This updated version is primarily for your users, your clients.
• Your clients will enjoy a brand new interface with a night mode. You, as administrator can easily personalize your users' interface with a skin file, editable in your master administration panel.
• Clicks frequency analysis and a hidden Honeypot link to capture automated clicks from bots and scanners.
• Rate limiter in Opt-in forms plus a hidden spam trap field.
• Automatic link tracking also for plain Text newsletters.
• Several reports and charts were improved.
• Numerous other improvements in practically every feature.
• See all new features in nuevoMailer ESP v.4.2 here.

Having a List-unsubscribe header in your emails has many benefits.

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP shares his opinion about nuevoMailer in episode 981.

Security now is an informative, insightful and at the same time entertaining podcast that you will find quite interesting even if you are not a security professional.

nuevoMailer SB v.10.1 has just been released and it will surprise you.

• A totally new interface for improved productivity and more screen working space. 
• Css themes and Night mode. You can personalize the look of your nuevoMailer now.
• A lot of emphasis was given on the improvement of various charts and reports. More specifically we tried to cover cases such as, 
• Email scanners that click multiple times the same links in a newsletter (even at the same second).
• Privacy Protection measures from ESPs that mask the recipient's IP address and email app used. More on this here.
• A lot of emphasis was given also on opt-in forms.
• Google reCAPTCHA v3 added as option. Redesigned the default captcha method to accommodate the coming browser changes in how they handle cookies and also introduced bot spam traps and rate limiting.
• Read about the new features here.
• See the new demo.

Website Planet is the web’s premier hub for individuals and businesses seeking to create, promote, or expand their online presence.

Website Planet provides authoritative reviews, in-depth comparisons, accessible guides, and powerful tools to help you achieve your digital ambitions.

We recently had the pleasure to discuss with Luka @website planet about email marketing. Here is the link to the discussion.

In this article we cover some key challenges faced by small and mid-sized businesses doing email marketing.

We provide insights for dealing with the following issues:

1. Audience: building and maintaining an email list
2. Content: creating engaging newsletters
3. Deliverability issues
4. Analyzing and understanding data
5. Compliance with regulations
6. Additional challenges

You can read the complete article here.

This new update for nuevoMailer ESP introduces Google reCaptcha v3 as an option for opt-in forms.

The coming 3rd party cookie restrictions which Chrome has already started to apply make the current captcha method inapplicable in some cases.
This is a problem especially for ESPs since your users want to put their opt-in forms in their own websites.
Therefore in 4.1 the current captcha method was updated (using partitioned cookies) and Google reCaptcha v3 comes as a new alternative, another option.

Read about all the new developments in nuevoMailer ESP v.4.1 here.

By definition and as the name implies autoresponders come as a response after an event has occurred. Such an event is for example sign-up to a list.

With nuevoMailer you can also create autoresponders that are based on custom subscriber fields of type date and fire before the given date.

The most typical example is Birthdays & Weddings. But it can be any type of anniversary dates or other dates that are very specific to your business (order date, visit date, expiration date and similar).

Here is how it's done:

Exact day comparison: how to use

• For anniversaries you should not check this box because you are only interested on the day and month of the event.
• Take the birthday example. You can create an autoresponder that sends a newsletter one week before: "Your birthday is coming - Make your plans now".
• Some examples where you should check this box are the following:
• Order dates, expiration dates, end of support dates, next-visit dates. For such cases you could create an autoresponder with a newsletter like "Your next [appointment] is on 5 days"

Final tip
If you plan to use this feature you should ideally combine it with external database import and synchronization. These articles explain how to import customers and order dates from WooCommerce and Prestashop but the concepts can be applied to any relational databases.

Update: with the latest versions of nuevoMailer you can add a background image when creating your form. This article may still be useful for older nuevoMailer versions.

In this simple step-by-step guide you will see how easy it is to add a background image to your opt-in form.

Steps

1. Create or find a background image that you like. The image dimensions should be more or less similar to your form's width and height. It is ok and it is better to be larger.
2. Upload the image in your assets folder. Tip: use the upload utility you have in your newsletter Html editor:
   
3. Create and save an opt-in form or open an existing one. Go to your opt-in forms page and click this icon:
4. Scroll down to this part of the code and add the highlighted code that you see here:
5. Adjust the image URL to match your nuevoMailer installation URL and directory. Here are the lines to copy-paste:
   background-image: url("https://www.yourdomain/nuevomailer/assets/your_image.png");
   background-position: center;
   background-repeat: no-repeat; 
   background-size: cover;
6. Click the "Update" green button at the bottom of the pop-up window to save your changes. 
7. Click this icon to view the form: 
8. Depending on the colors you used you may need to edit your form and choose different colors for your labels, input boxes and other form contents. When you edit a form, custom changes in the code are lost. So open again the pop-up to add the code for the background image.
9. For the URL of the background-image and assuming your image is located in the assets folder, you may also use a relative path like this:  
   background-image: url("../assets/your_image.png");

• Send-Time optimization: using the multi-threaded sending plugin you can send your newsletter at the time when a subscriber is most likely to open or click.
• OpenAI ChatGPT integration. You will need an api key from OpenAI. They have pay-as-you-go plans. You can buy credit for as low as $5 and you will have ChatGPT inside your admin panel.
• Conditional content blocks builder. Makes it easier to build, edit and save blocks.
• Autoresponder improvements and new options. E.g. an AR based on X days-after is always sent at the exact hour you set it on the Xth day.
• Advanced search enhanced with new options and features.
• Read about the new features here.
• See the new demo.

In this post we cover the following topics:

- What are dormant or inactive subscribers

- What is re-engagement and how it is done

- Ideas for re-engagement campaigns and emails

- How to better use nuevoMailer for effective re-engagement and list segmentation.

Visit this page to read the complete article.

What is CTOR and how it is calculated.

Different vendors have different ways of measuring CTOR. For example, Litmus defines it in this way:

"The click-to-open rate (CTOR) is how many of your opened emails were clicked on."

We believe this is accurate and we use exactly the same way in nuevoMailer reports.

The CTOR shows what percentage of those who viewed the newsletter clicked at least one link.

In other words we count the "clickers" within the "openers" group.

These groups may vary. The "view or open" of a newsletter can only be captured when the recipient explicitly allows image downloading when viewing the email. In most cases this is enabled by default (at least for subscribers that have you as a trusted sender). But one can still click a link without downloading images.

So with CTOR we focus on those who opened and clicked.

Gmail and Yahoo (AOL) have announced new protection standards and requirements for bulk email senders. In short, they require that you,

• Authenticate your email using DKIM, SPF and DMARC records.
• Enable easy opt-out.
• Ensure you're sending emails your subscribers want.

When?

• Yahoo says 1st quarter of 2024. See blog post with details.
• Gmail by February 2024 but in fact it is already in effect. See blog post with details.

What you should do

• Check your emails for DKIM, SPF and DMARC records. Use a service like Mail tester.
• Another awesome service is dmarctester.com.
• Check your nuevoMailer activity log for errors.
• Check your email clients report. If you had seen a drop in Gmail then something may be wrong.
• Use Google's postmaster tools.
• With nuevoMailer SB v.9.9 and ESP v.4 you can DKIM-sign your emails. You should only do this if your provider does not give you this option. You can read more on this here.

• New mailing library with new api sending methods and webhook endpoints for Mandrill, Postmark, Mailjet, Mailersend, Brevo.
• Sending domains to be used for DKIM-signing. DKIM-signing is now a built-in feature. See the docs.
• Sidebar widget for the news log along with an extensive redesign. You can read more and experience the widget here. Practically, it became an app on its own similar to those offered by Headway and Beamer (but without the monthly fee).
• A new type of opt-out link that suppresses the subscriber but keeps all history.
• Load, update or add a subscriber directly from your CRM/CMS.
• New methods and options were added to the API related to retrieving statistics, creating campaigns and creating/updating subscribers.
• Numerous improvements and productivity enhancements. There is seriously a lot more to read here.
• See the new demo.

When you land on Mail tester you will see an one-time, temporary email address to copy.

There are two ways to proceed. 

• Copy this email address, open an html newsletter and send a single test email to this address.
• Or better, add this email address to your test list and send a campaign to your list.
• Then return to Mail tester and click to check your score.

Gmail will stop accepting your emails if they are not DKIM-signed or without an SPF record. Here is a detailed article on this issue from Spamresource.com.

What you should do

• Check your emails for DKIM and SPF records.
• Check your nuevoMailer activity log for errors.
• Check your email clients report. If you had seen a drop in Gmail then something may be wrong.
• Use Google's postmaster tools.
• With nuevoMailer SB v.9.9 and ESP v.4 you can DKIM-sign your emails. You should only do this if your provider does not give you this option. You can read more on this here.

The nuevoMailer API and Zapier app are now available also for your clients.

Furthermore, they have Subscriber tags and Outbound webhooks. See all new features in nuevoMailer ESP v.4 here.

• Using the snooze option is a great way to retain subscribers.
• Oracle reported an 82% reduction in unsubscribes using snooze.
• Instead of opting out your subscribers can pause receiving emails for some time.
• It is used together with the opt-out reasons you define at sender profile level. Learn more.

Mailing list management is probably the most important process in email marketing. It includes the following activities:

• Collecting & importing various email lists from different sources (customers, prospects, website visitors, leads, contacts).
• Organizing the mailing lists according your communication needs and marketing objectives.
• Segmenting the mailing lists according subscriber preferences, demographic variables, campaign engagement, specific interests and more.
• Maintaining clean & healthy lists by processing bounces, subscriber complaints, opt-outs and removing unresponsive (dormant) subscribers.

nuevoMailer provides you all the tools you need to build, grow and manage your mailing lists effectively. See how.