Tendenci now gives you the ability to email all, paid, or
non-paid registrants for your event. Simply select the appropriate group and your registrants will receive your
custom formatted email.
Funding for Photo Albums Export
Hey all you totally awesome Tendenci users… If you use the photo albums module in Tendenci and are interesting in funding functionality for a bulk export of your albums, please contact Kim Lange at Schipul – The Web Marketing Company at 281.497.6567 ext. 514.
The basic export would include exporting your album to a zip file (no photo information will be included in the export). You
would not have to download your images individually. It cost about 2k
to add this functionality to the photo albums module.
Cross Site Scripting
We wanted our clients to know that security researchers discovered cross site scripting vulnerabilities in numerous Tendenci modules yesterday. Specifically a munged URL could be used in spam creating a link that looked legitimate. When a user clicked that link it would have then redirected them to a different site as intended by the bad guy.
The vulnerabilities have been patched and our programming team is continuing to test our security functions.
The timeline was we were contacted by security researcher Russ and Secunia yesterday morning. The patches were posted live on the server farm within hours.
Our biggest take away is a sense of gratitude for security researchers who help us keep our products and the Internet secure. It can be a thankless task so to be clear our position is THANK YOU!
FAQ:
Q: Did we lose any data?
A: No.
Q: Did any of our secure content get accessed?
A: No.
Q: Did any spammers take advantage of the cross site scripting vulnerabilities to redirect users?
A: We are researching this. So far we have only seen the safe tests run by the security researchers.
Q: What else do I need to do?
A: Nothing at this time. We have security as our top priority and will continue to do so.
Thanks,
Jennifer Brooks
UPDATE:
We are very pleased to read Russ’ post about our quick response to the Cross Site Scripting vulnerability, entitled ‘Fastest Fix in the West: a vendor’s excellent response’. We are amazingly passionate about Security, our software and our amazing Clients – so this recognition means a lot. Here’s an excerpt of his post:
Rare is the occasion when one who researches and responsibly reports
web application vulnerabilities is met with an open, immediate,
consumer oriented response from a vendor. But so it was when I let the
folks who develop Tendenci, a Schipul offering, know about a few XSS
issues… To Schipul I say well done, extremely well done, and thank you…. (read the rest of the post)
You can now merge usergroups in Tendenci
Good news Tendenci users! You can now merge or append usergroups.
Merging usergroups allows you as an admin, to take users from one group and add them to another. You have the option to delete the group entirely.
Append usergroups allows you to merge usergroups while keeping the source group.
You will need a site authentication string to do the merge.
Check out the help files.
- Merging usergroups – https://www.tendenci.com/help-files//v/484
- Appending usergoups – https://www.tendenci.com/help-files//v/485
Corporate Membership Module Added Renewal Process and Renewal Reminder
We have recently rolled out the corporate membership renewal process and renewal reminder. Although they are the basic functionalities in the corporate memberships module, for some reason, they didn’t get included in the initial release. For those who were waiting for this process, we greatly thank you for your patience!
The corporate membership renewal process let you renew your corporate membership as well as the individual memberships under the corporate membership provided that the individual membership type is tied to the corporate membership. For more information on how to renew your corporate membership as an admin and as a dues rep, visit the help files How do I renew a Corporate Membership as an Admin? and How do I renew a Corporate Membership as a Dues Rep?
The renewal reminder will be sent to the dues representative certain days before or after the expiration date. The default setting is 7 days before the expiration date. To turn on or off the renewal reminder, and change its frequency on your site, simply go to http://www.yourdomain.com/en/corporatememberships/ and you’ll find the links to do so. Certainly you must be a site admin.
Newsletter Images Are Now Displaying Properly
What happened?
The software update to help make our email compliant, caused a slight change in the way newsletters were created. This required one extra step to make all paths to your images absolute paths instead of relative paths.
If you have experienced trouble with your Newsletter images displaying this week, The programming team has fixed this for you. Yay! Thank you Programmers!
What did the Programming Team do?
A snippet of code has been added that will automatically turn your relative image paths into absolute image paths for you. This change is automatic so your Tendenci Newsletter images will now display properly in preview mode and in your inbox. The code was accidentally overlooked on the first update, so we apologize for any inconvenience that it may have caused.
What is the difference between the paths?
A relative path is a path to an image or a page that does not include your full website address. You will use relative paths when you are linking to images or pages that live within your Tendenci site. This is an example of a relative path to an image:
An absolute path is a path to an image or a page that does include your full web address. You will use an absolute path when you are linking to images or pages outside of your Tendenci site. This is an example of an absolute path to the same image:
For more information on uploading images and creating newsletters, please visit our Tendenci help files.
Don’t let your emails get passed over: Customize your sender display
To show the name you want to appear in the "From" field of a
recipient’s incoming mail when sending out a newsletter you must adjust
the Sender Display field .
What you enter in the Sender Display field will display in your email along with the new Do Not Reply email address. If
you leave Sender Display blank, only the new Do Not Reply email address will
display in the "From" field of your recipient’s incoming mail.
This is an example of what your newsletter will look
like when it hits your recipient’s inbox if you use the Sender Display.
The Sender Display field will automatically populate when a newsletter
is created with the newsletter creator’s name. The helpfile on how to edit your Sender Display is located here https://www.tendenci.com/help-files//v/474.
You must be sure to include your correct address in the ReplyTo field to ensure email replies are sent to your email address.
Otherwise, they will be sent to the DO-NOT-REPLY-TENDENCI@schipul.net
and will not make it to your inbox, which would be sad.
For more information on why we use DO-NOT-REPLY-TENDENCI@schipul.net, please read our helpfile: What is DO-NOT-REPLY-TENDENCI@schipul.net
Importing users into Tendenci just got easier!
This update has been a long time coming! We appreciate all of the patience and ideas on how to make importing users into Tendenci better and more user-friendly.
You can now rename the columns to fit your own needs. It does not have to be in the order of the import template. The header and the title rows can be left in the spreadsheet. Test it out.
Please visit the helps files on preparing a file for user import or learn how to import users into Tendenci.
Tendenci Enhancements Help Newsletters Reach More End Users
The Tendenci team works hard to keep your Web marketing efforts successful and effective. In a recent effort to combat SPAM, we have implemented some changes in the way your Web site sends your emails, newsletters and notifications.
These changes not only make your site’s email compliant with Internet rules and regulations of email delivery, but also increase your site’s email deliverability.
When an Email notification, Contact Form Submission or Newsletter is sent from your Tendenci site, it will now have a sender address of DO-NOT-REPLY-TENDENCI@schipul.net. This email address matches the address of the mail server that is being used to process and send your emails – which looks more legitimate to other mail servers, resulting in increased deliveries.
What are you talking about?
Old Way:
To a server, the following sample email header could look like Spam as it is sent with the sender’s own email address from a Tendenci site’s newsletter generator (@hotmail.com vs. @schipul.net):
Return-Path: mdinkleplotz@hotmail.com
Sender: mdinkleplotz@hotmail.com
From: "Mary Dinkleplotz" <mdinkleplotz@hotmail.com>
Subject: My organization’s newsletter!
New and Improved Way:
By changing the ‘Sender’ path, your email will appear less suspicious as the sender address matches your Tendenci site’s mail server that is being used to send the email (@schipul.net):
Return-Path: DO-NOT-REPLY-TENDENCI@schipul.net
Sender: DO-NOT-REPLY-TENDENCI@schipul.net
From: "Mary Dinkleplotz" <mdinkleplotz@hotmail.com>
Subject: My Organization’s Newsletter
How does this affect me?
If I were sending a newsletter to you from the Tendenci website, you would receive my Newsletter in your inbox and the "Sender" would be DO-NOT-REPLY-TENDENCI@schipul.net (this is generally not displayed by the email application).
The "From and/or Reply To” address will continue to have the email address of the user who was specified in the ReplyTo field pictured below:
You must be sure to include your correct address in the ‘ReplyTo’ field
(see below) to ensure email replies are sent to your email address.
Otherwise, they will be sent to the DO-NOT-REPLY-TENDENCI@schipul.net
and will not make it to your inbox, which would be sad.
The Good News:
This mandatory update was made specifically to help improve your email deliverability. It also makes your email compliant with regulations outlined here: http://www.openspf.org/Best_Practices/Webgenerated
Please Note!:
With this change, some of the Tendenci Newsletter bounce back features will be temporarily disabled. This means you will not be receiving your newsletter bounce backs until further notice.
Many Tendenci clients count on receiving their bouncebacks to remove or update email addresses on their mailing lists. We are aware that this temporary disruption may be a challenge for you, so we can offer a solution for you.
By editing your Site Variables, you can revert to the old email sender Return-Path, instead of utilizing the new, compliant sender email address. To make this change, you will need to edit the variable called: SiteEmailNoReplyAddress
We strongly recommend that you do not change this variable as YOUR
EMAIL DELIVERY RATES WILL DROP IF YOU REVERT BACK!
If you are still not sure if you like the change, this quote from Ed Schipul pretty much sums it all up:"Yes – it IS less convenient. But spammers make everything hell so we need to do this." – Ed Schipul, CEO
Holiday Spam getting you down?
If you are noticing increased amounts of SPAM on your Tendenci site, there are a few things you can do about it.
Here are a few:
- Enable CAPTCHA on custom CMS forms – Visit the help file on how to do this: https://www.tendenci.com/help-files//v/467
- To enable CAPTCHA on your contact form you just need to activate this command in the site XML. Visit the help file on how to do this: https://www.tendenci.com/help-files//v/468
- Lastly, you can block email addresses from submitting forms from your site. – Visit the help file on how to do this: https://www.tendenci.com/help-files//v/466
If you need assistance, please contact support@tendenci.com or call 281.497.6567 ext. 411.