[bilalhusain]

Great job. You need to fix a couple of things

- https

- http://retentionbooster.com/site/api_addaction?action_name=l... should return a pixel not a text/html 1

- the response when a returning user logs in is currently a 500 error (insert into rb_retentions fails because of duplicate email)

- anyone can login to dashboard with a non registered email or non-email http://retentionbooster.com/site/adduser?email={random}&pass...

- make sure the retention email doesn't end up in spam folder

[rbinv]

> - anyone can login to dashboard with a non registered email or non-email http://retentionbooster.com/site/adduser?email={random}&pass....

Does not seem to happen, here (shows the home page). Maybe you're cookied/logged in?

> - make sure the retention email doesn't end up in spam folder

That's not really up to him (except, of course, for basic sender stuff like SPF and DKIM).

[bilalhusain]

- login (use something like http://retentionbooster.com/site/adduser?email=a43abe&passwo...)

- choosing a good transactional email service might be helpful.

[rbinv]

That's a pretty good idea (as long as these are considered "transactional" by the provider).

edit: Can confirm the authentication behavior now.

edit 2: In fact, the username is printed without any escaping.

[spacefight]

You have a page "Company". If you are a registered company, indicate its name and place of registration. That would add credibility.

[makyol]

Thanks. We are not cooperated yet but that would definitely be a good idea.