Jump to Main Content
Content > Internet > E-mail Servers
E-mail Servers

You need to have things setup correctly for your e-mail server to operate well on the internet and to ensure that other servers will accept your e-mail. This includes configuration issues as well as registrations at the big networks that have their own processes you have to follow (includes AOL, Time Warner, Yahoo, Microsoft and others).

This is not an exhaustive article on how to run an e-mail server. However, you certainly want to make sure a number of things are setup correctly, especially if you run e-mail lists of any type. Make sure DNS for the domain has a proper e-mail address that is monitored and make sure you have postmaster@, abuse@, security@, and admin@domain.com pointing to someone since these are considered standard addresses for ISPs.

More info:

Configurations

Make sure you're at least doing these.... Most of these are important, but not dealt with by first-timers. Some, like SPF, are technically optional, but you want to do them anyways.

Open Relay

Test: MxToolBox SMTP Diagnostics does a basic test | SpamHelp SMTP  Open Relay Test | Previous extensive best was Svcheck (by RBL.jp) but now abandoned. Also found: AntiSpam-UFRJ Anonymous Relay Test. Scripts: PVE SMTP OpenRelay Tester | DNSstuff Mail Server Test Center

Make sure your server doesn't isn't an open relay which allows those that shouldn't to send messages through your server (typically without authentication or an improper configuration). You can find other testers on the web if you look around.

Reverse DNS

You want to make sure that your IP addresses have reverse DNS setup on them, preferably so that they match the domain used in the server's HELO message, but at least to something that resolves back to the same IP address when looked up by that name. You can check the other DNS settings for your domain using one of several DNS checkers:

Sender Policy Framework (SPF)

Check SPF for a Domain

Sender Policy Framework (SPF) is the open-source, DNS-based version of all those for-pay e-mail certification services (remind me why I need to pay you to allow your clients to accept my e-mail -- are you going to pay me to accept yours?). Essentially SPF is a DNS-queriable configuration information that specifies what servers send e-mail for the domain. This allows receiving servers to make sure the message originated from a known good server and/or to inspect it further if not. More info and a configurator at the OpenSPF Project.

DKIM/DomainKeys

DKIM  is the latest rendition of the now obsolete DomainKeys (tech info on DomainKeys). You will want to use it, and cPanel makes it easy. Required for Yahoo, perhaps others.

OTHERS

Autonomous System Number (ASN) reputation

DMARC

Check DMARC for a Domain | Configuration Highlight | DMARC Overview/Examples

Domain-based Message Authentication Reporting and Conformance (DMARC) authentication. Large-scale email receivers, such as Google, Microsoft, and Yahoo!, are increasingly requiring that email messages be properly authenticated in a DMARC-compliant way. DMARC info by ReturnPath.

Backscatter

Backscatter was a new one on me and I learned more about it from Backscatterer.org. Apparently those "does this from email address actually exist" queries to the domain of the from address can bring a server to its knees, and it's no longer considered best practice -- at least by some. I had to turn it off because of complaints by some clients having problems and found this consideration. Turning off these checks increased dramatically the amount of spam incoming, however, so I probably will need to address that again.

OpenRBL

Test: BlackListAlert | RBLS.org || Reputation: SenderBase | SenderScore | Trend Micro Global Spam Threats and IP Reputation Lookup 

Make sure your IPs aren't on the OpenRBLs (real-time black lists -- of spammers and bad service providers). Investigate and get fixed and corrected if you are. If you've been assigned an IP already on this, ask your ISP for another IP that isn't blacklisted as it's a bit of work to get off. Sign up with SpamCop to receive reports for your IP addresses/ranges as they are one of the first reports and most widely used overall.

Others perhaps worthy of using/checking:

Challenge-Response

This one has been generally abandoned and you don't want to be using it. Why not? Well try this well-written article on why Challenge-Response Anti-Spam Systems are Considered Harmful.

Web Pages / Emails

Don't forget to have web pages on your site with your policies and unsubscribe, subscribe info. Include links to these on every e-mail. Make sure the from address actually exists.

Specific ISPs

Then there are the big guys, and you have to deal with each of them separately. Might also look at the Word to the Wise Delivery WikiKeep your IP addresses updated with them. I find Microsoft and ATT to be the most difficult and frustrating to work with - no transparency, 1-2 days minimum response time. And Microsofts published forms often stop working. They have a delisting IPs address delisting@messaging.microsoft.com.

Microsoft

Microsoft (Outlook, Hotmail, Live, Office365, etc.) now (late 2017) delineates their email services into 2 programs: Office365 - and everything else (hotmail, outlook, live). Or maybe not. Sometimes you can't tell what is going on with their programs, in one location it says I need to request them separately, yet in the end, they seem to have multiple places for things. The confusion is part of what makes them difficult to work with.

For each, there are two steps: register your IPs with their JMRP/SNDS, and request delisting if you find your IPs listed on either of their their separate block lists.

Register your IPs with their feedback/reporting programs:

After login, Request Access for IP addresses and once granted (requires confirmation email), then you can view the reported traffic on their servers. If you change IP addresses, you need to update it at their site. You also need to setup the JMRP - Junk Mail Reporting Program feed (after the IP addresses have been added).

It seemed better my last trip through their system, but then the IPs was handed (by FutureHosting and Host1Plus) were on blocklists for some of the big guys. And Microsoft (and ATT) continue to be difficult to delist. They have more than one portal:

  • Office365 Delisting Portal - this one says our IP is fine and to use the Hotmail, Live, Outlook portal (sigh)
  • Hotmail, Live, Outlook Portal - and this one give an error of Access Denied and I don't have permission to access such and such script on the server. (double sigh)
  • Once you get a SRXI######### response with Delist IP in the subject line, you can call MS Delist Dept at 866-291-7726 (or general support at 800-865-9408).

Microsoft also reports that our IPs were on a frontbridge block list and to contact FrontBridge, but the frontbridge.com domain was down and not responding.

Some other links they have provided us:

  • Ensuring email from an IP isn't blocked by Hotmail / Outlook (best practices, as generally described in this doc)

ATT/SBCglobal

ATT and Yahoo seem to no longer be connected from an email administration standpoint.

ATT Postmaster | Email Errors | abuse_rbl@abuse-att.net

Yahoo

Yahoo Postmaster  | Error Codes | FAQ: Delivery Requirements

Yahoo requires use of DKIM and SPF. Yahoo changed their abuse reporting and removal/resolution methods late 2017/early 2018. They no longer offer IP or CIDR-based feedback loop reporting (ala Microsoft). 

Bulk mailers should participate in the Yahoo Complaint Feedback Loop (CFL) Program. Yahoo users can also use the Yahoo! Mail Delivery Issues Form for issues receiving email.

AOL

One of the first network providers from pre-Internet days. Now owned by Time Warner, but operated separately to some degree still. At the very least, setup an AOL Email Feedback Loop for your email servers, and keep updated - the esoteric by today's standards method to update will delight old-school veterans - and likely frustrate millennials and younger. Responses and change requests are pretty quick these days (perhaps they have better tools for the evaluators). You can also lookup error messages on the AOL Postmaster Error Page, or reach the AOL Postmaster via email or their postmaster webpage. You can request being whitelisted (if you send more than 100 messages/month to their servers).

RoadRunner

Similar to AOL (since Time-Warner owns both), RoadRunner has a general RR Postmaster page - where you can check your IP status. They discontinued their Feedback Loop program in October 2017.


Other Pages
SSL Certificates Next Page
 
Comments are solely the opionion of the author and not to be construed as the opinion of anyone else.
Login
 

 

 

(c) 2006-2007 - Mark Boyden
Privacy - Legal Stuff - Contacts