ways to prevent email from being marked as spam
I have been looking into how to make it less likely that legit emails from my mail server get marked as spam, as in the past when I have sent some emails they have been marked as spam. I came across a few methods, such as DKIM, SPF, and things like that. However, I would like to see if there is anyone who can give me directions on how to set these things, and anything else that would be helpful in this regard up. I run postfix on ubuntu 10.04, and use dovecot as my pop3 etc agent. Some specific requirements follow:
I need to be able to have email be not considered spam coming from certain domains, which I understand spf can help with. Also, I need certain server's email to be allowed, as I use this email server for a relay for 2 other servers.
In addition, I also send email from mail clients on often dynamic IP Addresses. So in that case I would need to somehow make sure that email from my computer didn't get marked as spam, and my laptop, and etc. This I'm not sure how to do, as a laptop would often change addresses, unless there is some way to do that without using IPs.
Anyway, if someone could point me to or give me instructions on how to set up DKIM and SPF with postfix, along with any other necessary services, that would be great.
Oh and if anyone has skype and would like to call me to talk me through it I can give you my name or email (if you'd prefer email) in a pm. Just ask.
Thanks,
-Michael.
4 Replies
@lilmike:
"A world that contained a creature as amazing as that bumblebee was a world he wanted to live in." – Christopher Paolini, Brisingr.
"The songs of the dead are the lamentations of the living." -- Christopher Paolini, Eldest.
These quotations reminded
me of a joke about the
digestive process of vampires:
What did one British vampire
say to the other British vampire?
"I can't stand your bloody farts!"
James
This page
(Allow): +all - This says that the whole world is allowed to send mail on behalf of the domain; pretty much worthless.
(Mark suspicious): ~all - Says that no other machines should send mail on behalf of the domain, but does not guarantee that this is the case.
(Deny): -all - Says that no other machines are allowed to send mail, and that any mail received from other machines can be considered bogus.
(option not shown): ?all - Neutral; does not make either a positive or negative statement about other machines not listed in the SPF record. I recommend using this, especially first starting out.
You can check the validity of the record against the spectest addresses
SPF will not make a huge improvement in how your e-mail is treated, but is worth the minimal effort to set up.
I'm not very familiar with DKIM, and it's a more involved setup process. However, it does seem to be used by large mail providers for judging reputation and is a good idea if you want mail to go through to their users.
I looked at the link you gave for the wizard – looks like it doesn't exist or is having trouble. I read the intro to spf on the spf website, but I don't get quite how it works.
Basically I want my mail server at mail.speedofsoundgaming.com to send mail for all the domains I'm setting this up on, but one thing I don't get is, since the servers sending mail for some domains relay mail through that server, do I have to put their ips as well? Or will the fact that the mail first goes to that server be sufficient. Also, I want to be able to send mail from my computer, which often has a dynamic IP. Is this covered by the ?all directive? or does, again, the fact that I connect to my mail server to send mail provide the security here.
Thanks,
-Michael.
EDIT: I followed instructions on
That SPF generator was working when I posted it, looks like it's disappeared now.
Let's take an example. Your Linode has IP address 12.34.56.78, and you want to send mail on behalf of example.com. You would need to get the person who runs DNS for example.com to put in an entry like the following:
example.com. IN TXT "v=spf1 ip4:12.34.56.78 ?all"
This explicitly designates your Linode as an approved sender. The ?all means that receivers should treat other machines no worse than they ordinarily would. Often, coming from a dynamic IP is enough for hosts to not accept mail
If you have dynamic DNS set up for your home machine, you could do something like this, substituting the actual hostname used to point to you:
example.com. IN TXT "v=spf1 ip4:12.34.56.78 a:lilmike.dynamic-dns-service.net ?all"
When receiving mail, a machine will look up the IP address for lilmike.dynamic-dns-service.net and check to see if it matches your IP address. Note that this does not necessarily mean it will accept the mail; it depends on how aggressively they blacklist dynamic IPs. If example.com also has its own mail servers sending outgoing mail, they should be added to the record also. Assuming they are also used for inbound mail, the easiest way would be:
example.com. IN TXT "v=spf1 ip4:12.34.56.78 a:lilmike.dynamic-dns-service.net mx ?all"
This adds any value for an MX record for example.com to the list of approved senders. Instead of "mx" they could also use an "ip4" or "a" value for the appropriate machine. (There is also an "ip6" value that can be used to list IPv6 addresses.)
You would need to do the above for each domain that you want to send mail on behalf of.