Wednesday, 14 January 2015

How-to: Maintain a good e-mail server reputation


Reputation management

If you recall, we were having trouble with outbound emails from our event management application, and I described measures around Sender Policy Framework (SPF) records to make us look a little more trustworthy. Only I dived right into SPF without covering some of the basics.

Well, we're still having trouble with Hotmail/Outlook.com just swallowing, not even bouncing or marking as spam, our outbound mails to clients. So, it's back to server reputation management to see what more can be done.


Back to Basics
All 'broadcast' e-mails that are system generated are be monitored by various spam detection and black-listing systems operating across the Internet. These are designed to be impervious to outside influence, so simply shouting, "hey, we're okay, honest" at them has no effect. However, you do have the ability - indeed responsibility - to manage your broadcast email to minimize the chances of being flagged as a spammer.

Server reputation management involves
  • domain record configuration (SPF on MX and other acronyms)
  • providing proper sender details in email
  • providing unsubscribe and opt-out tools
  • processing bounced e-mails
  • avoid repeatedly mailing to bad e-mail addresses

The first step is to set up an SPF record in the DNS for your domain, and ensure that it is correctly configured whenever you move servers.

The Sender Policy Framework
(SPF) identifies to the world the hosts that are specifically allowed to send e-mail from your domain.

Your server and domain's outbound mail server (if different), should both be identified in the SPF as "allowed to send (pass)". The more specific and limited your SPF record is, the more effective it will be in contributing toward educing delivery issues. Unfortunately, virtualised servers that cycle through various IP addressess while sending e-mails make it more difficult to lock down the sender
policy framework so tightly.

Reverse DNS
A second useful approach is to set up a reverse DNS. Using a test account that is not on your server, for example a Gmail or Hotmail account, examine the e-mail header.

In Gmail and Google Apps:
  • Open the message.
  • Click on the other actions dropdown beside Reply or Reply to all.
  • Selecting Show original.
  • Look for a Received-SPF header record. It should indicate either neutral or pass.
  • You may also find other records such as Authentication-Results: spf=neutral.

Issues with SPF can sometimes be traced to the identity provided by or about your server when it sends email. Check through the Received: From header records until you get to your originating server, hosting your domain on a localhost.

If the forward DNS process, which takes the commonly used domain name and translates it to an IP address, then reverse DNS is the process of translating IP addresses to hostnames, which is the whole basis of establishing trustworthy server reputation.

Setting up a reverse DNS record can improve your server reputation as the sending IP address is validated as a legitimate sender for your domain. If your server has multiple domains sharing a single IP address, it might be worthwhile to purchase a dedicated IP address so that you can set up the reverse DNS for your domain. Shared IP addresses can score poorly if it is shared by spammers or other accounts not so concerned with email reputation management.

The third approach to improving your server's reputation is to monitor DNS blacklists for your server and to request the host organizations to remove it if found. You can find yours server listed for a variety of reasons, not always your fault. It is important to respond to blacklisting where you can, as a small number of blacklists are used by a huge number of sites and ISPs. some of the maintainers don't take requests, so it is important to ascertain how your server got blacklisted so you can take measures to clean up its reputation. RC

No comments:

Post a Comment

At least try to be nice, it won't kill you...