Sending Email From Dedicated Server

[+InsaneNutter MVC]

I have configured the following on a server / domain I need to be able to send order confirmation email's from:

• DKIM (Domain-Keys Identified Mail)
• SPF (Sender Policy Framework)
• DMARC (Domain-based Message Authentication, Reporting and Conformance)
• Reverse DNS

 

After configuring all of the above email's now get to the inbox on the following services: Office 365 Exchange, Outlook.com, Gmail, Yahoo, Aol, Icloud and Zen.co.uk (by far the most strict of the lot). In addition hopefully the inbox of any other major email providers too, those are just the ones I have been able to test.

 

This has been a bit of a learning experience for me, so i'm wondering if their is anything else i should look at implementing to ensure email's are successfully delivered? The IP used to send the email doesn't appear to be on any spam blacklists.

 

Thanks in advance for any additional insight.

[Mike]

Make sure the server isn't an open relay - if it doesn't need to receive emails, you can probably only have the mail server listening on localhost so it's not open at all to the public.

 

If you're only sending order confirmations then you shouldn't need to worry about spambots triggering emails (could be an issue if you send registration confirmations or something based on a form fill).

[sc302 Veteran]

don't have it on a dhcp'd address from an isp...they tend to get added to blacklists near immediately.  you want a static ip, you want your isp to setup a PTR record.  Then you should be good.

 

BTW all that you mentioned is for incoming mail so you don't receive spam, not outgoing mail. 

 

Outgoing mail, you simply need to have the right information to prove your identity for when other people have all of that setup to authenticate that your mail server is a legit mail server sending legit mail.  Not being on a blacklist, having a static ip, having a PTR record all provide the information needed to tell servers that you are in fact a mail server that sends out legitimate mail...but be careful, you can get put on a black list by sending out spam from that mail server by sending out spam messages, sending out too many messages at a time, hitting honeypots that scan for messages from anywhere, etc.

[xbamaris]

What type of email server are you using? Truthfully if you were worried about emails like that not getting through I would use something like Amazon SES (or another Smart Host)

 

Amazon SES is pretty dirt cheap and I haven't experienced any real problems with it.

[+BudMan MVC]

BTW all that you mentioned is for incoming mail so you don't receive spam, not outgoing mail. 

 

Not sure I agree with this statement sc302, while yes dkim and spf are used by the receiver.  These are good things to setup so the people your sending email to have methods of validation that the email did in fact come from your domain.  DKIM is quite powerful, problem is many domains do not use it how it could be used.  But setting this stuff up is required by the sender.. So that people your sending to can validate.

 

Same for SPF - this is used so the person getting the mail that says it came from domainX.tld can validate that yes this box that sent me mail from domainx.tld is fact a IP authorized to send mail for domainx.tld

 

DMARC is also what the sender setups up to tell people that get mail that passes or fails their spf/dkim stuff what to do with it.. All 3 of these are valuable tools for a sender of email to setup.

 

I applaud you insanenutter for taking the time to setup your email server correctly and with as many features as possible to allow servers getting your mail to validate it.  Most people just fire up a smtp server and think ok - how come I can not send email to domainxyz, why do all they major players block my email.. I am not a black list, etc..

 

What is the domain your sending mail from, would like to do some checking on your mx records and that do you accept mail for all the addresses you are suppose to accept mail for - abuse, postmaster, etc.  And does anyone/anything actually go through mail sent to these addresses?

[sc302 Veteran]

Disabling any of those features or not using them have no known negative effect that I have seen. All mail hosts, even government mail recipients, have no issues when these additional items are not set up. All the big isps have no known issue. So not sure that I would agree with what you are saying.

[+BudMan MVC]

Again be it that the receivers use these is on them, they could and seeing someone taking the time to set them up is good.. Like to see a time when one of the big boys say you can't send me mail unless you pass dkim would be fantastic for reduction in spam!!

 

But if senders don't set them up then can never get to the point where you could as a domain say hey - if you don't pass dkim or spf your not sending me mail.

[binaryzero]

I'd setup SPF and PTR.

[+InsaneNutter MVC]

Sorry for the late reply here, and thanks for the replies. It

[trek]

If it only needs to send outbound, why not set up an on-prem SMTP relay server that submits messages through your O365 hosted exchange? Then your DNS records would have already been set up for your primary domain pointed to 365.

 

https://technet.microsoft.com/en-us/library/dn592151(v=exchg.150).aspx

[+BudMan MVC]

sure pm works fine.