How to make a mail server spam "proof"

Pa0x43

3/6/24, 5:04 PM

I work for a German company that sends several thousand emails to our customers every day. Our employees send their emails via Microsoft 356, but the system does not use a mail server and sends emails via PHP sendmail, so many of our emails end up in the spam folder of our customers. My question is how do we set up our own mail server and configure it in such a way that the risk of ending up on a block list is low. rDNS, SPF, DKIM, SSL?

Is configuring these things sufficient or are there other requirements? Unfortunately I could not find an exact "list" of requirements.

100

1 + 2

email-server

configuration

spam

yagmoth555

3/6/24, 6:21 PM

Hi, you are bind to your IP reputation and DNS configuration (SPF record, etc..) in such scenario, thrust is not buildable easily. It's a long term goal. Some product exist that can manage your email distribution, but I often think it's homemade software that I guess put more restriction like to not send to the same host all the mail at once in example, kind of config out of scope of a normal mail server.

anx

3/6/24, 10:01 PM

If you do not have the volume to have every recipient track your past performance, you can buy into the past record of someone else. Combating spam scales so well with volume, your best shot may well be *not* doing much locally at all, and instead opting to have your mail relayed through some commercial service that not only assists you in local configuration, but also makes sure to respond to complaints and to disable abusive/abused accounts with such reliability that recipients can trust that almost everything relayed through them is good.

Score:2

Server

anx

3/6/24, 10:19 PM

Unfortunately I could not find an exact "list" of requirements.

We have this older canonical question, but for the limited application of customers with some connection to Germany, you may find the union of these 3 lists more helpful. Many other mail recipients in the DACH area apply equivalent rulesets:

If you are sending significant volume to any of these providers, I bet you have received SMTP-stage refusals or abuse complaints before. Read them, they will likely point to the key issues (you are acting on everything sent to your postmaster and abuse mailbox, right?).

Short summary:

don't send malformed messages, don't run broken/unmaintained software
repeated mailings must include a way to make them stop
make abundantly & unambiguously clear who is sending, whois/rDNS/website/headers/names, whatever someone checks must to the extent possible name the responsible entity
do not, ever, send stuff that customers did not explicitly & knowingly agreed to receive
for new deployments, just consider DMARC & TLS a minimum requirement

You can mostly forget about block lists, they are a last-resort measure. While they sometimes appear where you failed to implement point 3, they generally rarely target you, specifically. And if someone does add you, specifically, you have failed at a procedural level (such as repeatedly messaging long-invalid addresses of past customers), nothing mail server setup alone can help you with.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to make a mail server spam "proof"

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.