neophob.com

How do I pre­vent that my E-Mail’s get­ting tagged as SPAM?

Your SMTP Server’s greet­ing ban­ner should dis­play the FQDN of your MX Record.

I use the com­mand line SMTP mailer “michus mail sender”, this tool can be found here.

Bad exam­ple (Ban­ner is SMTP):

Good exam­ple (Ban­ner is mx.google.com):

The SMTP greet­ing should be a 3-digit code, fol­lowed by a space or a dash, then the host­name (FQDN, RFC821 4.3 and RFC2821 4.3.1). Note that the host­name given in the SMTP greet­ing should have an A record point­ing back to the same server.

Reverse DNS Lookup issues

The IP address of the send­ing server can­not be resolved into a host­name by doing a reverse DNS lookup because of a miss­ing DNS PTR. Or your deliv­ery server is not con­fig­ured prop­erly / uses the inter­nal DNS name.

If you are using MS Exchange 2k or MS Exchange 2k3 you might check the prop­er­ties of your “Default SMTP Vir­tual Server” / Deliv­ery, Advanced. In this win­dow you’ll see a text field called “Fully-qualified domain name”, enter the pub­lic DNS name you use as MX record.

Your send­ing SMTP IP address does not match the reg­is­tered MX Record address, this might hap­pen for exam­ple when your use one mail server a receiver (DMZ) and another one as sender (LAN). You might con­fig­ure your inter­nal (LAN) mail server to relay mail via the exter­nal (DMZ) mail server or add another MX record.

Use SPF (Sender Pol­icy Framework)

Use an SPF record in your DNS to val­i­date mail servers. Their web site is http://www.openspf.org, a rip from the intro­duc­tion site:

SPFv1 allows the owner of a domain to spec­ify their mail send­ing pol­icy, e.g. which mail servers they use to send mail from their domain. The tech­nol­ogy requires two sides to play together:
(1) the domain owner pub­lishes this infor­ma­tion in an SPF record in the domain’s DNS zone, and when some­one else’s mail server receives a mes­sage claim­ing to come from that domain, then
(2) the receiv­ing server can check whether the mes­sage com­plies with the domain’s stated pol­icy. If, e.g., the mes­sage comes from an unknown server, it can be con­sid­ered a fake.

All you have to do is add another TXT entry in your DNS. A stan­dard value looks like this:
“v=spf1 mx ~all”

This means:

• v=spf1:
  SPF ver­sion 1
• mx:
  the incom­ing mail servers (MXes) of the domain are autho­rized to also send mail.
• ~all:
  all other machines are not authorized

So if your receiv­ing mail servers also send your mails and you host only 1 domain this works straight away… Check their web site for tuto­ri­als, setup wiz­ard to cre­ate SPF records and test tools.