Context Navigation

Things to avoid being rated spam

General

The following issues should be complied to avoid being rated Spam in general:

Have mails unsubscribable #S1, #S3
Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain. #S3, #S5
Using separate email addresses for each function. #S3
Sending mail from different domains and/or IP addresses for each function. #S1, #S3
Use Feedback Loops where available #S1, #S6

Feedback loops

Feedback loops mean provided email adresses for the information about a user of the according mail service provider having clicked at "spam" in his account. One should ensure those users no longer receiving those mails #S1, #S6.

DKIM (DomainKeys Identified Mail)

The DKIM standard ensures emails from a certain domain's adress can be checked for being validly dispatched by the domain owner. For doing so, it hashes the messages headers and the message itself and signs the hashes with a private rsa key. The public key is published in the signer’s DNS zone as a TXT resource record, such that matching keys and hashes can be checked by the reveiver #S8. DKIM is implemented in all big mail provider's software.

SPF (Sender Policy Framework)

SPF) is an email validation system by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS) #S7. One shoukd note that the practical implementation is far less strict than one might expect #S16. Nevertheless, most providers recommend using SPF to reduce the probaboility of being rated SPAM. To do so and not have too many negative results, there are two ways:

First, the SPF DNS entry itself can be set to "neutral" instead of hard or soft fail, such that the receiving server is told to not block the mail irrespective of the SPF check failing #S18.

Secondly, SRS (Sender Rewriting Scheme) was invented to rewrite the SPF-using mail adress into one using a domain, which the forwarding mail server has SPF rights to #S17.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC is a framework that provides add-on functionality to both SPF and DKIM. It allows senders to specify a handling policy in DNS that tells verifiers what to do if email from this domain fails the SPF or DKIM verification #S8. Additionally, it provides the possibility of gaining failure reports for SPF and DKIM checks via mail #S20.

Whitelisting

In extend to avoiding being rated Spam, one could apply for explicit whitelists at most email providers.The following gives an overwiew of what is possible per (relevant) provider:

AOL: Application possible after having provided an FBL adress for the given IP
Gmail: No whitelists for bulk senders
United Internet, T-Online (web.de, gmx., 1&1), Arcor, misc: Quite costly via: http://www.certified-senders.eu/csa_downloads/en/CSA_Price_List.pdf
Yahoo, Hotmail, misc: Quite costly via: http://www.returnpath.com/wp-content/uploads/resource/certification-pricing-fees/Return-Path-Certification-Pricing-9_12.pdf

Sources

S1 AOL Bulk Sender Best Practices: http://postmaster.aol.com/Postmaster.Guidelines.php
S2 AOL Reputation Check Tool: http://postmaster.aol.com/Reputation.php
S3 Google Bulk Senders Guidelines: https://support.google.com/mail/answer/81126?topic=12838
S4 AOL Reverse DNS Check: http://postmaster.aol.com/cgi-bin/plugh/rdns.pl
S5 AOL Troubleshooting: http://postmaster.aol.com/Postmaster.Troubleshooting.php
S6 Feedback Loops: http://en.wikipedia.org/wiki/Feedback_loop_(email)
S7 SPF: http://en.wikipedia.org/wiki/Sender_Policy_Framework
S8 DKIM, SPF & DMARC Intro: http://www.sans.org/reading-room/whitepapers/intrusion/domainkeys-identified-mail-dkim-protect-email-reputation-34317
S9 DKIM in exim: http://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html
S10 DKIM c14n bug in exim <4.82RC3: http://www.gossamer-threads.com/lists/exim/users/98031
S11 AOL whitelist application: http://postmaster.aol.com/cgi-bin/whitelist/whitelist_guides.pl
S12 Blacklist check: http://www.dnswatch.info/dns/rbl-lookup?host=&submit=RBL+Lookup Alternatively: http://www.dnsbl.info/dnsbl-database-check.php
S13 DKIM for DNS creator: http://www.dnswatch.info/dkim/create-dns-record
S14 Exim commands nicely explained: http://bradthemad.org/tech/notes/exim_cheatsheet.php
S15 SPF in detail: http://www.openspf.org
S16 SPF criticism: http://blog.vthadden.de/2013/04/29/spamabwehr-spf-und-greylisting/
S17 Workaround of SPF fails: http://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
S18 SPF Syntax: http://www.openspf.org/SPF_Record_Syntax
S19 SPF for DNS creator: http://www.spfwizard.net/
S20 DMARC overview: http://dmarc.org/overview.html
S21 Howto create DMARC DNS records: https://support.google.com/a/answer/2466563
S22 DMARC FAQ: http://dmarc.org/faq.html#s_10
S23 Testing DKIM, SPF and DMARC: http://www.unlocktheinbox.com/resources/dmarc/#_ or http://www.brandonchecketts.com/emailtest.php

Last modified on 04/08/2014 at 07:48:57 AM Last modified on 04/08/2014 07:48:57 AM

Download in other formats:

Plain Text