Slashdot Mirror
The Hostile Email Landscape (liminality.xyz)
An anonymous reader writes: As we consolidate on just a few major email services, it becomes more and more difficult to launch your own mail server. From the article: "Email perfectly embodies the spirit of the internet: independent mail hosts exchanging messages, no host more or less important than any other. Joining the network is as easy as installing Sendmail and slapping on an MX record. At least, that used to be the case. If you were to launch a new mail server right now, many networks would simply refuse to speak to you. The problem: reputation. ... Earlier this year I moved my personal email from Google Apps to a self-hosted server, with hopes of launching a paid mail service à la Fastmail on the same infrastructure. ... I had no issues sending to other servers running Postfix or Exim; SpamAssassin happily gave me a 0.0 score, but most big services and corporate mail servers were rejecting my mail, or flagging it as spam: Outlook.com accepted my email, but discarded it. GMail flagged me as spam. MimeCast put my mail into a perpetual greylist. Corporate networks using Microsoft's Online Exchange Protection bounced my mail."
IPs not previously used to send email typically don’t have any reputation built up in our systems. As a result, emails from new IPs are more likely to experience deliverability issues. Once the IP has built a reputation for not sending spam, Outlook.com will typically allow for a better email delivery experience.
Sounds like a Catch-22: "We won't accept accept email from a server until the new server until the server has successfully delivered lots of email."
Well, there's spam egg sausage and spam, that's not got much spam in it.
Just because privacy is hard, doesn't mean it's dead, nor does it mean it's a goal not worth striving for. Some things should be private. Just because you're comfortable doesn't mean everyone is, or should be.
It's usually the case when the reverse lookup don't point back to the same domain/name as the server identifies itself with.
And it's the ISP that need to change the pointer from some generic name to a specific.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I'll bite. What is in your email that you don't want Google knowing?
My son's phone number, that is not Android and I don't want nobody out of the family to know. Just for starters.
Better question - What is in your email that you think Google doesn't already know?
Only Google knows, and this is exactly why it is a problem.
Everyone with a smartphone complaining about privacy in 2015 has lost their mind. Privacy is dead. Get over it.
Being this the reason you posted as an Anonymous Coward? :-)
You don't know my bank account. You don't know my social security number. You don't know my personal phone number. And this is how things need to be.
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Missing spf records were the first thing I thought of as well. That isn't a silver bullet by any means but can certainly help your ratings while you are new and building a reputation.
If his domain is the incredibly stupid http://liminality.xyz/ then yes, he is missing SPF records. Use mxtoolbox.com to check.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
He's doing it wrong. Most probably he's not using SPF nor signing with domainkeys. That's expected today by most providers.
If he's especially naive he's operating an open relay, which will warrant him to be blacklisted FAST.
Another cause is, he could be operating his mail server from a "dialup" IP range, one declared as being assaigned to residential connectivity, which are usually blacklisted. I disagree with this practice, but that's how things go.
Also most providers now require TLS support. So you need to generate certificates(self signed is not enough, but your own unofficial CA is enough usually, but make sure you're not using SHA1).
Also, I happened to configure a mail server on a newly acquired IP from an hosting company a year ago or so and the IP they gave me was already tainted as being on a few blacklists. This can be solved too. I took the pain to discover which blacklists and followed their procedures to be taken out. Sometimes It was some automated procedure which just requested the server to be scanned again to make sure it follows best practices(as stated above). OOther times I had to politely ask and in one case even have the provider confirm the IP was actually reassigned.
After this I have not seen a single email being rejected as spam.
Operating mailservers could have been easy in the '80s and first half of the '90s when most mail server really were open relays and nobody cared, just because nobody was taking advantage of that. Nowadays it's become complicated because even the slightest misconfiguration will be attacked and exploited. It's in the general interest to request mail servers to be configured to a minimum standard that is getting relatively high, or we could really loose control of the email system.
There are several factors that I've seen with my mail server.
1) Do not try to work over a standard ISP service - one that assigns your IP dynamically - because most blacklists and major corporations blacklist dynamic IP pools
2) Don't host in any of those cheap virtual hosting services - many of them are also blacklisted
2) Setup DKIM signing (sendmail config and DNS record)
3) Setup SPF DNS record
Basically, one has to avoid running one's mail server someplace that is cheap because that is where the SPAMers put their mail servers as well (because they are cheap and easier to do anonymously).