Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Hostile Email Landscape (liminality.xyz)

Posted by Soulskill on from the collateral-damage-in-the-war-on-spam dept.

An anonymous reader writes: As we consolidate on just a few major email services, it becomes more and more difficult to launch your own mail server. From the article: "Email perfectly embodies the spirit of the internet: independent mail hosts exchanging messages, no host more or less important than any other. Joining the network is as easy as installing Sendmail and slapping on an MX record. At least, that used to be the case. If you were to launch a new mail server right now, many networks would simply refuse to speak to you. The problem: reputation. ... Earlier this year I moved my personal email from Google Apps to a self-hosted server, with hopes of launching a paid mail service à la Fastmail on the same infrastructure. ... I had no issues sending to other servers running Postfix or Exim; SpamAssassin happily gave me a 0.0 score, but most big services and corporate mail servers were rejecting my mail, or flagging it as spam: Outlook.com accepted my email, but discarded it. GMail flagged me as spam. MimeCast put my mail into a perpetual greylist. Corporate networks using Microsoft's Online Exchange Protection bounced my mail."

60 of 217 comments (clear)

  1. Don't Know How You Made That Conclusion by 0xG · · Score: 4, Informative

    I run a small email system ~2500 users and don't have your problems...

    --
    A pox on web designers who feel that window.innerWidth == screen.availWidth
    1. Re:Don't Know How You Made That Conclusion by billyswong · · Score: 3, Insightful

      Maybe your little email server is old enough to escape the now-current hostility?

    2. Re:Don't Know How You Made That Conclusion by beelsebob · · Score: 5, Informative

      More likely, the original poster simply has his DNS misconfigured in some weird way, and doesn't know it.

    3. Re:Don't Know How You Made That Conclusion by Anonymous Coward · · Score: 2, Interesting

      I've been running mail system for myself for the past 5 years or so. Gmail has begun tagging my messages as spam, starting a few months ago.

    4. Re:Don't Know How You Made That Conclusion by LDAPMAN · · Score: 2

      I used to run multiple email domains. Some of them had few issues, others were constantly being blacklisted. It really depends on who you interact with. I found that often users never realized there was an issue as the messages were just silently dropped. In the end I got tired of fighting with it and moved them all to gmail. If your not having issues you are likely just very lucky or the services you interact with are the less zealous ones.

    5. Re:Don't Know How You Made That Conclusion by fustakrakich · · Score: 2

      I got tired of fighting with it and moved them all to gmail.

      I suppose this is the 'plan'... *All your email are now belong to Google(TLA)*

      --
      “He’s not deformed, he’s just drunk!”
    6. Re:Don't Know How You Made That Conclusion by Anonymous Coward · · Score: 5, Informative

      I second that emotion. Current *big* players are trying to limit spam and phishing, and require a few ducks in a row before you stop getting caught in their filters. I suspect proper analysis of the configurations and logs would pinpoint the issue. DNS would be a quick start but the problem could be in a few places depending on what mail implementation he's using. On another note, is it possible OPs domain has been used for spam/phishing in the past? The UNI I work has dealt with blacklists in the past and it was merely a case of spoofing and those adding us to blacklists didn't do their diligence in tacking it down properly. *Posted anon as to not get fired*

    7. Re:Don't Know How You Made That Conclusion by acoustix · · Score: 4, Informative

      I run a small email system ~2500 users and don't have your problems...

      You probably have a dedicated/static IP and it isn't tainted from others who have used it before you.

      For people trying to run their own email server at home it can be a real pain. ISP's blocking 25 and 587. DHCP means that your IP pool has a bad reputation. Etc...

      --
      "A plan fiendishly clever in its intricacies"- Homer Simpson
    8. Re:Don't Know How You Made That Conclusion by Z00L00K · · Score: 5, Insightful

      It's usually the case when the reverse lookup don't point back to the same domain/name as the server identifies itself with.

      And it's the ISP that need to change the pointer from some generic name to a specific.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    9. Re: Don't Know How You Made That Conclusion by Anonymous Coward · · Score: 4, Informative

      Probably no SPF or TXT records

    10. Re:Don't Know How You Made That Conclusion by MyFirstNameIsPaul · · Score: 4, Informative

      You need to go to their stupid new Postmaster service and 'fix' the 'issues'. I observed the exact same behavior for mail servers that hadn't changed a DNS record or even IP address in years roughly around the same time they launched this new 'service'. Coincidence? I think not.

      --

      I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.

    11. Re:Don't Know How You Made That Conclusion by ArmoredDragon · · Score: 2

      I suppose this is the 'plan'... *All your email are now belong to Google(TLA)*

      I doubt it. The biggest source of spam is from botnets of hijacked machines. Most (>99%) of those machines don't have their ducks lined up when it comes to DNS. It's not a surprise that it's harder to start an email server these days. The sheer volume of spam is maddening.

    12. Re:Don't Know How You Made That Conclusion by bsdasym · · Score: 3, Informative

      I'm with you here. OP sounds like just being paranoid and probably is not quite properly setup. I setup a new domain last month with it's own self-hosted email and had no problems at all getting email through to any of the major providers. To avoid trouble, you need at a minimum:
      - An IP address in a block that doesn't already have a terrible reputation.
      - Working, correct reverse DNS that matches the SMTP banner.
      - Working, correct forward DNS for the MX records that also matches the SMTP banner.
      - Correct SPF/TXT records covering your mailserver, even if you know SPF is stupid.
      - A mailserver not configured as an open relay (duh).

      With all this in place, I have had no problems getting through on a system with a domain and mail handling less than a week old.

    13. Re:Don't Know How You Made That Conclusion by Frosty+Piss · · Score: 3, Insightful

      Who in their right mind runs an email server without a static IP?

      --
      If you want news from today, you have to come back tomorrow.
    14. Re:Don't Know How You Made That Conclusion by Anonymous Coward · · Score: 5, Informative

      +1
      Rejections in my experience have nearly always always been related to the PTR record needs to be pointing to the domain actually sending the email, not the domain name in the email address. My limited understanding is this:

      So if my email address matt@example.com uses mail.isp.com on port 25 to send email then the PTR needs for the ip address isp,com sends from needs to say mail.isp.com... not example.com as you might expect.

      when isp.com talks to another smtp server it will be asked to id itself. The server should reply with its FQDN and it is this that the PTR record for the servers id needs to point to . Even if that server hosts hundreds of websites and email accounts.

      I believe most VPS hosts allow this to be changed to whatever you want if you are given a fixed ip address. If they don't allow this to be changed then problems will occur and if you are handling emails you need to check before signing up. The PTR record is not applicable to a domain but to an IP address. You can only have one PTR record for an IP address.

      That is if my memory serves correctly. When I set up email servers, I always seem to forget this until I do sending tests to yahoo and other big boys. Then I set it properly and things behave.

      Other problems happen if using microsoft exchange and the srv fields in txt records for the dns are not set exactly right. Though I don't have to fiddle with this for obvious reasons.

       

    15. Re:Don't Know How You Made That Conclusion by Jane+Q.+Public · · Score: 2

      What Z00L00K said. Also: Many corporate email systems, especially the larger ones, are configured to ignore anything from a dynamic IP address. The email must have a fixed IP address or they'll just plain ignore you. This is ostensibly for "security" but I suspect there's some barrier-to-entry aspect of it too. Also, by law, you have to be allowed to get yourself removed from grey- and black-lists. It's a pain in the butt, but it can be done.

    16. Re: Don't Know How You Made That Conclusion by slasher999 · · Score: 4, Informative

      Missing spf records were the first thing I thought of as well. That isn't a silver bullet by any means but can certainly help your ratings while you are new and building a reputation.

    17. Re: Don't Know How You Made That Conclusion by MightyMartian · · Score: 4, Informative

      Missing SPF and possibility of being on one of the RBLs. I had that problem when we switched to a new ISP, and the address block we were given had ended up on Spamcop. It took a bit of doing, but within a day it was cleared up.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    18. Re: Don't Know How You Made That Conclusion by ttucker · · Score: 3, Informative

      Adding DKIM signatures helps a lot too.

    19. Re:Don't Know How You Made That Conclusion by ttucker · · Score: 3, Informative

      Having DKIM setup, and a legitimate signed TLS certificate helps some too.

    20. Re: Don't Know How You Made That Conclusion by alphatel · · Score: 4, Insightful

      Missing spf records were the first thing I thought of as well. That isn't a silver bullet by any means but can certainly help your ratings while you are new and building a reputation.

      If his domain is the incredibly stupid http://liminality.xyz/ then yes, he is missing SPF records. Use mxtoolbox.com to check.

      --
      When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
    21. Re:Don't Know How You Made That Conclusion by fafaforza · · Score: 2

      I would be surprised if any legitimate postmasters blocked sender domains, since those can be easily spoofed. The only reliable information in email communication is DNS and WHOIS, and any ancillary stuff, like SPF or DKIM.

    22. Re:Don't Know How You Made That Conclusion by Anonymous Coward · · Score: 4, Insightful

      He's doing it wrong. Most probably he's not using SPF nor signing with domainkeys. That's expected today by most providers.

      If he's especially naive he's operating an open relay, which will warrant him to be blacklisted FAST.

      Another cause is, he could be operating his mail server from a "dialup" IP range, one declared as being assaigned to residential connectivity, which are usually blacklisted. I disagree with this practice, but that's how things go.

      Also most providers now require TLS support. So you need to generate certificates(self signed is not enough, but your own unofficial CA is enough usually, but make sure you're not using SHA1).

      Also, I happened to configure a mail server on a newly acquired IP from an hosting company a year ago or so and the IP they gave me was already tainted as being on a few blacklists. This can be solved too. I took the pain to discover which blacklists and followed their procedures to be taken out. Sometimes It was some automated procedure which just requested the server to be scanned again to make sure it follows best practices(as stated above). OOther times I had to politely ask and in one case even have the provider confirm the IP was actually reassigned.

      After this I have not seen a single email being rejected as spam.

      Operating mailservers could have been easy in the '80s and first half of the '90s when most mail server really were open relays and nobody cared, just because nobody was taking advantage of that. Nowadays it's become complicated because even the slightest misconfiguration will be attacked and exploited. It's in the general interest to request mail servers to be configured to a minimum standard that is getting relatively high, or we could really loose control of the email system.

    23. Re:Don't Know How You Made That Conclusion by Anonymous Coward · · Score: 5, Insightful

      There are several factors that I've seen with my mail server.

      1) Do not try to work over a standard ISP service - one that assigns your IP dynamically - because most blacklists and major corporations blacklist dynamic IP pools
      2) Don't host in any of those cheap virtual hosting services - many of them are also blacklisted
      2) Setup DKIM signing (sendmail config and DNS record)
      3) Setup SPF DNS record

      Basically, one has to avoid running one's mail server someplace that is cheap because that is where the SPAMers put their mail servers as well (because they are cheap and easier to do anonymously).

    24. Re: Don't Know How You Made That Conclusion by AntiSol · · Score: 3, Informative

      yep, SPF and DKIM records make a big difference. Also a PTR record (so that your IP resolves to e.g hostname.yourdomain.com rather than youraccount.yourwebhost.com) helps.

    25. Re: Don't Know How You Made That Conclusion by Hadlock · · Score: 3, Interesting

      When setting up email on my vanity domain, It took me about three hours to dot all my i's and cross my t's but Google has really good documentation and you can send/receive email to/from gmail without it being flagged as spam, then most anyone should also.

      --
      moox. for a new generation.
    26. Re: Don't Know How You Made That Conclusion by ale2011 · · Score: 4, Interesting

      The OP wrote "this server was configured perfectly: not on any blacklists, reverse DNS set up, SPF, DKIM and DMARC policies in place, etcetera." Perhaps he deleted SPF and DKIM records after he gave up? However, the domain is registered by Contact Privacy Inc. Customer 0141536996, which I wouldn't deem a good start for a mail domain. The IP belongs to LINODE, a German Linux hosting place, and seems to be static. Only one black list, rbl.rbldns.ru, has it, which shouldn't be a major problem, but may suggest that some email problems did happen. He didn't subscribe to DNSWL.ORG either.

      All that said, that conclusion is correct, IMHO. Microsoft in particular files all mail to the spam folder unless the sender is too big to block (TBTB). Even if I subscribed to their feedback loop, mail from an address they never saw, such as yyyy-mm-dd@my.example.com, is considered spam, no matter how many times the recipient whitelisted messages from the same domain.

    27. Re: Don't Know How You Made That Conclusion by postbigbang · · Score: 3, Informative

      Just having an .xyz TLD would be enough for me to bounce it. Without a single regret, I've bounced most of the new TLDs and for good reason: not a single message wasn't spam.

      Can't count the number of .eu messages that are caught up in this, as well as anything from .cn-- as we have zero business coming from China, ever. Same goes for a lot of other country TLDs..... the ISPs serving them up don't care if I send an abuse complaint, in fact, most bounce an abuse complaint.

      --
      ---- Teach Peace. It's Cheaper Than War.
    28. Re: Don't Know How You Made That Conclusion by Panaflex · · Score: 2

      I've got 383 spams so far today from the new gTLD domains for this one account, it's just not worth the effort. I bounce them back the messages with a contact address "in case you received an error" Not a peep yet.

      And this is *after* I rbl and rhsbl filter! I should sell this is a spam feed. 100% fresh, prime grade A spam. Yummy.

      --
      I said no... but I missed and it came out yes.
    29. Re:Don't Know How You Made That Conclusion by WoodstockJeff · · Score: 2

      Or maybe his top level domain is old enough?

      As many others have posted, this cheap new TLDs have had their reputations tarnished. My system's count of TLDs that are blocked by default is over 20, and includes such "winners" as .ninja, .space, .science, .audio, .xyz, .link, .rocks, .click, .work, .party, .review, .date, .eoc, .website, .eu, .win, .racing, .pro, .asia, .download, .faith, .wang, and .top, with more added as the spam load rotates through them.

      As for hosting on a virtual server out "in the cloud", as mentioned by some, if you're on an IP hosted by a cloud vendor, you're going to be blocked by our servers. Too much spam from cloud hosts to pick through for legitimate messages.

      I could say I'm sorry to do these things, but it would be a lie.

    30. Re: Don't Know How You Made That Conclusion by riondluz · · Score: 2

      In addition to what you've implemented, i would
      add that for me, most spam comes from pwnd hosts
      on a /24 or higher net.
      Admin'ing mail servers' SA/DCC/SPF/RZR/ is tough
      enough to maintain that i prefer a fail2ban/shorewall approach that drops em at the
      fw, often their entire subnet can go AFAIC.
      And for a previous poster:
      Iptables -A INPUT -p tcp -m string --string ".xyz" --algo kmp -j DROP

      --
      resist propaganda
    31. Re:Don't Know How You Made That Conclusion by KGIII · · Score: 2

      And I am it!!! Anyhow, that reminds me... I am so glad I hired professionals - an IT staff is a godsend when you're moving your way up from a single proprietorship. It took a few to learn how to shut up, listen, and get out of the way - I'd been doing much of it on my own, after all. Tip of the hat to you guys. You're a billion times faster than I ever was, know more than I ever will on the subject, and were much more effective than I was.

      After a while (think about managing a TB of data in the 90s) we had a DB admin who was, frankly, a lunatic - a nice one though. However, he was a wizard. I don't know what he did or how he did it - he was the epitome of the bus problem after a while. His loss would have slowed us down a whole bunch. He could make a database sing. He could make old hardware work like new, well - compared to my efforts, and could keep things rock solid - once he got things setup to work his way.

      He was a crazy, older, cross-dressing, gay man who had a shock of red hair and body odor. He came in early and left late - stayed in the server room, and was more a mystery than anything else. I don't actually know what, exactly, he did but he did it well. He communicated almost entirely by email even though I was less than 50' away from the server room door. He still works there - even though there's absolutely no need for him to do so. He was old when I hired him. He has to be in his late 60s now and, I suspect, still has the red hair.

      So, this thread got me thinking. Tip o' the hat to you guys. Without you, as a very tech-centered company, I'd not be where I am today. Some of you are absolutely brilliant. Strange but, so am I, mostly harmless. As I've often said, if you shut up, get out of the way, and give them the tools they ask for (not what the vendor suggests) then - amazingly enough, they get shit done. Go figure?

      A bit off-topic but, sort of, it does tie in with the question posed. Hire qualified professionals and they might know the ins and outs and be able to get this sort of issue resolved.

      --
      "So long and thanks for all the fish."
    32. Re: Don't Know How You Made That Conclusion by mikael · · Score: 3, Informative

      That's not having your own email server unfortunately. Having the one true local email server is being able to send emails directly to other hosts. That works OK if you have a static commercial IP address. It will also work if you have a dynamic IP address and use your ISP's SENDMAIL, IMAP and POP3 servers. But if you try and send Email straight out from your dynamic IP address, it will get clobbered by various spam filters which filter out dynamic IP addresses (this range has been blocked due to past spam activity) based on registered domain ranges.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  2. There's little more by Anonymous Coward · · Score: 2, Interesting

    There's little more to the article than the summary.

    How does the person in question solve their mail issue? They don't, they went back to Google Apps.

    Now you don't have to read it.

  3. Welcome... by Lisias · · Score: 3, Insightful

    ... to this new Brave New Internet.

    Fighting SPAM was easy since the beginning. In the early 2k years, most of the SPAM fighting techniques was already somewhat prototyped on the mailing lists I was following,

    Now, 15 years later, I think I know why nobody did anything for a decade and a half - control. Now it's God Damn easy to drop someone from the mail system - you can render a company inoperative if it dare to run his own mail system.

    And so, for "safety", you need to pay for some bug corporation to run it for you - while harvesting you mail on the process.

    --
    Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
    1. Re:Welcome... by Anonymous Coward · · Score: 4, Insightful

      Just because privacy is hard, doesn't mean it's dead, nor does it mean it's a goal not worth striving for. Some things should be private. Just because you're comfortable doesn't mean everyone is, or should be.

    2. Re:Welcome... by Lisias · · Score: 4, Insightful

      I'll bite. What is in your email that you don't want Google knowing?

      My son's phone number, that is not Android and I don't want nobody out of the family to know. Just for starters.

      Better question - What is in your email that you think Google doesn't already know?

      Only Google knows, and this is exactly why it is a problem.

      Everyone with a smartphone complaining about privacy in 2015 has lost their mind. Privacy is dead. Get over it.

      Being this the reason you posted as an Anonymous Coward? :-)

      You don't know my bank account. You don't know my social security number. You don't know my personal phone number. And this is how things need to be.

      --
      Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
    3. Re:Welcome... by Carewolf · · Score: 2

      I'll bite. What is in your email that you don't want Google knowing?

      It is not just that they know it, they claim to own it, which is a problem if you do any kind of corporate emailing. Of course the EULA is bullshit, but who wants to get into a legal fight with Google about who owns everything you have ever invented and done?

  4. Re:Do your due dilligence... by unrtst · · Score: 4, Informative

    ..and set up SPF entries and reverse DNS. Also make sure Postfix is locked down and not acting as an open relay. It really is not that hard, this article comes off as whiny "I can't do it, so the world is against me" at best.

    Did you even read the article? There's not much more than the summary, but there he does make note that reverse DNS and SPF records, among other things, were setup:

    I've done this before, ...: not on any blacklists, reverse DNS set up, SPF, DKIM and DMARC policies in place, etcetera. (Side note: mail-tester.com and Port25 are great for checking your setup.)

    The near-conclusion quote is his real point:

    ...from Microsoft's Postmaster Troubleshooting page:

    IPs not previously used to send email typically don’t have any reputation built up in our systems. As a result, emails from new IPs are more likely to experience deliverability issues. Once the IP has built a reputation for not sending spam, Outlook.com will typically allow for a better email delivery experience.

  5. I solved this very problem. by neilo_1701D · · Score: 4, Interesting

    I run my own mailserver, mostly "just because".

    The reputation problem I encountered early on was because of a lack of a reverse DNS entry. Easily fixed; I simply asked my VPS provider to create one.

    The next problem that started about 18 months ago was reputation: my little server simply wasn't a trusted service.

    Because of the (unbelievable) amount of spam hitting my server, I had taken out a Comodo AntiSpam Gateway subscription about two years earlier. It was initially free, but after a year or so they wanted money. Since the service rocks, I happily pay my ~$30 annually.

    What CASG also offers is outbound scanning: if I tell my server (an Exchange 2010 server) that the outbound smarthost is CASG, my email all of a sudden piggybacks Comodo's reputation. Voila, email flows without incident.

    Problem solved.

    1. Re:I solved this very problem. by neilo_1701D · · Score: 2

      The OP may want to look at some tools that will query the MX record and then test the mail server for various common pitfalls. This site has a number of useful tools for dealing with personal e-mail servers: http://mxtoolbox.com/

      Who, me? If so, I've an SSL certificate and MX Toolbox reports no problems. Comcast was (silently) dropping emails so I ended up going the smarthost route.

  6. Re:Odd Issues by Jhon · · Score: 2

    "I've been running my own mail server for a year or two now,"

    Unless I'm reading this wrong the article indicates that the problem is NEW email servers. From TFA:

    IPs not previously used to send email typically don’t have any reputation built up in our systems. As a result, emails from new IPs are more likely to experience deliverability issues. Once the IP has built a reputation for not sending spam, Outlook.com will typically allow for a better email delivery experience.

    Now, I've no idea if that is true or not. I hosted my own email until around 2010 (since the 1990s) then moved to google apps. The only issue I had is when I changed IPs when I moved and the static I got were previously "unallocated" space and most hosts marked them as spam for just being an IP in that group (never mind SPF records). Took about 1 or 2 months before 'filters' got the clue and fixed the rules.

    So if you weren't having any issues maybe it's because you've been up and running for a while. Or maybe the user was getting flagged for some other reason and the only "info" they found as to why before they gave up was from Microsoft.

  7. Re:Do your due dilligence... by UnknowingFool · · Score: 4, Insightful

    IPs not previously used to send email typically don’t have any reputation built up in our systems. As a result, emails from new IPs are more likely to experience deliverability issues. Once the IP has built a reputation for not sending spam, Outlook.com will typically allow for a better email delivery experience.

    Sounds like a Catch-22: "We won't accept accept email from a server until the new server until the server has successfully delivered lots of email."

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  8. SPF+DKIM by Meneth · · Score: 3, Interesting

    I run my own mail server on a dyndns connection. At first, Google would filter out my mails, but once I set up SPF and DKIM records, they became much more friendly. Haven't tried outlook.com, but hotmail.com (also owned by M$) works fine.

  9. sysadmin 101 by Random+Nobody · · Score: 2

    PTR, SPF, DKIM, a clean IP and a properly configured SMTP server will work just fine. You're doing something wrong. Slashdot please improve your quality.

  10. Settings to check: by fraxinus-tree · · Score: 3, Insightful

    0. Previous RBL history for the IP address and the block
    1. Not being an open relay for any amount of time while setting up
    2. Reverse DNS
    3. SPF
    4. SMTP server host name 5. Retry delay not less than 1 hour. And e-mail starts running.

  11. Echoes my experience by isj · · Score: 5, Interesting

    I've been running my own mailserver since 2003, and I have seen my share of problems.
    1: mailservers blocking mail based on spamhaus DUL. You can delist your IP. But still, blocking exclusively on that?
    2: hotmail.com accepting emails and then discarding them silently. No trace of them. No bounce. Recipient did not have it in their spam folder or anything. This was several years ago, so perhaps it's better now. But discarding emails after promising to deliver them without any possibility for the recipient to control it: bad idea.
    3: Various greylisting email servers. Not really a problem as my MTA will retry and the email is only delayed for a few minutes.
    4: gmail.com rejecting emails sent over IPv6 but happily accepting them over IPv4. It turned out to be a problem with their parsing of SPF records, and apparently fixed now. But I did find out that there is no reasonable way to contact the gmail team.
    5: outlook.com rejects emails due to FBLW15, whatever that means. It seems you can get whitelisted, but it appears that a lot of hosts are being hit by it for no reason.
    6: office365 bouncing emails due to "protection" with no explanation given, and direction to contact the recipient by other means to get whitelisted. This was for a the official email address listen on a company website. I decided that my email wasn't important enough. Their loss.

    Bottom line: If you run your own email server then expect to occasionally do some manual whitelisting etc. And expect some email servers to be uncooperative and/or RFC-clueless.

  12. Funny do not see this by silas_moeckel · · Score: 2

    I generally do not have a problem. Obviously an outbound spam filtering service will deal with the issue.

    Did you do a slow start? Most common cause of this in the hosting industry is some guy gets a domain setups up email on a VPS then spams his entire contact list with a hey this is my new email to watch it get blocked, bounced etc. Oddly all the big guys seeing a mass mailing as the first thing they get from an IP they flag it.

    Fastmail frankly it sounds like you're a spammer er opt in marketing company. Your looking to startup a paid email service, what sets you apart from the market?

    --
    No sir I dont like it.
  13. Loose the .xyz TLD by JimMcc · · Score: 4, Informative

    My guess is that the problem lies in the fact that the OP is using a garbage TLD. I've configured our mail server to silently drop all traffic from many of the new garbage TLDs, including .xyz. It does wonders for cutting down the spam levels. Sadly it's just a new version of Whack-a-Mole. Neither I, nor any of my users, appear to have gotten a legitimate email from any other these domains. I'll bet if the OP were to use a more traditional TLD, like .com, .uk, etc. there wouldn't be problems.

    1. Re:Loose the .xyz TLD by thakalas · · Score: 2

      I've configured our mail server to silently drop all traffic from many of the new garbage TLDs, including .xyz. It does wonders for cutting down the spam levels.

      Neither I, nor any of my users, appear to have gotten a legitimate email from any other these domains.

      Gee, I wonder if that's at all related.

  14. It can be done with a bit of work by PeterL.Berghold · · Score: 2

    I have continuously run my own email server since around 1990 in one form or another. Established a vanity domain in the mid 1990's and started hosting email on my own domain. I must say that has been a more difficult task as time has gone on and has required I be more savvy about IP reputation and how to maintain it. Sometime last year I moved my email server from a VPS to a dedicated host and my wife began complaining over this past summer that she could no longer send email to Outlook.com and friends as well as Optonline. Given that she's a dog trainer trying to expand her client base this is pretty much a disaster for her. I attempted to work with the ISP hosting my dedicated server and they were not interested in fixing *their* IP reputation. Seems the above mentioned providers were blocking *all* of the IPS's IP addresses out of hand. They insisted they'd have to work with the ISP and while they were sympathetic they wanted to work the issues through the ISP. There's more to that I'm sure but after my ISP frustrating me by not being responsive I talked to some new folks. First question I asked before signing on was "how is your IP reputation?" After a lengthy explanation on how they have "high profile reputable clients" they assured me I'd have no problems. So I signed on the dotted line, installed a Puppet client on the box and set things up so the box would get configured as my mail exchanger. During shakedown I didn't notice problems right away so I edited DNS and pointed my MX records to the new box, added my SPF and DKIM records for the new host and powered off the old box. The very next day I composed an email to someone that I communicate via email on a fairly frequent basis and after hitting "send" got a bounce notification within minutes. Verizon was blocking the new server. New problem. It took many attempts and iterations I finally worked out between my new ISP (who graciously gave me a second IP address for outbound email) and Verizon I finally got whitelisted. So, yep, the Internet has become increasingly hostile to private email servers, but the problems can be worked out with some effort and tenacity.

  15. If you still want to try, check out Mail-in-a-Box. by taubz · · Score: 3, Interesting

    Try out https://mailinabox.email/, a project I began a few years ago to make hosting your own mail much easier.

    It includes comprehensive diagnostics to ensure everything is configured correctly, including reverse DNS, which is the most common issue that leads to mail not being deliverable / going into spam. This doesn't solve every problem, but lots of people have had good results with this project.

  16. Re:Sorry, use a smarthost to give yourself a boost by tepples · · Score: 3, Informative

    Simple way to boost your reputation is to simply configure a smarthost to send outgoing mail securely.

    That boosts the smarthost's reputation, not yours, unless I'm missing something fundamental.

  17. Problems? by DaMattster · · Score: 3, Insightful

    I run my own email server as well. But it's not as simple as an MX record. I use domainkeys and spf as well. None of the major services flag me as spam.

  18. Re:Do your due dilligence... by _merlin · · Score: 3, Insightful

    Agree. I run my own e-mail servers for a few domains and have no trouble at all. You need to be absolutely 100% sure that you aren't operating an open relay, or you'll be blacklisted immediately. You also need correctly configured STARTTLS with a valid certificate signed by a widely accepted root. Most relays will reject mail if STARTTLS is not used. Reverse DNS helps but isn't 100% essential. You want reverse DNS to resolve to something in the same domain. For example if people connect to the server as mail.domain.com but reverse DNS calls it srv1.domain.com that will be accepted by the vast majority of relays. If you want Google/Yahoo/Outlook to accept your mail you need DKIM signing, which involves generating key pairs, putting the public keys in DNS and configuring your mail server to sign messages. Correctly configured SPF improves your reputation, too.

  19. Re:Do your due dilligence... by SuricouRaven · · Score: 5, Funny

    So what you need is some means of sending large amounts of email to outlook.com addresses to build reputation.

  20. Rubbish. by ledow · · Score: 2

    A domain without information is untrusted.

    SPF tells them that you're trying to combat spam from pretending to come from you.

    Similarlt for DKIM, that also tells them that you are checking and explicitly marking every message you send out from your domain and absence of such signing should be treated as suspicious.

    Put both of those on, in a decent static IP range (nobody sensible accepts email from dynamic IP's!), and you're good to go. How do I know? My own domains are ALL run by me, on Postfix. They even forward some mail addresses to providers like GMail as a matter of course.

    The only problem I ever have for delivery is when *I* have accepted a spam message and try to forward it on to someone like GMail (harder to stop than it sounds, even with greylisting, etc.). They spot spam that my system can't, even on a re-forwarder.

    Hell, I IPv6'd my domain too. So long as you have valid PTR records for your reverse, places like GMail are perfectly happy with that. Never had a problem. (But if you can't set your reverse for your IPv6, there's a way to turn off using IPv6 and fallback to IPv4 just for GMail, etc. when using postfix - google it).

    My entire email for the last 5 years at least has been self-hosted. I've been using tiny startup services for about 10-15 years before that without issue. If anything, I have significantly more issues with the big-brand provider we use as smarthost for the Exchange servers in work, which are routinely blacklisted for spam and I have to fallback to manual sending from our leased lines, than anything to do with my self-hosting personal email domains.

    Just don't expect your no-name mailer on a dynamic range without even the simplest of anti-spam measures to be accepted by places like Google, and you're golden.

  21. Re:Whose lack? by tlambert · · Score: 2

    Anonymous Coward wrote:

    your issue is likely that you havent set up your dns security records and spf correctly

    To which "dns security records" do you refer?

    Most likely he's referring to the fact that The blog site identifies the person doing the "anonymous" complaining as Jody Ribton, and if we look through the cached articles where he's talking about setting up his mail server, we see he's calling his service "GeekMail", and he's futze uf the PTR record such that it doesn't match the SMTP banner:

    host geekmail.io ...
    Non-authoritative answer:
    Name: mail.geekmail.io
    Address: 139.162.197.129 ...
    host 139.162.197.129
    129.197.162.139.in-addr.arpa domain name pointer geekmail.io.

    Notice that the reverse record is not pointing to a reverse name of "mail.geekmail.io", but is instead pointing to "geekmail.io".

    So his forward and reverse records do not match.

    Further, looking up his IP address: http://www.anti-abuse.org/mult...
    We can see that he isn't being RBL'ed, so it's just that he's screwed the pooch on his DNS setup.

    I'd check the rest of the setup, but it's "game over" because of the inaddr.arpa entry being wrong.

  22. Re:Do your due dilligence... by Lisias · · Score: 2

    Only thing he does not mention and I suspect is, he's behind a residential DSL/cable line and that is problematic nowadays. My server is at a VPS provider. Those do cost little and work acceptably well.

    *Excellent point*. I didn't thought of that.

    Home Internet provider's IP are probably blacklisted by default.

    --
    Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
  23. Ah the good old days... by Tony+Isaac · · Score: 2

    Remember the wild west, when you could just pull off the Oregon Trail, build yourself a shack, and call it home? Nobody told you how to build your house, or how big your yard could be. But when you had a visit from a thief, there was no police to call, and if you had a fire, you lost everything. It was up to you to defend your own life at all times.

    Sure, life might have been simpler back then. But who would want to go back there?

    The Internet is the same story. In the good old days, everything was free for the taking, but it was the wild west. Now the city slickers want to put up fences, and the cowboys want to tear them down. Whether we like it or not, the Internet is changing, becoming more regulated, and some people aren't going to be happy about it.