Slashdot Mirror
The Hostile Email Landscape (liminality.xyz)
An anonymous reader writes: As we consolidate on just a few major email services, it becomes more and more difficult to launch your own mail server. From the article: "Email perfectly embodies the spirit of the internet: independent mail hosts exchanging messages, no host more or less important than any other. Joining the network is as easy as installing Sendmail and slapping on an MX record. At least, that used to be the case. If you were to launch a new mail server right now, many networks would simply refuse to speak to you. The problem: reputation. ... Earlier this year I moved my personal email from Google Apps to a self-hosted server, with hopes of launching a paid mail service à la Fastmail on the same infrastructure. ... I had no issues sending to other servers running Postfix or Exim; SpamAssassin happily gave me a 0.0 score, but most big services and corporate mail servers were rejecting my mail, or flagging it as spam: Outlook.com accepted my email, but discarded it. GMail flagged me as spam. MimeCast put my mail into a perpetual greylist. Corporate networks using Microsoft's Online Exchange Protection bounced my mail."
I run a small email system ~2500 users and don't have your problems...
A pox on web designers who feel that window.innerWidth == screen.availWidth
... to this new Brave New Internet.
Fighting SPAM was easy since the beginning. In the early 2k years, most of the SPAM fighting techniques was already somewhat prototyped on the mailing lists I was following,
Now, 15 years later, I think I know why nobody did anything for a decade and a half - control. Now it's God Damn easy to drop someone from the mail system - you can render a company inoperative if it dare to run his own mail system.
And so, for "safety", you need to pay for some bug corporation to run it for you - while harvesting you mail on the process.
Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
..and set up SPF entries and reverse DNS. Also make sure Postfix is locked down and not acting as an open relay. It really is not that hard, this article comes off as whiny "I can't do it, so the world is against me" at best.
Did you even read the article? There's not much more than the summary, but there he does make note that reverse DNS and SPF records, among other things, were setup:
I've done this before, ...: not on any blacklists, reverse DNS set up, SPF, DKIM and DMARC policies in place, etcetera. (Side note: mail-tester.com and Port25 are great for checking your setup.)
The near-conclusion quote is his real point:
...from Microsoft's Postmaster Troubleshooting page:
IPs not previously used to send email typically don’t have any reputation built up in our systems. As a result, emails from new IPs are more likely to experience deliverability issues. Once the IP has built a reputation for not sending spam, Outlook.com will typically allow for a better email delivery experience.
I run my own mailserver, mostly "just because".
The reputation problem I encountered early on was because of a lack of a reverse DNS entry. Easily fixed; I simply asked my VPS provider to create one.
The next problem that started about 18 months ago was reputation: my little server simply wasn't a trusted service.
Because of the (unbelievable) amount of spam hitting my server, I had taken out a Comodo AntiSpam Gateway subscription about two years earlier. It was initially free, but after a year or so they wanted money. Since the service rocks, I happily pay my ~$30 annually.
What CASG also offers is outbound scanning: if I tell my server (an Exchange 2010 server) that the outbound smarthost is CASG, my email all of a sudden piggybacks Comodo's reputation. Voila, email flows without incident.
Problem solved.
IPs not previously used to send email typically don’t have any reputation built up in our systems. As a result, emails from new IPs are more likely to experience deliverability issues. Once the IP has built a reputation for not sending spam, Outlook.com will typically allow for a better email delivery experience.
Sounds like a Catch-22: "We won't accept accept email from a server until the new server until the server has successfully delivered lots of email."
Well, there's spam egg sausage and spam, that's not got much spam in it.
I run my own mail server on a dyndns connection. At first, Google would filter out my mails, but once I set up SPF and DKIM records, they became much more friendly. Haven't tried outlook.com, but hotmail.com (also owned by M$) works fine.
0. Previous RBL history for the IP address and the block
1. Not being an open relay for any amount of time while setting up
2. Reverse DNS
3. SPF
4. SMTP server host name 5. Retry delay not less than 1 hour. And e-mail starts running.
I've been running my own mailserver since 2003, and I have seen my share of problems.
1: mailservers blocking mail based on spamhaus DUL. You can delist your IP. But still, blocking exclusively on that?
2: hotmail.com accepting emails and then discarding them silently. No trace of them. No bounce. Recipient did not have it in their spam folder or anything. This was several years ago, so perhaps it's better now. But discarding emails after promising to deliver them without any possibility for the recipient to control it: bad idea.
3: Various greylisting email servers. Not really a problem as my MTA will retry and the email is only delayed for a few minutes.
4: gmail.com rejecting emails sent over IPv6 but happily accepting them over IPv4. It turned out to be a problem with their parsing of SPF records, and apparently fixed now. But I did find out that there is no reasonable way to contact the gmail team.
5: outlook.com rejects emails due to FBLW15, whatever that means. It seems you can get whitelisted, but it appears that a lot of hosts are being hit by it for no reason.
6: office365 bouncing emails due to "protection" with no explanation given, and direction to contact the recipient by other means to get whitelisted. This was for a the official email address listen on a company website. I decided that my email wasn't important enough. Their loss.
Bottom line: If you run your own email server then expect to occasionally do some manual whitelisting etc. And expect some email servers to be uncooperative and/or RFC-clueless.
My guess is that the problem lies in the fact that the OP is using a garbage TLD. I've configured our mail server to silently drop all traffic from many of the new garbage TLDs, including .xyz. It does wonders for cutting down the spam levels. Sadly it's just a new version of Whack-a-Mole. Neither I, nor any of my users, appear to have gotten a legitimate email from any other these domains. I'll bet if the OP were to use a more traditional TLD, like .com, .uk, etc. there wouldn't be problems.
Try out https://mailinabox.email/, a project I began a few years ago to make hosting your own mail much easier.
It includes comprehensive diagnostics to ensure everything is configured correctly, including reverse DNS, which is the most common issue that leads to mail not being deliverable / going into spam. This doesn't solve every problem, but lots of people have had good results with this project.
Simple way to boost your reputation is to simply configure a smarthost to send outgoing mail securely.
That boosts the smarthost's reputation, not yours, unless I'm missing something fundamental.
I run my own email server as well. But it's not as simple as an MX record. I use domainkeys and spf as well. None of the major services flag me as spam.
Agree. I run my own e-mail servers for a few domains and have no trouble at all. You need to be absolutely 100% sure that you aren't operating an open relay, or you'll be blacklisted immediately. You also need correctly configured STARTTLS with a valid certificate signed by a widely accepted root. Most relays will reject mail if STARTTLS is not used. Reverse DNS helps but isn't 100% essential. You want reverse DNS to resolve to something in the same domain. For example if people connect to the server as mail.domain.com but reverse DNS calls it srv1.domain.com that will be accepted by the vast majority of relays. If you want Google/Yahoo/Outlook to accept your mail you need DKIM signing, which involves generating key pairs, putting the public keys in DNS and configuring your mail server to sign messages. Correctly configured SPF improves your reputation, too.
So what you need is some means of sending large amounts of email to outlook.com addresses to build reputation.