Strategically Preventing Mail Delivery Failure

By Chris Blackburn

 

It’s been estimated that the percentage of email on the internet breaks down to 90% and only 10% legitimate email. As our global dependency on email increases each year, counter measures are being taken by companies to block out as much junk as possible.

Major ISPs are starting to perform reverse DNS checks, and others are even starting to use SPF (a form of email authentication technology) to verify that mail is originating from the source that is authorized for that domain.

Avoiding Blacklists

<blacklist overview blurb>

MXToolbox has a really nice blacklist check, which will go out and scan all major blackblists and report in an intuitive layout if your server is/is not on the list.

http://www.mxtoolbox.com/blacklists.aspx

Enter the IP address of your mail server to confirm that you haven’t magically landed on a spam blacklist, or ended up there due to a network machine that got infected by a virus.

Reverse DNS

This is becoming more of a mandatory item if you want to host your own mail server. Most ISP will require you to have a reverse DNS record before they will accept email from you, otherwise your messages will get dropped.

A reverse DNS record is just as it states: it does the opposite of regular DNS, which takes a name and matches it to an IP address, by checking the DNS record of the IP address. This is not something you will have control to change easily, and MUST be done with your ISP, since they are in control of information on your IP address.

There are 2 pieces of the puzzle that must exist:

  • You must have a valid DNS record
    • For example, mail.company.com points to 1.2.3.4
  • The DNS record must match the IP address you are trying to setup a Reverse record to
    For example:

    • Your company’s IP address is 1.2.3.4
    • Your mail server address from the internet is mail.company.com
    • The DNS record of mail.company.com points to 1.2.3.4

    You will request your ISP to setup a record on your IP 1.2.3.4 to reverse to mail.company.com

Once your reverse DNS record has been request and is in place, test it!

From your mail server, go to http://www.init7.com/ip-address-test.php. This will check your IP address, and give you your actual host name.

Creating an SPF record

<spf overview blurb>

Here is a sample SPF string I use for zones on our Windows DNS server. Since most DNS servers do not support the “SPF” record type as of yet, enter this string as a “TXT” record

v=spf1 a:<reverse DNS> mx:<domain name> ip4:<main server IP>/<subnet mask in slash notation> ~all

Here’s a break down on what information you need to fill in:

  • <reverse DNS> – This is the reverse DNS record that corresponds to your mail server’s IP address
  • <domain name> – The is the domain name for your email address
  • <main server IP> – This is the IP address that email for your domain will originate from
  • <subnet mask in slash notation> – This is a little trickier, because you will need your IP block information from your ISP for your Internet connection. You may have this information, but be unaware of how to translate your IP to slash notation.
    You can go to http://www.akadia.com/services/ip_routing_on_subnets.html and towards the bottom of the page you will find the complete subnet mask to slash notation list.

Here is a great page to test your new SPF record:

http://www.kitterman.com/spf/validate.html

 

Share your thoughts

css.php