In the modern day world of email delivery,
recipient ISPs place great amount of emphasis on verifying the
legitimacy of senders email to their customers.
By Linda Musthaler, Principal Analyst with Essential Solutions Corp.
I recently helped a client conduct a marketing campaign via email.
This company sent an email message to more than 2,400 people and had a
dismal response rate of 14 people. Looking back, we now see that at
least part of the problem could be that the message was blocked from
recipients' inboxes for various technical reasons.
In the modern world of email delivery, recipient ISPs place a great
amount of emphasis on verifying the legitimacy of senders attempting to
send email to their customers. As email volume increases, so does the
abuse of email by illegitimate senders using bots and other techniques
to send spam, viruses, malware, phishing ploys, and so on. As ISPs
continue to clamp down on their war against these illegitimate senders,
legitimate email senders can easily get caught in the crossfire,
resulting in their emails not being delivered or being delivered to the
spam folder.
There are important best practices and principles that must be
followed by legitimate senders to avoid the crossfire. These principles
apply to anybody running an email server that delivers outgoing email
messages, regardless of the volume or content of those messages. If your
company does any sort of email marketing or customer communications,
your email administrator needs to be cognizant of the settings listed
below, which have been provided to us by
Heath Morrison, vice president of technology for
SMTP.com, a service provider focused on email delivery.
Each of the following gives recipient ISPs a means of evaluating the
legitimacy of a mail server that is attempting to send them email:
DKIM settings
DomainKeys Identified Mail (DKIM) is a modern Internet standard for
authenticating the delivery chain for email messages. It operates by
signing messages with a special cryptographic signature that can be
verified but not counterfeited by a third-party source. The signature,
which is included in the message by a relay server in the delivery
chain, proves that the message passed through that server. This helps
prevent spammers and scammers from creating fraudulent messages
appearing to come from that source.
DKIM does not prevent spam from passing through a network, but it
gives recipient servers confidence in the source of the message.
Recipient servers can then more confidently use the reputation of the
delivery network in order to judge whether a message is legitimate or
not.
Configuring DKIM requires the functionality to be enabled in the
outgoing mail server, and it requires a small TXT record to be added to
the DNS configuration of the sending server's domain. The simplest way
to check whether a mail server is sending DKIM-signed messages is to
deliver a message from the server to a yahoo.com or gmail.com address.
Once delivered, you can check the Full Headers of the message received
to determine if the message passed the DKIM checks of that recipient
ISP.
Here is a
Wikipedia article for further reference.
Here's a
tool that SMTP.com provides for checking a domain's DKIM records in DNS.
SPF records
The Sender Policy Framework (SPF) is another Internet standard for
authenticating email messages. Unlike DKIM, however, SPF allows
recipient ISPs to authenticate the sender listed on the From header of
an email message. It does this by giving domain owners a means of
specifying which IP addresses on the Internet are allowed to send email
on their behalf. Recipient ISPs check the IP of a sending server against
this list of valid sending IPs to determine if the sender is legitimate
or not.
To configure SPF, domain owners must create a special TXT record in
their DNS configuration listing the valid IPs for relaying email. The
great thing about SPF is that it is not necessary to make any changes to
the outgoing mail server.
Reverse DNS
A standard, forward DNS record is the association of a hostname with
an IP address on the Internet. The corollary to this is reverse DNS,
which uses an IP address to look up a hostname. Despite their
similarities, these two records are independent. Forward DNS is
configured by the owner of the domain. Reverse DNS, however, is
configured by the ISP that controls the IP address.
In the world of email it is important for everything to match. When a
mail server receives a connection from a particular IP address, it
performs a reverse DNS lookup for that IP address. This yields a
hostname. The server then performs a forward lookup on that hostname and
checks whether the resulting IP address matches the original IP address
used. This is called forward- confirmed reverse DNS (FCdDNS). If these
records do not match it can impact the delivery success for messages
from that IP address.
Here's a
Wikipedia article for further reference.
Here's a
tool that SMTP.com provides for checking FCdDNS for an IP.
MX records
In the world of email, MX records are DNS records that designate the
servers handling incoming email for a particular domain. This is part of
the basic framework of the Internet that allows senders to successfully
route email to recipients. Surprisingly, in the modern world of email,
the MX record of a domain plays an important role not just in incoming
email but also in outgoing email.
Recipient ISPs place a huge emphasis on the legitimacy of the sender
and server attempting to deliver email to their users. To that end, when
looking at the From address of a message, some recipient ISPs evaluate
whether reply messages for that From domain can successfully be
delivered. If an email address contains an invalid domain, or if the
domain does not have the basic facilities for receiving a reply message,
recipient mail servers may choose to reject or delay messages to their
users.
It is important to always use a valid email address on the envelope
of email messages, and to ensure that MX records for the domain are
configured in a way that allows that address to successfully receive
replies. Here is a
Wikipedia article for further reference.
IP blacklists
An IP blacklist is a third-party service that tracks IP addresses
that people may not want to receive email from. Servers receiving email
can subscribe to the blacklist service to help them determine IPs that
they should reject email from. Blacklists may include IP addresses that
have previously sent spam or viruses, or even IPs that simply represent
computers on the Internet that don't have normal reasons to be emitting
email.
There are a few common ways for a normal, well- managed mail server
to find itself on a blacklist: infected computers with access to send
email through the server, bad behavior by users of the server, or pre-
existing conditions.
It is important to always check the status of a fresh IP against all
major blacklists, to ensure that previous tenants on the IP had not
behaved in a way to land it on a blacklist. It is also important to
periodically check the blacklist status of an IP, particularly after any
incident where spam email may have been sent from the network.
Here is a
Wikipedia article for further reference.
source : http://www.activecampaign.smtp.com/resources/docs/best-practices
