Atwood on configuring servers for sending email that doesn't get marked as spam

[mouser]

The issues involved in avoiding mail sent by a server from being marked as spam are incredibly frustrating and convoluted.  Here's Jeff Atwood from Coding Horror talking about some steps you can take on your server to make sure mail sent from it gets to it's destination.  Gothic, the DC server admin, has been through hell and back dealing with such issues:

Just because you send an email doesn't mean it will arrive. Not by a long shot. Bear in mind this is email we're talking about. It was never designed to survive a bitter onslaught of criminals and spam, not to mention the explosive, exponential growth it has seen over the last twenty years. Email is a well that has been truly and thoroughly poisoned -- the digital equivalent of a superfund cleanup site. The ecosystem around email is a dank miasma of half-implemented, incompletely supported anti-spam hacks and workarounds.

http://www.codinghor...il-through-code.html

[JavaJones]

Oo, very useful article! Thanks mouser.

- Oshyan

[Gothi[c]]

Yep, we've had to follow each of the steps mentioned in the article, and some more.

It really is a business where the major email hosting companies and blacklist keepers have you by the balls.
Yahoo developed DKIM, so they give a negative score to all mail that doesn't use it, in order to push their software.

If you have a legit newsletter, with an opt out option, when users click 'mark as spam' too many times on these services, you get blacklisted. ( who believes opt-out does anything anymore anyway... )

Many of the blacklists allow you to pay money (bribes) to get whitelisted...

Many webmail services will ironically enough automatically send you to the spam folder if they doesn't see enough email traffic from you, the theory being you may just be a botnet drone somewhere on a home computer and not a real mail server.

Many are also now whitelisting instead of blacklisting.

What this may eventually end up doing is creating a climate where only a handful of large companies will be running email for the entire world (because they deny everyone else's mail). If you don't belong to the club, your mail is ignored. That in turn creates a situation of major privacy concern. If a handful of companies handle all mail in the world, they become one-stop shops for governments to subpoena your emails.

If you setup a new email server, it may take a long time to build up a reputation. And you had better keep an eye on your mail server logs, and make damn sure your configuration is clean.

Being an open relay is the obvious concern, but that's actually not so common anymore. Postfix, sendmail, qmail etc... all come with sane settings by default nowerdays which prevent that.  You have to worry about backscatter, and smtp password bruteforcing (which is ongoing nowerdays with botnets all over the place), and an ever growing list of other things.

The problem even goes so far that some major hosting companies have just given up on hosting email, and told their users to go use google instead.

Greylisting used to block 99.9% of all spam, that number is increasingly dropping. Moreover, it causes a delay of at least 5 minutes for all mail. Many people expect their mail to arrive instant, even though it was never meant to be an instant (or even guaranteed for that matter) message delivery protocol. I work for a hosting company, and you wouldn't believe the number of people that complain when their mail is slow.

The article author is right when it mentions e-mail is something to hate.