ESN . POSTMASTER

Extra Security Networks


Best Practices for email senders

Conforming to these best practices for email senders will help ensure delivery to mailboxes on our network. Complying with these practices will also help your delivery to AOL, Yahoo, Gmail, Comcast and many other destinations.

Comply With MAAWG Published Best Practices
The Messaging Anti-Abuse Working Group (MAAWG) is an industry group of ISP's, email service providers, search portals, hosting providers, and anti spam vendors. MAAWG regularly publishes guidelines and best practices documentation on their web site.

Please review the Sender Best Communications Practices, Version 2.0 document. Published by MAAWG on April 1st 2008. Pay close attention to page 5 of the document.

Clearly Identify Mail Servers On Your Network
Many ISPs provide generic reverse DNS entries for all static or business class IP adresses on their network. These generic entries may look something like "173-167-1-2-ny.hfc.comcastbusiness.net" or "6d.b7.1243.static.someisp.net". While these rDNS entries do identify your assigned IP addresses as static or business class addresses, they do not help us to determine if the IP address is authorized to send email for your organization or domain.

  • Do not use generic PTR records for mail servers
    e.g., use smtp1.foo.com, not 1.2.3.4.my.isp.net

In most cases, you will need to contact your service provider for creation or modification of rDNS entries. Please have them set the rDNS entry for your mail server IP to a domain name that you directly control, and a host name that clearly identifies the server as a mail server.

Configure Forward Confirmed Reverse DNS (FcrDNS)
e.g., 10.31.145.81 = smtp1.foo.com, and smtp1.foo.com = 10.31.145.81

  • The IP address of the sending mail server must have a reverse DNS record (PTR)
  • That PTR must resolve to a forward (A) DNS record
  • That forward (A) DNS record, must resolve back to the mail server IP
  • The FcrDNS host name should clearly identify the server as a mail server.
  • Do not use generic PTR records for mail servers
    e.g., use smtp1.foo.com, not 1.2.3.4.my.isp.net
  • Try not to change the reverse DNS entry for your mail server very often
     
  • FcrDNS, as defined by wikipedia
  • FcrDNS testing tool
  • MAAWG documentation regarding FcrDNS (see page 5)


Configure A Valid Helo/Ehlo Name
e.g., smtp1.foo.com = 10.31.145.81

  • The helo/ehlo greeting from your mail server must be a fully qualified domain name (FQDN). smtp1.foo.com, rather than just "foo".
  • The helo/ehlo FQDN must resolve on the internet.
  • The helo/ehlo FQDN should match the FcrDNS host name of the mail server
  • Try not to change the helo/ehlo greeting for your mail server very often
  • Do not use intranet helo/ehlo host names to sent internet mail (foo.local, foo.lan, localhost.localdomain)


Know Your Network

  • Secure your mail server and network
  • Monitor your network for significant or rapid changes in outbound email volume
  • Providers: Don't accept spammers as customers. It will get your IP black listed
  • Providers: Don't help spammers by constantly giving them new IP's on your network. This will get your entire network black listed.
  • Secure your users
  • Throttle your users/customers. A user that regularly sends 250 messages per day, shouldn't be allowed to send 2,000,000 messages
  • Regularly inspect your mail server log files for configuration problems on your server
  • Users: Don't accept an IP address from your provider, that has been blacklisted for spamming in the past
  • Users: Don't host your email server with a provider who regularly accepts bulk mailers as customers
  • If your emails are important and time critical, don't retry delivery for 4 days


Respect Our Network

  • Don't send bulk, unsolicited email to mailboxes on our network
  • Don't configure your mail server to retry undeliverable mail once every 60 seconds
  • Don't retry failed deliveries for 4+ days
  • Honor 5xx errors and remove those addresses from your mailing list
  • Limit your use of multi-recipient emails
  • Inspect your own configuration and make sure you are conforming to best practices, before you ask us why your email was rejected