No more emails in Spam folder: SMTP server setup
We recently set up an SMTP server for our project. The question was: what should be done so that the letters sent to our users do not fall into the spam folder or get there as rarely as possible?
Several interesting and useful articles on this topic were found (links at the end of the article), on the basis of which everything was done as a result. But having received this morning a regular batch of mailings from fairly well-known Russian-language resources and seeing that they neglected the described rules, I decided to briefly and in one place collect all actions that are sufficient to solve the problem. I hope that after this number of sites that send mail as it should, will increase.
These tips are only relevant if you use your own SMTP server. When using, for example, Google's SMTP server, everything is already done for us. Usually. In any case, I recommend to check (see subsections How to check? ).
Items are located in order of importance. It is better not to proceed to the next, without completing the previous one.
')
The name speaks for itself. Reverse DNS lookup - reverse DNS lookup procedure. By IP address we, or rather the user's mail server, get the domain name. If it matches the domain name in the From field of the letter being sent, then everything is in order.
How to do?
In most cases, you yourself will not be able to do this if you do not own a range of IP addresses. Therefore, the only way to make this setting is to ask your hosting provider to do this.
How to check?
Use any of the online reverse DNS lookup services. For example, this one . Just enter the IP address of the server from which the mail is sent. If the result is your domain, then everything is in order.
DomainKeys Identified Mail (DKIM) is a method to make sure that mail is sent to those who have the right to do so. In essence, this is a digital signature protocol.
How to do?
I recommend using a very convenient service that automatically generates a pair of keys and describes what needs to be done step by step.
If you don’t want to trust your private key to an external service, you can use OpenSSL:
In any case, the next steps are as follows:
To configure the SMTP server, it is necessary that the server itself supports DKIM and specify the path to the private key in its settings.
If you want to make a signature in your code, then most likely you will have to find a library that supports DKIM when working on SMTP.
In the DNS of your domain, you now need to register two TXT records:
mail is a DomainKeys selector. In fact, it can be any identifier, but must match the one specified in the DKIM SMTP server settings.
How to check?
Send mail through your service to any GMail account. Open the received letter and select Show Original in the action menu.
If you find the following line, then everything is in order:
Sender Policy Framework is a system that allows you to specify IP addresses from which sending is allowed in domain DNS records.
How to do?
A detailed description of the syntax is available here .
In most cases, the following entry is sufficient:
This record indicates that mail can be sent from any IP specified in the A (AAAA) and MX records of this domain and only from them.
How to check?
Send mail through your service to any GMail account. Open the received letter and select Show Original in the action menu.
If you find the following lines, then everything is in order:
The described actions should significantly reduce the likelihood of your emails getting in spam. All other techniques are related to the content of the letter or how users react to it (do they often mark your message as spam?). But this is another story.
So You'd Like To Send Some Email (Through Code)
DKIM is easy
SPF Record Syntax
Several interesting and useful articles on this topic were found (links at the end of the article), on the basis of which everything was done as a result. But having received this morning a regular batch of mailings from fairly well-known Russian-language resources and seeing that they neglected the described rules, I decided to briefly and in one place collect all actions that are sufficient to solve the problem. I hope that after this number of sites that send mail as it should, will increase.
These tips are only relevant if you use your own SMTP server. When using, for example, Google's SMTP server, everything is already done for us. Usually. In any case, I recommend to check (see subsections How to check? ).
Items are located in order of importance. It is better not to proceed to the next, without completing the previous one.
')
Register Reverse DNS
The name speaks for itself. Reverse DNS lookup - reverse DNS lookup procedure. By IP address we, or rather the user's mail server, get the domain name. If it matches the domain name in the From field of the letter being sent, then everything is in order.
How to do?
In most cases, you yourself will not be able to do this if you do not own a range of IP addresses. Therefore, the only way to make this setting is to ask your hosting provider to do this.
How to check?
Use any of the online reverse DNS lookup services. For example, this one . Just enter the IP address of the server from which the mail is sent. If the result is your domain, then everything is in order.
Configure DomainKeys
DomainKeys Identified Mail (DKIM) is a method to make sure that mail is sent to those who have the right to do so. In essence, this is a digital signature protocol.
How to do?
I recommend using a very convenient service that automatically generates a pair of keys and describes what needs to be done step by step.
If you don’t want to trust your private key to an external service, you can use OpenSSL:
openssl genrsa -out private.pem 1024 openssl rsa -pubout -in private.pem -out public.pem In any case, the next steps are as follows:
- Configure your SMTP server.
- Register two entries in DNS.
To configure the SMTP server, it is necessary that the server itself supports DKIM and specify the path to the private key in its settings.
If you want to make a signature in your code, then most likely you will have to find a library that supports DKIM when working on SMTP.
In the DNS of your domain, you now need to register two TXT records:
_domainkey.example.com. TXT "t=s; o=~;"
mail._domainkey.example.com. TXT "k=rsa; t=s; p={REPLACE_WITH_PUBLIC_KEY_CONTENT}"
mail is a DomainKeys selector. In fact, it can be any identifier, but must match the one specified in the DKIM SMTP server settings.
How to check?
Send mail through your service to any GMail account. Open the received letter and select Show Original in the action menu.
If you find the following line, then everything is in order:
Authentication-Results: ... dkim=passConfigure DNS SPF records
Sender Policy Framework is a system that allows you to specify IP addresses from which sending is allowed in domain DNS records.
How to do?
A detailed description of the syntax is available here .
In most cases, the following entry is sufficient:
example.com. TXT v=spf1 a mx ~allThis record indicates that mail can be sent from any IP specified in the A (AAAA) and MX records of this domain and only from them.
How to check?
Send mail through your service to any GMail account. Open the received letter and select Show Original in the action menu.
If you find the following lines, then everything is in order:
Received-SPF: pass
Authentication-Results: ... spf=pass
Total
The described actions should significantly reduce the likelihood of your emails getting in spam. All other techniques are related to the content of the letter or how users react to it (do they often mark your message as spam?). But this is another story.
Links
So You'd Like To Send Some Email (Through Code)
DKIM is easy
SPF Record Syntax
Source: https://habr.com/ru/post/143951/
All Articles