SMTP server, SPF records, domainkeys

email spf smtp domainkeys

Recently we have setup a new SMTP server to send newsletters and promotional mails to our registered users. There are 5000 users who will receive newsletters on weekly basis. We are getting bounced mails, when we tried to send promotional mails first time. We have setup SPF records and domain keys as well. But we are not able to understand the reason why Yahoo blocked emails. Can you suggest how banks and other big websites send emails with out any problem?

Here is the content of bounced mail that was sent by Yahoo.

Could not deliver message to the following recipient(s):

Failed Recipient: [email protected] Reason: Remote host said: 421 4.7.0 [TS01] Messages from xx.xx.xx.xx temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html

Before we use new SMTP service, we used to outsource this work to third party email marketers and we did not configure SPF or domain keys that time. But it was successful. Which way actually they follow?


If you follow the link it is pretty self explanatory. You need to rate limit your mail and if still blocked contact them. Be prepared to show that that the user opted in with logged date, ip, etc.

Maybe not in this instance but as a general rule you may need to look at the content of your message and see if it looks like spam. By slightly adjusting your mail to remove or change elements commonly seen in spam you can drastically reduce your chances of being blocked.


Yahoo is a very prickly customer for volume senders. Here's a checklist:

  • Rate limit both messages per hour and connection count
  • Aggregate those values across all yahoo domains (e.g. yahoo.com, yahoo.in, yahoo.co.uk, btinternet.com and many more) as they all share live delivery records
  • Sign EVERYTHING with DKIM, even if only as an intermediary
  • Use a -all default action in your SPF
  • Add a SenderID record to make it defer to SPF, and register it with hotmail
  • For yahoo domains, remove addresses from your lists (and suppress from future additions) after a single hard bounce; it's part of their terms
  • Remove persistent bounces of any type
  • Honour unsubscribes
  • Use as many feedback loops as you can
  • Check sample messages with SpmAssassin - this won't help you against big ISPs specifically, but it will provide good suggestions
  • Don't change your IP; some feedback loops require 6 months established sending history
  • Make sure your DNS resolves both forwards and backwards
  • It might seem obvious, but don't send spam!

While certification and white-listing companies can help, they are often outrageously expensive and pretty much amount to a protection racket. Of the major ones, I'd say Habeas' SafeList is the one with the most integrity, though they are now owned by ReturnPath.

There's more too, but those are the basics. My company does all this for our mailing service and we've had peaks of over 2 million messages per day.

Related

What's been your company's biggest security leak?
slow software raid
Apache treating files with ".var[.]" in their names as type-maps
How do you find system manufacturer/model on Linux without root access?
Samba, Apache and SVN. Getting the permissions right
Hyper V network adapter configuration on parent partition
Making an ASA TFTP backup through VPN
how to change the maximum number of connection to Oracle database?
Windows Server 2008 R2 as VPN Server
List of Sysadmin Troubleshooting "Fire Drills"
Cisco IOS: Segregating VLANS
Unable to upload file FTP