How to configure email server to send lots of transactional emails

email spam spam-filter email-server email-bounces

My organization is currently outsourcing email delivery to an SMTP service provider. We're considering bringing that back in house to deliver our own emails.

We send about 5k transaction emails per day in relation to order confirmations and shipment notifications. This kind of volume and the importance of these emails means that we need to make sure our mail server is configured as best possible to avoid the emails looking like spam.

The emails we send tend to be similar in that they are templated order confirmations so the risk is that the emails are classified as spam and we get blocked or our emails bounce.

With the outsourced email provider, we get good deliver-ability, but if we did it ourselves, we're worried that emails won't get delivered.

Our ideas so far include:

  • Setting up reverse DNS correctly
  • Setting up SPF records
  • Domain keys (not sure if this is easy or difficult)

What are the tips & best practice to set up a mail server which can send email of this volume and avoid being classified as spam?


Solution 1:

Consider registering with dnswl.org. There are also a few open services which will verify your configuration.

  • Definitely get rDNS right, and use a subdomain for the host. eg. mail.example.com not example.com. Ensure you have a proper static IP address which is not listed with spamhaus.org. Avoid using any part of your IP address in the DNS name.
  • Match the mailserver name configured in your software to the DNS name.
  • Do setup the required postmaster and abuse email addresses.
  • Ensure callouts for the sender addresss works, at least for the target server.
  • Consider implementing Bounce Address Tag Verification (BATV) to allow verification of bounce notices.
  • Definitely do SPF correctly. While spammers use it, it will help prevent spammers from using your address. Also do SPF for the server. See the FAQ at open http://www.openspf.org/.
  • DKIM will authenticate the signed contents which may be useful for your purposes. It doesn't have much impact on spam scores. I am finding that a lot of the existing signers have broken implementations.
  • Do setup appropriate policies for email being sent and received. Implement as many of these in the server as possible to limit incoming email.
  • Limit the servers you relay for to those inside your LAN which need to send email. Only accept email for your domain.

I have a post on Running an Email Server with some other comments. Its a bit of a rant as several legitimate posters send email that looks very much like Spam due to poor email implemenations.

EDIT: Typically services like smtp, mail, and www have service related names (sub-domains). In some cases these will have numerical suffixes like smtp2 or www1. This makes it simple to provide the services on different servers simple. The servers usually have their own hostname (sub-domain) which is unrelated to the sevice(s) they provide. These days the domain may be used for web traffic, but is is often immediately redirected to the web sub-domain.

Solution 2:

I'm assuming these emails are going to many different recipients at many different domains based on order information, status, etc., correct? So for any given external domain you might be sending just a few of those 5,000 emails? If so, then you should be fine. Just because you're sending a large volume of emails doesn't make you any more prone to being flagged as a spammer then a company that sends only a few dozen emails a day. Amazon.com sends hundreds of thousands of order related emails every day. Corporations that have thousands or tens of thousands of employess collectively send hundreds of thousands of emails a day. IBM, Microsoft, GM, and Walmart are all examples of corporations that send hundreds of thousands of emails every day.

If you follow the generally accepted "rules" for sending email, such as making sure your server is not an open relay, having valid rDNS and SPF records, etc. you'll be fine.

Related

What is the difference between the C0 and E0 stepping in the Intel Xeon 5400 family of processors?
What HTTP status code should an unconfigured domain return?
Shrink SQL Server data file, but not all at once?
How do you handle the default branch in Mercurial?
Elevated command prompt as another user
How to determine bottlenecks on Ubuntu LAMP environment
Adding the Source Repo to CentOS 5
What are the CPU Units used for in ProxMox?
Is it possible to make a USB port provide access to a file system?
Backup database at certain intervals?
How to disable software raid (mdadm)?
yum depsolving problems - package already installed?