Email delivery management grievances

email whitelist

Solution 1:

I find far too many legitimate sites are shooting themselves in the foot. They (unwittingly I hope) configure their servers in such a manner that they appear to forging their identity. Common problems include:

  • Missing or incorrect PTR record.
  • A record for the PTR does not point back to the originating IP address.
  • The name used in the HELO command has an invalid top level domain like local, lan, or localdomain.
  • The name used in the HELO command does not have an A record.
  • The A record for the name in the HELO command does not return the IP address being used.
  • No SPF record for the domain being used in the HELO command.
  • No SPF configured for the domain of the envelope sender.
  • SPF for the domain of the envelope sender prohibits use of the IP address being used to send the email.
  • Domain is not listed with DNSWL.org.
  • Configuring the address of the mail server as a second level domain (example.com) rather than a third or forth level domain (mail.example.com).
  • Not accepting mail to postmaster.

Avoid all of the above, and you will have a much better chance of getting your mail delivered.

EDIT: I have found Port25 Solutions Inc. has a very good automated verification service listed on their E-mail Authentication page. Many thanks to them for their fine service. It is designed to verify DKIM signatures, but gives excellent feedback for most of the items listed above. Check in the Port25 resources section, and use the appropriate email address to get the results mailed to your desired e-mail address. Remember if you need to do DNS changes it can take a day or so to be reflected in all the caches. Worst case should be two times your Time to Live setting.

Solution 2:

There's not much anyone here can say to help you -- your problem isn't technical as you've mentioned: It's a matter of principle.

Unfortunately email in the 21st century is very much a "You want to talk to my users, you play by my rules" thing. If you want to resolve this issue you need to submit yourself to the remote site's whitelisting procedures.

I don't necessarily agree with this myself -- It does go against the spirit of mutual cooperation that makes email (and the internet in general) work -- but given the fact that roughly 50% of the mail that comes to my domains is spam and gets discarded by filtering I do understand it. In fact when we get complaints that clients aren't able to send email to us we follow similar procedures in gathering the valid list of sending servers and whitelisting their domain. It's not pretty, but it keeps the volume of junk in everyone's inbox manageable.

As a consolation prize I offer you a copy of the email lecture that I give to new support techs when they send me their first "X says Y can't get email from them" -- It's certainly not something you can tell your clients/users, but it may give you a laugh during the dark times of email troubleshooting. Feel free to embellish as appropriate :-)

EMail is not a reliable delivery system.  There is no guarantee that any message
sent by party A will be received by its intended recipient, or by anyone at all.

EMail depends upon the cooperation of the sender & recipient's servers, as well
as potentially dozens of other servers that will handle your message along the way.
Each server has its own standards for what is or is not an acceptable message, and
may delay or discard your email for any reason, or for no reason at all, and they
probably will not tell you (or your sysadmin) what they're doing.

If your correspondence is time-sensitive or critically important email may not be
the best medium. Consider a telephone call, or if sending lots of documents
FedExing a CD.

Solution 3:

I understand your frustration but I also understand why an ever increasing number of systems are going a bit overkill on spam. That's the way things are and, whether we like it or not, we simply have to live with it. Spam is a serious problem that's wasting vast sums of money.

In the majority of cases you won't need to request a whitelisting if your own system is well configured. By well configured I mean having things that may not actually be required by any standard but are expected based on common usage. Things such as proper SPF records, DKIM and/or DomainKeys, etc.

As for the debatable issue of systems quietly swallowing emails that are identified as spam, it's a sad reality that if those messages are actively rejected they very frequently result in a large increase of spam from the same source. Current needs dictate that the standards sometimes have to be violated, simply because there are too many people prepared to abuse the systems.

Related

How do MyISAM and InnoDB Utilize HD Space?
How do I setup sshd to require both a private key and a password?
Keeping up with security [closed]
Nginx protect directory with password, except for specific ip's
How do I configure SPF for multiple domains on a server? (also allowing gmail as a sender)
apache server-status not found. check if mod_status is enabled
How to create robots.txt file for all domains on Apache server
Is it possible to limit a Linux process so that it can only run on a particular core on a particular machine?
What are the ramifications of setting tcp_tw_recycle/reuse to 1?
How extensive is the use of Microsoft WINS nameservice these days?
Expire Files In A Folder: Delete Files After x Days
PTR record (rDNS) for multiple domains on a shared IP address