

Ask HN: Best mail server practices for deliverability? - wpietri

I&#x27;ve run my own mail server for a long time. It&#x27;s not high volume; just me and accounts for various friends. I&#x27;ve never been an open relay or a spam source, but lately I&#x27;ve been getting reports of emails ending up in the spam folders of a major email provider. I&#x27;m looking to make sure I have all my email ducks in a row.<p>If you run your own mail server, what have you done to make sure your mail server&#x27;s mail is getting delivered? And if you work at a major email provider, what do you recommend legitimate small email hosts do to look maximally non-spammy?
======
jlgaddis
Off the top of my head: Don't emit backscatter. Don't allow spam to be sent
out. Have matching A and PTR RRs in place. Create SPF records. Sign outgoing
mail using DKIM. Make sure you accept mail for abuse@ and postmaster@.

------
27182818284
I am pretty interested in the Gmail alternative / run your own mailserver
threads. Gmail simply lacks the "WOW!!!" it had when I first signed up.

A few other issues that have had me looking for alternatives:

* False choices for new tech. If don't say Yes to transitioning to something like Google Hangouts, they make it really easy for you to push the button that says yes to hangouts.

* Google Apps for Business is pretty expensive when I actually see how people use it. 9/10 it is just for them to have the Gmail interface with their own domain. A lot of people forget that Google Docs exists until they accidentally click the "Open in Drive" or whatever.

* Spam protection has degraded with time. I receive more junk mail now then ever before. I think part of the email is because of the next bullet

* Wrong emails happen very frequently. Probably 2-3 times a week for me I receive a wrong email from someone _thinking_ they own my Gmail account. It has happened three times with Apple purchases alone. A custom domain would help mitigate this. These aren't malicious. They have my last name, but a different first name, but we have the same initial so I can easily see how they mess it up. Also the majority of people still don't realize the Gmail + sign trick or that periods don't matter.

* Lack of features. You added tabs? Thanks, ummm, I guess. Thank you for putting that in the Promotions tab when before every semi-clever person already had a filter set to move things like that into their own "Promotions" tab. That's the big innovation?

In other words, almost everytime I check ShowHN I'm hoping for a new Gmail.

------
ivegotmailyayyy
I have no issues with mail delivery. Here's what I did.

Step 1, get a Gmail account. Step 2, live your life.

If you're worried about privacy, don't. I've personally taken email data from
co-located machines to give to the government.

If it's a hobby, find a better one. Email administration is terrible.

~~~
wpietri
Why hello, newly anonymous account created just to be a dick. How surprising!
[http://www.penny-arcade.com/comic/2004/03/19](http://www.penny-
arcade.com/comic/2004/03/19)

~~~
ivegotmailyayyy
Don't attack me, attack my arguments.

You really aren't being any more private with your own mail server and it is a
very difficult thing to get right.

Large providers have peer agreements to help ensure delivery. You cannot get
better delivery than Gmail on your own.

~~~
wpietri
I'm not attacking you, I'm pointing out your shitty behavior. If you would
like people to pay attention to your arguments, try standing behind your
words. Similarly, try not being a dick.

You could also try making some actual arguments. All I noticed was some value
judgments.

------
wpietri
And for what it's worth, what I've set up lately includes SPF, DKIM, and
DMARC.

~~~
kazinator
SPF only protects your domain from being spoofed by others, and DMARC helps
you get reports about who might be doing that. You have a different problem
here in that you are somehow being identified as spammy by this big
organization's filters. The only way to combat that is to discover why. It
could simply be that you are co-located with spammers: your outgoing SMTP is
emanating from a spammy IP block, and you are collateral damage.

One important consideration for "deliverability" is who you choose for passing
on your SMTP.

~~~
wpietri
Reliable sources inform me that some big providers are using SPF, DKIM, and
possibly DMARC as a sign of non-spammyness.

I would love to discover any other reasons why my mail is getting filed with
spam. For what it's worth, searching various blocklists for my and neighboring
IPs doesn't turn up anything.

~~~
kazinator
If so, those big providers are wrong.

SPF, and those other mechanisms, are about authentication; but spam is not
defined as e-mail which is not authentic, but rather as unsolicited, bulk
mail.

That is to say, any scoundrel with a domain can publish an SPF record.

For example owner of "cheappharmaonline.com" can create an SPF record which
says that the SMTP servers of "dirty-spammers.com" are allowed to send
messages with "cheappharmaonline.com" as the SMTP sender. So when a machine
from "dirty-spammers.com" connects to to receivers and sends "MAIL From:
whatever@cheappharmaonline.com", that connection will cheerfully pass SPF
checks.

What the check indicates is that the mail is not a forgery: yes, it really is
a genuine spam from the owner of cheappharmaonline.com, and not a competitor
forging that domain.

Receivers must implement SPF checks in addition to existing anti-spam
measures, not instead of them. Anyone who thinks that messages which pass SPF
are "non spammy" will eventually learn otherwise.

~~~
kazinator
Case in point: I just got a piece of spam with the subject "75% OFF Internet
Marketing Services: Grow Your Business". It has a DKIM signature and passed
SPF.

~~~
wpietri
Oh, I agree that this shouldn't matter. But I can't have my email not getting
delivered until it does.

