A while ago I recently ran into a situation where email originating from one of my clients was being rejected by AOL and spammed by Yahoo and Hotmail servers (by spammed I mean email ended up in the designated account’s junk email folder). Over the years Hotmail, AOL, Yahoo and other mass email providers have had to scrutinize email more closely in order to reduce spam. Often times they will simply reject email from an email server that is not configured properly because of the likelihood that it is a spam email server. Here’s how to configure your email server such that its emails will be accepted by AOL, Hotmail, Yahoo and others.In my case the problem turned out to be a few missing adjustments, not just the standard missing reverse DNS entry. After some thorough testing I found that AOL will likely only accept email messages sent from servers with the following settings:
- The email server where your email originates from must have a valid reverse DNS or PTR record. It is preferred that the PTR record corresponds to the mail servers A record, but this is optional. So what does this mean?
- Every server/computer on the internet has a unique IP address (e.g. the webserver at nike.com has IP address 66.54.18.30) . DNS is what translates this IP address to the nike.com domain name. This way, when you want to go to nike’s website you don’t have to type some crazy IP address, just the domain name. Reverse DNS is similar to DNS, but it works in the opposite direction. Forward DNS points nike.com to 66.54.18.30, reverse DNS points 66.54.18.30 back to nike.com. Setting up both forward and reverse DNS requires some effort and to do it you must be the legal owner of the domain. Spammers often send emails that look like they are from valid domains (like nike.com for example) to make their spam look legit, but no matter how cleverly they craft their emails, they cannot create the proper reverse DNS or PTR records for their spam mail servers. Thus over time an unresolved PTR record has become a way for AOL and others to determine whether an email is likely spam or not.
- The EHLO prompt of the mail server echoes the same name specified in A record and rDNS PTR record. What does this mean?
- When your mail server initiates contact with AOL, they will check that your servers actual name matches its DNS name. It is easy enough to check this via telnet by connecting to your mail server on port 25 and typing EHLO <return>. If your mail server name does not match it’s DNS record, simply change it in the mail server configuration.
- The mail server has a valid SPF v1 record setup. What does this mean?
- This is probably one of the hardest things to fix. The instructions on setting up an SPF record for your domain are simple enough via “SPF Wizard,” but many hosting companies/ISP’s will not allow you to create a TXT DNS record which is required for SPF to be setup properly. In my experience it is best to call your hosting company/ISP and ask them to set this up for you. Just complete the wizard (check out the one for verizon.com below) and then you’ll have the TXT record that you’ll need to have your hosting company or ISP setup for you.
- This is probably one of the hardest things to fix. The instructions on setting up an SPF record for your domain are simple enough via “SPF Wizard,” but many hosting companies/ISP’s will not allow you to create a TXT DNS record which is required for SPF to be setup properly. In my experience it is best to call your hosting company/ISP and ask them to set this up for you. Just complete the wizard (check out the one for verizon.com below) and then you’ll have the TXT record that you’ll need to have your hosting company or ISP setup for you.
- The domain in the sender address resolves properly (forward and reverse). What does this mean?
- Resolving just means that the domain has a proper forward and reverse DNS record. To check this is simple enough, simply open a command window and type “nslookup yourdomain.com” and press enter. Your DNS server should return a non-authoritative answer for yourdomain.com and it’s proper IP address. Now type “nslookup <the IP address you got back in the previous nslookup>” and you should see yourdomain.com again. If this is not the case, contact your ISP / hosting company and tell them that your forward or reverse DNS entries are not set up properly.
- Resolving just means that the domain has a proper forward and reverse DNS record. To check this is simple enough, simply open a command window and type “nslookup yourdomain.com” and press enter. Your DNS server should return a non-authoritative answer for yourdomain.com and it’s proper IP address. Now type “nslookup <the IP address you got back in the previous nslookup>” and you should see yourdomain.com again. If this is not the case, contact your ISP / hosting company and tell them that your forward or reverse DNS entries are not set up properly.
These steps helped me sneak my clients exchange email past those Hotmail and AOL anti-spam systems. Hope it can help you too.
Comments
One response to “Configure your email server properly”
Great article thanks for sharing. It can be very bad for business if emails end up in the junk boxes of clients, it can delay completion of tasks and could lose you business!