Mail server IP reputation : Best practices

Ever wondered why your immediate response intended message was not replied in time, or not replied at all?

Everyone would have faced email delivery issues at times – like messages delivered to Spam directory or rejected/bounced back due to the number of reasons. Even if bounced back, we might have passed over it. Causing Mail delivery a mess for normal users and a nightmare for admins. Let’s find out how to prevent our messages ending up in the Spam folder of recipients.

Things to note as a Server Administrator

Pre check : Requirements for server setup:

The Outgoing IP ( of the Mail Server ) should be with a good reputation from day one. But the Data centres ( by mistake or due to negligence ) might deliver Blacklisted IPs to new servers. So, it’s wise to ask them to provide a Clean IP with the order. Also, ask them to add rDNS value for the Mail sending IP, preferably to server hostname .

A secondary IP for Mail service could be beneficial . Since most RBLs do not allow One-Click delisting, A secondary IP will be handy to go on the mail service, if the Mail IP got blacklisted. Still, this should not be a permanent change as stopping spamming should be more important. Also, stay away from TLDs with very bad reputation ( like .loan , .tk ) historically and use a popular TLD ( like .com , .org , .net ) to have a good reputation.

There are various methods to detect an ongoing Spam activity and limit it, in the server.

1. Mail limit alerts:

Most providers ( like Plesk, CPanel ) have an option to set ‘Number of emails (per hour)’ which will stop further processing of emails from the corresponding domain when the limit is reached. It will also send a notification to the Server Admin’s email address. Then, manual checking of the server logs and live transactions are needed to identify the spammer.

With the free Configserver Firewall & Login Failure Daemon (https://configserver.com/cp/csf.html), website scripts alerts ( like Local relay Alert, Script Alert ) and login alerts ( AuthRelay alert ) can also be set.

For Plesk servers powered by Windows OS and Mailenable, you can use a script to monitor the mail queues. ( like “SMTP Queue Overview Utility” at https://www.mailenable.com/addons_Diagnostic.asp )

2. External Monitors

Sometimes, even low number of spams can get your server blacklisted. And you will never be notified by the above options.

For such cases, an external Blacklisting alert can be set, like the RBLCheck plugin ( https://sysally.com/rbl-check/ ) . This will inquire major RBLs for your IP address on daily basis and alert you via email if any hits were yielded .

3. Mitigate Real-time Spamming:

There are no specific rules, but these measures should help to mitigate an Ongoing spamming.

a. Check log for recent top senders and their messaging pattern ( like Subject, Recipient addresses, From Header value etc )
b. Check Mail delivery failures or Bounce back messages received at the time.
c. Usually, Spam emails will have suspicious ‘Subject’ or will be sent to a list of users.

b. To stop spamming, reset the email account’s password as soon as possible. Then, make sure to reload necessary services ( like Dovecot cache, Exim ) to end any active login sessions. If the messages were sent by a PHP script, disable the script or parent directory if needed.

c. If an RBL provider blocks the IP, you should take immediate action to stop the spamming activity and notify them. Also, make the clients adhere to bulk mail policy of each recipient’s providers ( like GMail ) .

d. Modern control panels have options to automatically disable a mail account when a spamming activity is detected, thus controlling spamming activity without manual intervention, like “Hold outgoing mail” in cPanel Tweaks. Please refer to the complete options available in cPanel for this at: https://documentation.cpanel.net/display/74Docs/Tweak+Settings+-+Mail

Things to note as an end user

Genuine emails can also cause spam related issues. The point to be noted here is to avoid common email errors by keeping an eye on bounces and your recipient list.

1. SPF and DKIM

Make sure to have SPF and DKIM records for the domain so that the email message is authorised and the recipient server consider the email source as trustworthy.

2. Ever received a bounceback with “No Such User Here” message ?

Mail addresses often change, especially if you are sending to mailing lists, you should monitoring bounce messages and update your Address book to avoid future bounces.

a)Clean up Old/Unengaged recipients.

This will avoid Bounceback messages. Some RBL providers blacklist the IP if it sees attempted deliveries to inactive mail accounts. Such emails were considered as Unsolicited and affect server reputation.

2018-XX-XX XX:XX:XX XXXX-XXXX-XX ** [email protected] R=lookuphost T=remote_smtp H=mx-xxx.xxx.xx0.yahxxxxx.net [74.6.xxx.xx] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after end of data: 554 delivery error: dd This user doesn’t have a domain.com account ([email protected]) [-9] – mtaxxx.xxx.xxxx.xxx.yahxx.com

b) Avoid typo errors: You should make sure to add Recipients to your address book, which will help avoid typo errors in the recipient email address.

c) keep an eye on the autoresponders: Auto-responders even responds to noreply accounts too , like the one below :

2018-XX-XX XX:XX:XX XXXX-XXXX-XX ** [email protected] R=autoreply_dkim_lookuphost T=dkim_remote_smtp H=xxxxx.linxxxxx.com [xx.xxx.xx.xx] X=xxxxxxxxxx CV=yes: SMTP error from remote mail server after RCPT TO:: 550 5.1.1 Invalid recipient

These Auto-responders also affect reputation badly.

Note: There is already a feature request with Cpanel to avoid such occasions. Feel free to upvote the request if your servers are powered by Cpanel. ( https://features.cpanel.net/topic/ability-to-whitelist-addresses-that-the-autoresponder-should-never-reply-to ) .

d) Forwarders are sometimes dangerous. The recipient server will consider the message as a spoofed ( originated from an unauthorized server ) one.

2018-XX-XX XX:XX:XX XXXX-XXXX-XX 1gTSgd-00CWfv-Fr ** [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=xxxx.l.goxxx.com [172.xxx.xx.xxx] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after end of data: 550-5.7.1 Unauthenticated email from axx.com is not accepted due to domain’s\n550-5.7.1 DMARC policy. Please contact the administrator of axx.com domain if\n550-5.7.1 this was a legitimate mail. Please visit\n550-5.7.1  https://support.goxxxx.com/mail/answer/2451690 to learn about the\n550 5.7.1 DMARC initiative. q31si161465qtj.66 – gsmtp

If possible, please forward to a local address with enough filters, then forward to any external address.

3. To increase leads, one must purchase email list.

Do NOT use a free Email list as most would be dormant or spam traps which will affect sender reputation.

4. Quality over Quantity.

You should be able to send emails to too many people even with basic hosting plans, but the ultimate goal is to meet Quality and originality of the message. And, the more the number of recipients, the more damage a single suspicious message can cause to your server reputation.

Thanks for dropping by. Ready for the next blog?

12 steps to Secure a WordPress Site

The post Mail Server IP reputation : Best practices appeared first on Sysally.