Tuesday, September 29, 2009

Tips to avoid getting your server blocked by Hotmail/Yahoo/Gmail

SkyHi @ Tuesday, September 29, 2009
---------- Symptom ----------

* Clients send messages from your server , but do not either show up, or go to the "SPAM box", in the Internet Service Provider (ISP): MSN/hotmail/AOL/Yahoo inbox
* There are no error messages in the log file.
* Your main server IP address and/or hostname is not blocked or blacklisted on any of the popular DNSBLs.

If you believe that the feature "Sender verify callout", is causing problems, read on to find out more. Click here to read about "Send verify callout" in this Knowledgebase.

If you're experiencing problems sending email messages from your server to any of the ISP including: Hotmail / Yahoo / AOL, Gmail, Comcast we suggest the following:

1. Assign an IP address to every client sending out large number of email messages. Yahoo! Mail, for example, keeps reputation data about each IP address sending out messages to their system. By doing that, you make it easier for Yahoo! Mail to determine the IP address' reputation.

ISPs look at the reputation of the domain and the reputation of the IP address used to send email messages from.

2. Manage your and/or your client's lists by paying attention to bounces and rejections. Clean lists get higher-priority delivery than others.

3. Don't act and/or any of your clients act like a phisher:
* Don't use an IP address as part of your email address. Use a valid domain name hosted on your server.
* Don't include HTML forms in email messages. Submitting and/or including forms in email messages is considered security threat for many ISPs.
* Don't include JavaScript code in email messages.
* Don't include embedded objects in email messages such as: Flash or Active-X.
* Don't re-send rejected messages. If a message gets rejected, it will not be accepted anytime soon. Re-sending rejected messages is a waste of resources and makes you appear to have a dirty list.
4. Use standard POP and SMTP Mail Ports, only.

5. Use a consistent From: header address. Your domain name is an important element of your brand. Using it consistently helps in distinguishing email sent out from your server from SPAM.

6. Be CAN-SPAM compliant.

7. Make sure all domains sending mail via your server have an appropriate email authentication such as SPF record ( http://spf.pobox.com) and DomainKeys.
Add SPF entry in your DNS zones using the following:
""v=spf1 a mx ip4:SERVER_MAIN_IP_ADDRESS -all" In some situations, some of your customers might have dedicated IPs for their sites and their MX and A records point to those IPs. Those IP address' are NOT the main IP address' for the server. By default, on a cPanel and/or a DirectAdmin powered server(s), the main IP address is the one which sends out mail. So if the main IP of the server is, then you need the following as a minimal SPF record for all domains on that server:
"v=spf1 a mx ip4: -all" MSN/Hotmail recommends using -all terminators in the SPF record. Click here to read about HowTo create a SPF record for a domain.

8. Make sure the IP address that your server sends mail from (which would be the main IP address), has:
1. Valid reverse DNS (rDNS); and
2. That rDNS is reflective of your hostname, rather than some generic record that your upstream IP provider has put in place.

9. Run the following two commands to see if your hostname is associated with the main IP of your server:
nslookup your.hostname
(where YOUR_SERVER_MAIN_IP is the main IP address of your server). The system should return your_hostname

10. Go to: http://www.openrbl.org and make sure your main server IP address and/or hostname is not blocked or blacklisted on any of the popular DNSBLs. We also suggest you read this article "How can I find out if my IP Address(s) have been blocked by an anti spam company?"
Although your main IP or hostname might not be listed there, it doesn't mean that it is not blacklisted or negatively scored by AOL or Yahoo or Hotmail or www.rr.com. It is likely that AOL or Yahoo or Hotmail or www.rr.com negatively scored your server due to past traffic from that IP address before your server was using it.

11. Disable the feature Autoresponder on your server. Click here to read why are Autoresponders bad?

12. Make sure your users aren't forwarding all of their email, which might include spam, from their accounts hosted on your server to an @aol.com or @yahoo.com or @hotmail.com email address. That will surely cause future emails from your server's IP address to be considered un-safe or spam by those entities.

Stopping customers from forwarding their email is very difficult. Since it is not possible to guarantee that all email messages forwarded from your server to AOL / Hotmail / Yahoo are not spam or don't contain spam, you need to let your customers know that their email might be rejected by those entities. As a host , you need to enable SpamAssassin, or any good spam filter, on all accounts hosted on your server. Make sure spam rules are up-to-date all the time.

13. Secure your mail servers. Ensure your mail servers are not open proxies or relays. Keep your Mail server up-to-date with the latest security patches to help prevent spammers from using your resources and tarnishing your reputation.

14. Secure and harden your Web servers.

15. Make sure all scripts either Php and/or Cgi/Perl such as: formmail/cgimail are secure and can not be used by spammers to send out email.

Even after you've followed all of the above instructions, you and your users may find that their email does not arrive, or ends up in the Spam folders of Hotmail, Yahoo, AOL, and so on. In this case, read and follow the instructions of the ISP:

o Conditions To Bulk Sender Status
o Sender Best Practices
o Whitelist Information
* Comcast
o Mail to Comcast is rejected and is returned with an error message containing the code BL004. What does this mean?
* Gmail
o Bulk Senders Guidelines
o Bulk Sender Contact Form
* Hotmail
o Microsoft Guidelines
o MSN/Hotmail Technical Support
* Yahoo
o What are some best practices when sending to Yahoo! Mail?
o My email is being blocked by Yahoo! Mail. What can I do?
o Why was my SMTP connection rejected?

We'll be more than happy to apply the best possible spam rules, secure, harden, and optimize your Mail server. Please contact us at: customerservice@servertune.com

Reference: http://servertune.com/kbase/entry/270/