Overview
This article contains helpful information to make sure that other servers or network do not mark your email as spam. You should not send spam from your server.
Use email authentication
DKIM and SPF
DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) authentication can assist in determining whether an email is sent by a trusted sender. DKIM is an email validation system that detects spoofing. It enables your mail server to determine whether the administrators of a domain have authorised email from that domain. The email contains a digital signature, which your mail server will use to validate the sender's public key in their DNS record.
To prevent email spoofing, SPF employs DNS records. When an email message contains forged sender addresses, SPF checks the DNS record for the sender's domain to detect the change in the email's header.
Note:
-
On servers running CentOS 7, AlmaLinux OS 8, or Rocky LinuxTM 8, you may see a named warning about the lack of SPF resource records on DNS.
Because RFC 7208 deprecated SPF records, this warning does not apply to CentOS 7, AlmaLinux OS 8, or Rocky Linux 8 servers. TXT records are used instead of SPF records on CentOS 7 servers.
Both Red Hat 7.1 and CentOS 7.1 include bind-9.9.4-23.el7, an updated version of BIND that complies with RFC 7208. To resolve this problem, upgrade your operating system to a version that includes the most recent version of BIND. For more information, read the Red Hat Bugzilla case about SPF record errors.
DMARC
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a technical specification designed to reduce the possibility of email-based abuse. A DMARC policy uses DNS to validate that an email message contains a valid DKIM and SPF record, as well as that the From: header matches those records.
To help protect their users from spam email, many large email networks require you to use a DMARC policy. Your server must use a DMARC policy to avoid email rejections or spam flags within these networks.
Configure the server PTR record
A PTR record resolves an IP address to a domain name. A PTR record resembles a reversed A record. Configure the PTR record of the primary IP address of your server to use the hostname of your server. If you have configured Exim to use a different IP address, ensure that the PTR record of that IP address uses the hostname of your server.
A record resemble the following example:
|
|
PTR records resemble the following example:
|
|
Spam and other networks
If email networks such as Gmail™, Yahoo, or Outlook mark your server’s email as spam, you must identify the reason and resolve the problem. If you have recently resolved an issue with spam on your server or you received a new IP address which previously sent spam, you must notify the remote network. Make certain that you review the bulk sender policy of large email networks.
- In most cases, Google automates their spam flagging system and requires you to wait for their system to restore your domain’s reputation. For more information, read Google’s Troubleshooting for bulk email senders and Bulk Senders Guidelines documentation.
Bulk email best practices
We recommend that you adhere to the following best practices:
- Use the same IP address to send all bulk email.
- Use the same email address in the From: header of your emails.
- Ensure that your email complies with RFC 5322.
- If your email uses HTML, ensure that it complies with HTML standards.
- Ensure that the contents of your email relate to the subject of your email.