We configure DNS to pass the control of Anti Spam filters
We’re happy that our email server protects us from junk messages by rejecting them or putting them in the SPAM folder, but how can we prevent the same mechanism from preventing our emails from having the same fate, preventing the email from ending up in the spam folder, even when we use our Odoo4Wisp management system?
Spending some time in addition to composing eye-catching email content, configuring our DNS will allow us to maximize the investment required for the implementation of a newsletter or automated communication system with our customers containing alerts. The penalty to pay in the case of not paying attention to these details is that our communication reaches only a part of our contacts because of the recipients mail server’s protection system, which may classify our email as SPAM, depositing them, at best, in the relevant folder. But things could be even worse, in fact by not giving weight to the problem, we will worsen, the “reputation” of our mail server, which will inevitably lead us to be placed on the dreaded black lists. Terrified? Don’t worry, you will soon realize that it is not difficult to prevent the email from ending up in SPAM.
In order to fully understand what various factors come into play in managing email classification, this guide provides both basic instructions, suggested for updating one’s DNS configuration independently, and descriptions of the operation of the systems used in the suggested configurations, useful for making custom configurations suitable for specific needs. If these topics are already known, or you are only interested in the operational part of the guide, you can go directly to the Let’s Configure DNS point.
How to prevent your email from ending up in SPAM: Table of Contents
- What is SPAM
- We check the “Deliverability” of one’s E-Mail address
- We test the quality of our email
- Let’s configure DNS.
- Useful tips
What is SPAM and how to prevent your email from ending up in SPAM
To date, commercial communications take place mainly through email messages. In order to make the service more usable, the mail servers that receive messages very often take charge of detecting so-called SPAM messages, messages from senders who mass forward messages, whether for lawful or unlawful purposes, but with whom you have no relationship whatsoever. Lhe word SPAM originates from “spiced ham” food forcibly offered to patrons of an inn in a
sketch
1970s comedy sketch by
Monty Python’s Flying Circus
We check the “Deliverability” of one’s email address
Before making the necessary optimizations to make your e-mail address more reliable, it is good to take stock of its “deliverability” ( or delivery rate). The systems used to classify email messages as SPAM are basically 2: the black lists and the methods that allow the authenticity of the message to be validated. The content of the message also contributes to its classification, but this aspect has less of an impact on classification than the first two elements mentioned above.
What are DNS, Black Lists and Control Methods.
DNS (Domain Name Server) is the system by which a server’s IP address can be linked to an alphanumeric string. To give a practical example, it is the system that allows us to reach the server where our website is hosted, normally identified by an IP address, by typing into our browser, an easily memorized text string (e.g.
www.vayu.it
). To enable on the entire Internet a rapid conversion from ip to domain name, with defined frequencies the configuration of each server is copied to the other DNS servers scattered around the world. The process is completed within a range of a few hours to 72.
Le
Black list
are lists, continuously updated, of IPs or email domains that have been flagged as spam or with harmful content. These lists are used by the anti-spam systems of mail servers, to perform classification of each email we receive. Configurations can be made on each domain that allow the servers to verify the authenticity of received emails. These methods are known as SPF, DKIM and DMARC.
What is the SPF
(Sender policy framework) is a method by which recipients can check the record of your domain where you have authorized your host or sending service to deliver newsletters on your behalf. In other words, it helps your recipients determine whether an e-mail is a scam or not.
What is DKIM
(Domain Keys Identified Email). It is a digitally signed authentication method created to prove the legitimacy of an email sender and the server from which this email is sent. After your message is sent, the destination mail server extracts the digital signature and applies local rules based on the results of the signature test.
What is DMARC
(Domain-based Message Authentication, Reporting and Conformance), is an email standard that confirms the identity of the sender, using SPF and DKIM, tells the recipient’s email service what to do with emails that have failed the check, and asks recipient email services to provide reports on where the email came from.
We test the quality of our email and its spam level
To test how reliable our emails are considered to be, it is possible to take advantage of some tools that return a report on the quality of the email address we wish to use to send commercial messages to our customers. To illustrate its operation, in this guide we will use the free service
mail-tester.com
but there are many others on the net. Going to the website
https://www.mail-tester.com/
, on the home page you will get a personalized address to which you can send an e-mail from the address we want to test.
Test: how to check how spammy your emails are
After sending the email to the given address you can return to the site and within seconds we will get a report divided by sections, ending with a global index that we can use to see if our optimizations have been successful.
The most important sections of the report
All sections of the report provide important information on how to improve the quality of our email with a score that will help define the final one and thus how to prevent the sent email from ending up in SPAM, but for the purpose of this guide we will comment on the most useful ones.
SPF, DKIM and DMARC authentications.
In the section on authentication we are provided with information on the implementation of the mentioned configurations. Clicking on the down arrow located to the left of the selection title will open a list that will allow us to see what authentication methods are already present or missing in our DNS configuration.
The email blacklists
The section shows the list of the many black lists that contribute to the classification of mails. For each list is indicated the presence or absence of the email we used and the link to the list useful to take action on that specific list and request its removal. In fact, each list has its own procedure that you can follow by following the directions provided on their site.
List of sample email blacklists
Let’s configure DNS.
The key to improving the efficiency of sending our emails is to configure the SPF, DKIM and DMARC protocol within the DNS of one’s domain. Before making the change, it is useful to conduct a check on its configuration status. One method is to resort to a test such as the one shown in Let’s Test the Quality of Our Email. If of the report shows that one of the SPF, DKIM, or DMARC protocols has not been implemented, it is necessary to proceed to modify the DNS of the domain to which the e-mail corresponds by adding a TXT record or modifying the existing one.
We manage the SPF string
Normally the SPF string is already present in the standard DNS configuration. If, on the other hand, our tests show that it is not present, it will be necessary to add a dedicated TXT record with the following :
- In the field “Host”leave blank
- In the “Value” field we enter: “v=spf1 include:_spf.aruba.it -all“
NB. the text “_spf.aruba.it” is valid only if you use a domain hosted on Aruba servers. for other providers consult available documentation or their service department.
For details on how to edit the TXT record, it will be sufficient to consult the documentation made available by your service provider.
In case you are using an external server
a different configuration is required. Themeaning of the string symbols is as follows:
- v: Protocol version
- -all: indicates that all other servers are not allowed to send messages for the domain
- ~all: indicates that all other servers are not allowed to send messages, but that the message can still be accepted even if sent from unauthorized servers as long as it is not flagged by spam filters
- ?all: neutral indication, message handling is at the discretion of the recipient
- includes: adds the reference to the mail server to be used
Details on advanced DNS configuration are available through an Internet search. Google provides this guide on advanced de SPF configuration setup.
We manage the DKIM string
If you use the
Aruba mail service
, that is, you have not changed the MX to “point” to an external service,
the DKIM signature is already active by default
and is automatically included when using Aruba.it outgoing mail servers. In case you are working with
providers that have not implemented the DKIM signature
by default in the domain, you need to contact technical support for its implementation, which consists of creating the digital signature and entering it into the DNS.
We manage the DMARC string
DMARC is a recently introduced method implemented by many mail handlers to reduce attempts at Phishing e
Spoofing
. As we have seen in the
definition
DMARC allows you to provide guidance to the recipient server on how to process email and can only be implemented if you have already configured SPF and DKIM. It also allows you to receive reports from recipient mail servers useful for understanding which messages sent from your domain pass SPF and DKIM authentication . For an in-depth tutorial on DMARC configuration, you can check out Google’s guide this
link
An example of a DMARC string
- In the field “Host
“
of the DNS we enter:”_dmarc“(.nomedomain if not already present in the configuration) - In the field “Value
“
of DNS we enter, “v=DMARC1; p=reject; rua=mailto:postmaster@miodominio.it, mailto:dmarc@miodominio.it; pct=100; adkim=r; aspf=r.“
In detail:
v
: mandatory tag, indicates the version of the protocol
p
: mandatory tag, indicates the criterion for the domain, i.e., what the recipient should do if the check fails,
-
- p=quarantine – places the message in the recipient’s SPAM ,
- p=reject – the recipient will reject the message ,
- p=none – indicates to the recipient not to take any action if the check fails.
pct
: optional tag, indicates the percentage of messages subjected to the filter.
rua
: optional tag, indicates the email address on which to receive aggregate reports on messages that failed the check.
ruf
: optional tag, indicates the email address on which to receive forensic reports on messages that failed the check.
sp
: optional tag, indicates the criterion for domain subdomains (“none” to take no action / “reject” to not accept email / “quarantine” to put in spam ).
aspf
: optional tag, indicates to the recipient server the degree of restriction to be adopted when checking SPF and DKIM signature of an e-mail (s=rigorous, r=relax).
Relax mode will accept authentication even if the email is sent from the subdomain. Strict mode accepts authentication only when the sender’s domain exactly matches SPF / DKIM domain.
Note: To simplify the choice
of the options to be used for the DMARC record, you can use DMARC record generators available online for free (e.g.
dmarcadvisor.com
)
How to use DMARC reports
As we mentioned, it is possible to obtain through daily reports from each mail server that receives our mails, detailed information about the amount of mails sent and their authentication status. This information will allow us to improve our emailing service and possibly intervene very quickly on our service in case of problems. In particular DMARC reports indicate:
- What third-party servers or senders send mail for your domain
- What percentage of your domain’s messages pass the DMARC check.
- Which servers or services are sending messages that do not pass the DMARC check
- What DMARC actions the destination server performs with respect to unauthenticated messages sent from your domain: none, quarantine, or reject.
If the reports show that most messages exceed the DMARC check, the DMARC policy can be updated to a more restrictive setting. In this way you can better protect your domain from “spoofing.” In case you use an external mail server (see in the useful tips When it is useful to adopt an external mail server.) it is necessary to update our DNS with the data of the provider’s server.
Note: DMARC reports are provided in XML format. Reading them is not always easy, but in case the messages are important to our business, online report monitoring services can be used.
Useful tips to prevent emails from ending up in spam
How to avoid blacklists.
To avoid the risk of being blacklisted or flagged as a spammer, it is essential to take the following steps:
- Send emails only to contacts who have given explicit and voluntary consent to receive communications
- Do not purchase or rent, under any circumstances, email address lists from third parties
- Do not add email addresses to an existing contact database: email addresses should only ever go through double opt-in confirmation
- Do not send messages to publicly available contact lists
- Do not collect contacts and email addresses on the Internet.
When it is appropriate to adopt an external mail server.
As we have seen
the reputation of the sender is one of the important factors
for the destination servers of our emails not to classify them as SPAM. Adopting an external server relieves us from the tasks of monitoring and updating our own systems to maintain a high reputation for the email delivery system used for a large number of emails.
Credit: Cover photo by Gerd Altmann from Pixabay