On Thu, 13 Sep 2018 09:24:18 +0200 Peter N. M. Hansteen wrote: > The part about getting a static IP address with correct reverse > lookup is truly essential.
Yes, this hostmaster work is more important for deliverability than the *optional* TLS & DKIM stuff, which I still don't bother at all with... Along with correct DNS PTR records (and matching SMTP HELO hostname), basic SPF & DMARC DNS records are almost essential to send. With almost all inbound connections being spam, fighting that is the main task of the postmaster. Aggressive spamd settings are needed here. After that, the MTA needs to be able to check the DNS validity of the sender's SMTP HELO hostname, and check their DNS PTR record is valid, and both the mail's envelope and address from domains have MX records. Most spam is sent by infected consumer devices, which do not have valid reverse DNS, nor a valid HELO hostname. After greylisting, bad DNS is the biggest indicator of spam. An MTA needs a lot of DNS knobs to tweak. Following that, the sender's IP address needs to be checked against multiple reliable DNS black and lists, and a cumulative score being totalled up to decide to reject or pass on to the next stage of tests. TLS & DKIM have very little value. The postmaster instead needs to work closely with the hostmaster and concentrate on good DNS practice/tests. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
