All of the major email providers now pretty much require you to do the following when transmitting email to them:
1) Use a static IP address. They can check ARIN's whois to see if you aren't using one 2) Setup a legitimate reverse address record in DNS 3) Setup SPF & DKIM 4) Have an abuse@ email address at your domain that a human reads 5) Have a postmaster@ email address that a human reads (required by SMTP RFCs) 6) Have TLS 1.2 turned on in your SMTP MTA (TLS 1.3 will be required soon enough) 7) Use correct envelope and header DNS addresses 8) Register with them as a bulk mail provider if you are sending email on behalf of other people. Even if the amount of email you send is very small In addition if a spammer does break into one of your mailservers and uses it to relay - it does not matter if after you clean up the mess and close the account, you then get yourself off all the public blacklists - it can take many months before your IP address is purged from their internal blacklist - and none of them now have any mechanism (that works anymore) to request early de-listing. The reality is that if you run public mailservers with accounts that the general public can use - which I do, incidentally, even though it's really almost hobby income anymore, sooner or later one of your users is going to have a password leak and a spammer will use your servers as a relay. I have early warning detection running on my servers and when this kind of activity starts I shut it down, but in the past I've had super-poor users who repeatedly didn't get the message to de-virus their crap, and I've had servers blacklisted. This is why I have more than a single static IP because once you get on one of the internal blacklists at one of those email providers you have to renumber your mailserver, and wait for them to purge the burned number. In short, all of this is deliberate - the large email providers are pretty much telling everyone, if you want to send us SMTP mail directly, then go big or stay home - we really don't want email from you unless you are willing to do this - it forces people to go though a huge amount of effort and unless they are willing to become expert postmasters, they give up and just find some other mailserver host to relay through. Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of Keith Lofstrom Sent: Friday, November 7, 2025 1:57 PM To: wes <[email protected]> Cc: Rich Shepard <[email protected]>; Portland Linux/Unix Group <[email protected]> Subject: Re: [PLUG] Mail not delivered message (rejecting linux?) > On Thu, Nov 6, 2025 at 11:13 AM Rich Shepard > <[email protected]> > wrote: > > A few days ago I tried sending a message to someone at kpijci.com. On Thu, Nov 06, 2025 at 08:50:52PM -0800, wes wrote: > so, the problem is likely something going on at godaddy. unfortunately > there is not much we can do about it. it is up to godaddy's customer > to call them and work this out with tech support. How Linux friendly/hostile is godaddy? They may purposely reject many private/personal/Linux mail sources. Best excuse: many spambots use cheap-to-deploy Linux. Evil excuse: collusion with with $$$ email providers. Likely excuse: lazy, we are too much effort to deal with. ----- Best response: "Lazy" can include *you and me*: lack of certifications for some of our sites and servers. Perhaps we should schedule a virtual "cert clinic" and arrange for ALL of us to both: 1) create certs for our individual domains and world-facing personal email servers. -- AND --- 2) create a shared email relay server "mail.pdxlinux.org" with certs, and funnel some member mails through that. That might incorporate a shared spam server for incoming, and zombie detection for our hijacked personal servers. Also, for verification purposes, "if you say you're a member, you're a member" should not automatically include 10,000 new member/spammers Out There joining to use the pdxlinux member shared server to relay spam. I would be glad to include new remote members who we can vouch for, or better yet, visit and party with. ----- I write this a lazy non-newbie who hasn't arranged certs for DECADES. Mea goddam culpa. Keith L. -- Keith Lofstrom [email protected]
