On Sat, 8 Nov 2025, Ted Mittelstaedt wrote:
All of the major email providers now pretty much require you to do the
following when transmitting email to them:
1) Use a static IP address. They can check ARIN's whois to see if you aren't
using one
2) Setup a legitimate reverse address record in DNS
3) Setup SPF & DKIM
4) Have an abuse@ email address at your domain that a human reads
5) Have a postmaster@ email address that a human reads (required by SMTP RFCs)
6) Have TLS 1.2 turned on in your SMTP MTA (TLS 1.3 will be required soon
enough)
7) Use correct envelope and header DNS addresses
8) Register with them as a bulk mail provider if you are sending email on
behalf of other people. Even if the amount of email you send is very small
Ted,
I run postfix (from my static IP address) and don't send bulk emails. I used
to send newsletters to a large audience and I used mailx for that.
In addition if a spammer does break into one of your mailservers and uses
it to relay - it does not matter if after you clean up the mess and close
the account, you then get yourself off all the public blacklists - it can
take many months before your IP address is purged from their internal
blacklist - and none of them now have any mechanism (that works anymore)
to request early de-listing.
My logs show me all the intrusion attempts. So far, in 28 years none
succeeded. I'm not an ISP so I don't have accounts, only me as both root and
a user.
Rich
