mizzio wrote: > hello everybody, > > I apologize to ask an off-topic question, and feel free to point me to > any other resources on the net. > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > machine for sending out a periodic newsletter (10 millions a month). > > In order to avoid any possible blacklisting problem, I'm looking for all > the best practices. Right now I've set up: > > - Dedicated public IP address > - Dedicated domain and MX record with correct reverse resolution. > > I'm looking into in SPF but I have no experience on this. >
1- do not subscribe an address unless it is verified: you must send a message to the address, and the owner must reply. the confirmation message must contain something unique so that nobody can guess and send a forged reply. The thing is that: you must _guarantee_ that the _owner_ of the mailbox wants to get your mail. 2- you must remove addresses that bounce (after some number of bounces for instance). 3- you should re-ask for confirmation after some time (people do quit jobs and get replaced). once a year should be a minimum. 4- users must be able to unsubscribe via mail _and_ via the web, whatever they prefer (the reason is that if an address is no more used as "sender", the user will find it hard to unsubscribe via email). 5- the web unsubscription form should not result in an error. This may happen, but if it happens too often, it is a sign of a fake form. same goes for unsubscription by email. 6- accept all valid email addresses. For example, '+' is a valid character in the local-part (actually, almost all characters are valid if escaped). 7- accept mail to postmaster and abuse. and accept mail from the null sender address. 8- use a valid address in the From and Reply-To headers. don't use [EMAIL PROTECTED] 9- send valid mail. This includes correctly encoded headers (all headers are ascii. no accented letters unless encoded according to the MIME specification). 10- the machine that sends mail should have a meangful reverse DNS, and it must "match" (IP -> name -> ip should return the original IP). the helo name should match this IP (helo -> ip should yield the IP of the machine). Ideally, use the same domain for: sender, reverse dns and helo. This will help you get a "reputation". at gmail, this is enough to get you a "best-guess SPF". 11- implement SPF (only allow very few addresses). while I don't care for SPF for general use, I think it is good in the case of mass mailers. otherwise, "miscreants" may nuke your reputation. and if you send mail to hotmail, you'd better have SPF. SPF is trivial. see the "wizard" at openspf.org. 12- implement DKIM. exceptionally if you deliver to gmail and yahoo. with postfix, look for the dkim milter. 13- fill in the forms at large mail providers (yahoo, ...).