mizzio wrote:
> hello everybody,
>
> I apologize to ask an off-topic question, and feel free to point me to
> any other resources on the net.
>
> I'm setting up an SMTP server (centos + qmail) on a dell quad core
> machine for sending out a periodic newsletter (10 millions a month).
>
> In order to avoid any possible blacklisting problem, I'm looking for all
> the best practices. Right now I've set up:
>
> - Dedicated public IP address
> - Dedicated domain and MX record with correct reverse resolution.
>
> I'm looking into in SPF but I have no experience on this.
>   

1- do not subscribe an address unless it is verified: you must send a
message to the address, and the owner must reply. the confirmation
message must contain something unique so that nobody can guess and send
a forged reply. The thing is that: you must _guarantee_ that the _owner_
of the mailbox wants to get your mail.

2- you must remove addresses that bounce (after some number of bounces
for instance).

3- you should re-ask for confirmation after some time (people do quit
jobs and get replaced). once a year should be a minimum.

4- users must be able to unsubscribe via mail _and_ via the web,
whatever they prefer (the reason is that if an address is no more used
as "sender", the user will find it hard to unsubscribe via email).

5- the web unsubscription form should not result in an error. This may
happen, but if it happens too often, it is a sign of a fake form. same
goes for unsubscription by email.

6- accept all valid email addresses. For example, '+' is a valid
character in the local-part (actually, almost all characters are valid
if escaped).

7- accept mail to postmaster and abuse. and accept mail from the null
sender address.

8- use a valid address in the From and Reply-To headers. don't use
[EMAIL PROTECTED]

9- send valid mail. This includes correctly encoded headers (all headers
are ascii. no accented letters unless encoded according to the MIME
specification).

10- the machine that sends mail should have a meangful reverse DNS, and
it must "match" (IP -> name -> ip should return the original IP). the
helo name should match this IP (helo -> ip should yield the IP of the
machine). Ideally, use the same domain for: sender, reverse dns and
helo. This will help you get a "reputation". at gmail, this is enough to
get you a "best-guess SPF".

11- implement SPF (only allow very few addresses). while I don't care
for SPF for general use, I think it is good in the case of mass mailers.
otherwise, "miscreants" may nuke your reputation. and if you send mail
to hotmail, you'd better have SPF. SPF is trivial. see the "wizard" at
openspf.org.

12- implement DKIM. exceptionally if you deliver to gmail and yahoo.
with postfix, look for the dkim milter.

13- fill in the forms at large mail providers (yahoo, ...).



Reply via email to