Blog | Technical
Recently I`ve started digging into mail server settings and the need for tighter security.
Some of the findings are startling ! I have found that not having the settings described below can cause issues with sending and receiving email.
As of February 2024 Google are going to make a major change to email deliverability.
Google Email sender guidelines .
This may impact your mail delivery if it is not tweaked to take account of SPF, DMARC and DKIM settings (fairly easy to update)
In recent years the large companies that deal with sending and receiving email have tightened the way that users can send email through their systems. We all know how much spam and phishing that goes on.
My findings below give some items that need to be looked at to ensure a free flow of email from and to your mail server. As my information above, about email deliverability updates, by February 2024 continuing investigations show that there seems to be very few mail servers setup with these new additionals options.
In our opinion, it is extremely important that companies pay attention and use these minor tweaks to close up any loopholes while sending email through your server (or even when sending via google mail !!)
I use MXtoolbox.com to test out DNS and IP settings for websites and Mail server.
Should you find that you find the settings like this when checking your domains, it means you will often get issues sending and receiving email:
-- SMTP Open Relay, May be an open relay.
-- DMARC Policy Not Enabled, DMARC Quarantine/Reject policy not enabled
-- Status Ok SMTP Reverse DNS Mismatch, OK - 126.96.36.199 resolves to mail--server.anycompany.com
-- Status Ok SMTP Valid Hostname, OK - Reverse DNS is a valid Hostname
Email Providers like Yahoo, AOL, BT, Google will block or delay messages that do not have DMARC Quarantinme enable, have an incorrect Reverse DNS name and most certainly can cause issues if it happens to be an Open Relay.
Open relayAn open relay is an Simple Mail Transfer Protocol (SMTP) email server that allows anyone on the Internet to send messages through it while hiding or obscuring the source of the messages being sent. THIS IS A SERIOUS SHORTCOMING on a mail server setup and could lead to serious repurcussions in mail deliverability.
During diagnostics we attempt to simulate sending a message to a fake email address; email@example.com. We do this to try to detect if your server is an open relay, which means that it accepts mail to domains for which it is not responsible and then passes it along to the proper server. Your server responded with a 200 accepted code to our RCPT TO command. This doies not mean you have are operating an open relay, only that you may be an open relay but it might give scammers an inroad.
Information taken from MXtoolbox.com , refer to their site for further information.
SMTPReverse DNS MismatchSome receiving mail servers may use this as an indication of a possible spam source in a scoring system. Most will not reject incoming mail solely on this basis. We recommend that you contact your ISP and ask them to setup a reverse record (PTR) that matches the hostname of your mail server.
DMARC email policyDMARC is a key component of a brand`s email security and deliverability strategy as it enables: Visibility - Monitor emails sent using your domain to ensure they are properly authenticated using SPF and/or DKIM. Brand Protection - Block spoofed messages that might damage your brand`s reputation with customers.
DMARC should be easy to setup. The image below shows the Domain Admin system Virtualmin with the parameters that need to be setup. Other providers may have a slightly different format but setting these parameters helps with major Mail Server providers.
DMARC helps if you often mail to email monopolies (gmail/outlook). they pay attention to that. some other big players too. not all email providers utilise this function, but in general it’s another helpful measure if you’re counting on email deliverability. IMO ensuring these being set ensures you tick all the boxes, I`ve seen emails being bounced because verification and security isn`t tight enough.
Check out how to verify by following the video - all green is good.
If you don`t have a payment card reader, then still take payments. Check out our new way to pay on the link below :