How to send emails in 2020
Sending emails is a complicated topic still due to the anti-SPAM war, which lasts for decades already. One can’t simply send emails using the default installation of MTA (Mail Transport Agent).
Well, you can send them, obviously, but your recipient won’t get them as they won’t be accepted by his email service provider (ESP) and delivered to her mailbox. Especially if you mass-mailing.
In this article, I’d like to go through a minimal set of configurations, required to have your emails successfully delivered to their destination. I will use Postfix in Docker image in code examples.
Configure DNS stuff
The primary protection mechanism for anti-spam measurements is to use relevant DNS records. You should create two records at least: for SPF and DKIM technologies.
A typical SPF record would look like
"v=spf1 a mx ?all"which says that you confirm sending emails from the IP address, defined in the domain’s A record as well as in its MX record.
The next part is a little more complicated. Modern ESPs love signed emails. You should sign your email to be treated nicely.
Firstly, you should create a DKIM key for your email domain, let’s say example.com :
opendkim-genkey -b 2048 -r -s mail -d example.comFind the new key in mail.txt file and put it into the TXT record of the example.com domain.
Then enable DKIM by mapping a folder with mail.private file to the postfix container as advised in the docs:
docker run -p 25:25 \
-e MAIL_DOMAIN=example.com \
-e MAIL_HOST=mail.example.com \
-e SMTP_USER=user:pwd \
-v /path/to/domainkeys:/etc/opendkim/domainkeys \
--name postfix -d danilsmirnov/postfixThe third mandatory thing is a reverse DNS record — PTR record. It must match your server HELO/EHLO greeting, which is defined in the code above by MAIL_HOST parameter.
A way to set the PTR record is highly dependent on the server hosting provider, it can be done using a hosting panel or with the provider support. In the case of AWS please refer to this article:
https://aws.amazon.com/premiumsupport/knowledge-center/route-53-reverse-dns/
UPDATE of Feb 2021:
https://aws.amazon.com/about-aws/whats-new/2021/02/amazon-virtual-private-cloud-vpc-customers-customize-reverse-dns-elastic-ips-eip/
After all those are set, emails sent by the server will get SPF and DKIM checks passed (as Gmail shows):
To check the reverse DNS and EHLO, you can use the following service:
https://mxtoolbox.com/diagnostic.aspx
Slow down delivery to Yahoo
Even with all the above carefully configured, there is an ESP that will refuse your mail still. It’s an infamous Yahoo.
Postmasters have suffered from Yahoo email policies for many years. They are still furious in 2020, see recent citations from the postfix-users@postfix.org mailing list to have an idea of the level of rage:
Honestly, it is a source of continuing amazement, bafflement, and
mystified wonder to me that Yahoo continues to survive at all, in any
form. They are not just bad at email, they are bad at EVERYTHING, and
they have leaked essentially all of the personal information of
essentially all of their users, multiple times. And that was even
BEFORE they were bought (gods only know why) by Verizon. (…Well, OK,
by a Verizon subsidiary.)Honestly the best thing to do would have been to just let Yahoo DIE.
It’s long past time.
and one more:
Because Yahoo lies and gives an error claiming user complaints that is entirely made-up and has nothing to do with users.
Really, they are worthless and I made the decision when they had their FIRST massive breech to simply pretend they do not exist (My server will neither send nor receive mail from Yahoo.com) giving an error message explaining why.
So don’t be surprised if you quickly found all your emails sent to Yahoo and their owned domains (like aol.com or verizon.net) will be “deferred” for an indefinite period of time instead of delivery.
You won’t find an exact reason or list of requirements to fulfill in any Yahoo docs except very basic and their points of contact won’t respond, even if you carefully prepare a long list of answers to their questionnaire.
They simply don’t bother, just take it for granted and relax. A solution here is to slow down your mail delivery to Yahoo-related domains to a very low level, which you can then increase gradually.
As per the advice of Postfix creator Wietse Venema in this mail thread, the following configuration would force the mail server to send only a few messages to Yahoo per minute:
postconf -M yahoo/unix="yahoo unix - - n - 1 smtp -o smtp_mx_session_limit=1 -o smtp_mx_address_limit=5"
postconf -e "yahoo_transport_rate_delay = 15s"
postconf -e "yahoo_destination_recipient_limit = 2"
echo 'aim.com yahoo:
aol.com yahoo:
kimo.com yahoo:
rocketmail.com yahoo:
verizon.net yahoo:
yahoo.co.in yahoo:
yahoo.com yahoo:
yahoo.com.hk yahoo:
yahoo.com.tw yahoo:
yahoo.co.uk yahoo:
yahoo.fr yahoo:
ymail.com yahoo:' > /etc/postfix/transport
postmap /etc/postfix/transport
postconf -e "transport_maps = hash:/etc/postfix/transport"Put this config to postfix.sh file and inject it into the container:
docker run -p 25:25 \
-e MAIL_DOMAIN=example.com \
-e MAIL_HOST=mail.example.com \
-e SMTP_USER=user:pwd \
-v /path/to/domainkeys:/etc/opendkim/domainkeys \
-v /path/to/postfix.sh:/configure.sh \
--name postfix -d danilsmirnov/postfixPlay nicely with ESPs
There are also many good ESPs like Gmail who you should cooperate with. There is a recommended way to interact with them — FeedBack Loop (FBL).
In short, you register your mail server with ESP and get users' complaints (when they click the “Spam” button in the ESP UI).
In case of a user is unhappy, you will get the email, which caused the reaction and perform the necessary measurements to resolve the issue.
FBL services are usually per-ESP (e.g. Microsoft), but there are some attempts to aggregate a few of them into one service: https://fbl.returnpath.net/.
A caveat here is that most probably you get those emails with the user email address obfuscated because of privacy reasons.
To identify the user, one can implement a custom tagging of every email to be sent, which effectively makes them personalized.
Monitor your reputation
Some emails might trigger Anti-spam Blacklists, so you should monitor them against your IP address constantly.
I’d recommend this nice tool for the automation of this check:
https://github.com/adionditsak/blacklist-check-unix-linux-utility
And, finally, do not send SPAM, please.
Happy mailing!
