wiki:MailSetup

Mail setup

Note: this page only lists the high-level mail setup to prevent leaking information to spammers who might benefit from it.

Mail checks

Validity of:

  • HELO/EHLO required
  • Protocol conformity (pipelining, etc)
  • non-RBL listing of sender
  • DNS <-> RDNS
  • Envelope sender accepts bounces (sender callout verification)
  • SPF validation

Mail content:

Note: The URIBL.com blacklist requires specific DnsConfiguration for blacklist lookups

Note: SpamAssassin? also contains the SpamHaus? DBL, but mails containing links listed in the DBL were regularly forwarded regardless (due to insufficient SPAM score). This has been addressed by checking the DBL and blocking DBL listing at the MTA level.

Sender authentication schemes

Mail sent by common-lisp.net should validate:

  • DKIM - all mail sent out through common-lisp.net must be signed by common-lisp.net
  • SPF - all mail sent out through common-lisp.net must not fail SPF validation

SPF validation

Mail forwarded by common-lisp.net due to .forward files, may not be valid under SPF restrictions if the sender domain specifies an SPF policy. common-lisp.net uses SRS to rewrite senders which specify such a polity (which includes Google, Yahoo! and other big mail providers). Sender domains which do not specify a policy will not be rewritten, thereby not elevating the SPF validity to "valid".

Mail accepted by common-lisp.net is checked for SPF validity. Failing mail (but not softfailing mail) will be rejected.

Ideas to be implemented one day

Last modified 8 years ago Last modified on 02/07/15 10:24:57