Spam filters are great, but often they do too good a job and catch legitimate emails. This is especially true when sending emails from a server using Sendmail or Swiftmailer. At ServerGrove we have become quite good at debugging this problem and we are compiling a list of best practices for sending out emails from your server.

NOTE: We are quite reluctant to release this information and hope it’s used for legitimate purposes.This is not a guide on how to setup mass mailers, it’s simply a best practices document to help make sure that when your server sends out an email it arrives at its destination. Please make sure you comply with the CAN-SPAM guidelines before sending out any emails.

Set up your headers correctly

Setting up accurate and complete headers is one of the most important factors when sending email.Using the PHP Mail function this would be:

$headers .= “Reply-To: name@example.com \r\n”;
$headers .= “Return-Path: name@example.com \r\n”;
$headers .= “From: \”Sender Name\” <name@example.com> \r\n”;
$headers .= “Organization: Sender Organization\r\n”;
$headers .= “MIME-Version: 1.0\r\n”;
$headers .= “Content-type: text/plain; charset=iso-8859-1\r\n”;
$headers .= “Content-Transfer-Encoding: binary”
$headers .= “X-Priority: 3\r\n”;
$headers .= “X-Mailer: PHP”. phpversion() .”\r\n”
?>

The first three headers are fairly self explanatory but it’s very important to get them right. The From: header is the most important, spam filters will check correspondence between from field and real sender so when you get an email from simple@google.com but the sending server is 31337@mailh4x0r.ru, then your message will get flagged.

Setting up the MIME-version is fairly straight forward since there is only one MIME version so far.

Content-type is much more important since it will tell your client how to render the email. Spam filters can be setup to filter out unwanted content-type filters and hose that are set incorrectly. A full list of Content-type MIME fields can be viewed here.

Setup your Sender Policy Framework

Make sure your server is configured correctly by adding the correct SPF (Sender Policy Framework) records in your DNS.

“Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). Mail exchangers use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.” – openspf

You can test if your domain has an SPF setup correctly using Scott Kitterman’s online SPF record testing tools.

If your are using the ServerGrove DNS services in your VPS, there is nothing you need to do. The DNS on our VPS service already comes preconfigured with the correct settings. Otherwise you will need to add an SPF record to your DNS service. I recommend you go to the SPF syntax document and setup your SPF records correctly. Take a look at the openspf FAQ section as well.

Setup your PTR
A PTR record is required for your VPS to be able to send out email. The easiest way to think of a PTR record is as an A record in reverse. It will match a fully qualified IP to a domain. Having a DNS PTR record for your IP address is (somewhat) a sign of reliability in the Internet, since only the owner of a specific network zone has the ability to create and edit these DNS records.You can check if your IP has a PTR record by typing in your terminal:

nslookup -type=ptr 69.195.198.171

The result should be something like:


nslookup -type=ptr 69.195.198.246
Server: 192.168.0.1
Address: 192.168.0.1#53

Non-authoritative answer:
246.198.195.69.in-addr.arpa name = mx-mia-1.servergrove.com.

Our IPs have a predefined PTR record configured by default, if you need a custom PTR record setup, please contact support and we will set one up for you.

If possible, it’s also a good idea to setup the domain to point to the IP. While this is probably already done, it’s always a good idea to check.


nslookup mx-mia-1.servergrove.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Non-authoritative answer:
Name: mx-mia-1.servergrove.com
Address: 69.195.198.246

Configure DKIM in your DNS and code

DKIM is a spam and phishing scam fighting method which works by signing outbound e-mail messages with a cryptographic signature which can be verified by the recipient to determine if the messages originates from an authorized system. A good tutorials on how to install DKIM in sendmail can be found here and here and the OpenDKIM documentation can be found here.

Make sure your IP is not blacklisted

If you misbehave and send out spam your IP will get blacklisted. We will not give you a new one, you need to work with the various spam blacklists to delist your IP. The best way to deal with this is not to get blacklisted in the first place. Getting blacklisted is not that hard, something as simple as sending out emails to a large group of people will blacklist your IP. We highly recommend using a service like Mail Chimp or ConstantContact for mass mailings. You can check if your IP was blacklisted here.

Troubleshooting tips

Port25 offers a really nifty public service — you can send email to check-auth@verifier.port25.com and it will return an email with many of your settings.

Check at Spamhaus to make sure your IP is not blacklisted.