Introduction and OverviewEveryone uses email. Some of us use free email services like Gmail, Yahoo, Hotmail etc. Some of us have either a VPS or VM to host our own email server with our own domain. Some of us have shared webhosting plan and use a shared email server, with our own domain.Some of us have a dedicated server, with our own domain.You must have seen emails from free email service providers are not tagged as spam but when our emails are tagged as spam by such service provides.You must have also noticed that your business email i.e email from your domain is getting tagged as SPAM every now and then and your domain/business reputation is at stake.Mail servers use a wide array of anti-spam checks to keep out spam.This includes IP reputation check, message composition, RFC compliant SMTP handshake, mail user feedback, and more. All these checks together produce a spam score that determines whether a mail is a spam or not.Spammers around the world are constantly trying to adapt to anti-spam measures taken by email providers. So it is recommended we have to continually modify server configurations to help reduce spam.As a result, there is no single thing you can do to ensure that all of your outgoing messages are delivered successfully.I have seen that some emails, while legitimate, produce a low spam score because of the poor reputation of the server encoding, IP network, message headers message and many other factors.In this article, I will explain how to prevent your email being tagged as SPAM.Below are some of the important reasons for your email being tagged and solution for the sameIP reputation / Domain reputationAlways check the reputation of IP and/or domain. There are many factore on which IP reputation is calcualted. It can be the content of the messages, bounced messages, messages sent to not-existing email boxes, messages hitting spam traps. Based on the IP reputation scoer mail servers decide where they will deliver the email message.To avoid being blacklisted follow below methods :Check whether your domain is blacklisted by visitinghttp://www.mxtoolbox.com/blacklists.aspx.Enter your domain name or IP address to check the blacklists.It will check the domain name or IP against most popular blacklist databases for reputation check.Other sites : SenderBase.Prevent IP blacklisting :Implement a web application firewall to prevent website infection and malware upload. It will stop spam scripts from reaching the server through vulnerable websites.Setup malware scanning that’s triggered every time a new file is uploaded. This will remove spam scripts uploaded through FTP and cPanel.Allow only Exim and Mailman to send outgoing emails, to prevent spam scripts from sending spam.Limit the emails sent per hour per user, so that if an email account is hijacked by a spammer, only a limited amount of spam will leave the serverThis will avoiding IP blacklist traps.Reverse DNS record – PTR recordThe reverse lookup is a simple verification check which can help your email server quickly differentiate between valid email senders and potentiallycompromised machines hijacked for the purpose of sending spam.The mail servers must use a reverse DNS (Domain Name System).PTR records are used for the reverse DNS lookup. An A record should exist for every PTR record.Check whether the PTR record is setup by entering your server IP in the reverse lookup tool :http://mxtoolbox.com/ReverseLookup.aspxAnti-spam filtersApache SpamAssassin is a very popular open source email filter that examines incoming email and tests for spam characteristics. It uses Bayesian spam filtering and network tests to screen incoming email. The scores can be positive or negative. The higher the positive score is in your email, the higher the probability that the message is spam. This results in an overall score that Apache SpamAssassin uses to determine whether it should discard a message.You can enable SpamAssassin on your cPanel server by following the below stepsHome >> Email >> Apache SpamAssassin >> Enable Apache SpamAssassinPrevent malware infectionMost of the major mail service providers keep historical records of IP reputation. It is important to keep your server out of IP blacklists.Dedicated IPMass mailing and mail bounces can casue email services provdier being considered as spammer. That is why we should provide bulk mailers a dedicated IP.Your own email serverThe first one is to get your own cloud server where you will have your own IP for sending emails. On shared hosting servers all mails go out from one IP address. It is very likely for the IP to have lower reputation or to get blacklisted in an RBL. The cheapest way is to get a business email hosting service with a dedicated IP. With such a service you will still have your emails sent from your dedicated IP and others users will not be able to affect your inbox delivery.SPF, TXT, DKIM, DMARC DNS recordsWe must have a practice to authenticate emails with SPF, DKIM, and DMARCThe following methods authenticate your email and prove to the inbox providers that your email is worthy of the inbox and not the spam folder:Sender Policy Framework (SPF) – ensures you are who you say you are by comparing the sender’s IP (found in the domain’s DNS record) with a list of IPs authorized to send from that domain.Domain Keys Identified Mail (DKIM) – meeting this standard ensures that the email was not tampered with during transmission.Domain-Based Message Authentication Reporting and Conformance (DMARC) – leveraging the power of both SPF and DKIM, DMARC requires both to pass in order to send and deliver email.SPF And DKIMSender Policy Framework (SPF) is a DNS text entry which shows a list of servers that are allowed to send mail for a specific domain.It is used as an email authentication method that allows emails to be sent only from an authorized source.DomainKeys Identified Mail (DKIM) is also an email authentication method to verify that the emails are trustworthy. It ensures that the email contents weren’t changed from the moment it left the initial mail server.Make sure that your email authentication is enabled.The email authentication is a verification method used to stop spam coming from your email address even if you are not sending any. If your emails are not authenticated properly spammers can easily spoof emails coming from your domain. This causes your domain to get blacklisted even though you are not sending mails.The email authentication can be enabled on your cPanel by following the below steps.cPanel Home >> Email >> AuthenticationStop spam mailsEnable DKIM and SPF by clicking on enable button. Your emails will be authenticated after enabling both DKIM and SPF records.Stop spam mailsIf you donot have cpanel and have configured your email srever from scratch use below methods to add spf, txt and dkim records in your DNS.A very basic SPF record looks like the following:example.com TXT v=spf1 a ~allA typical DKIM record looks like the following:selector1._domainkey.example.com TXT k=rsa;p=J8eTBu224i086iKA very basic DMARC record looks like the following:_dmarc.example.com TXT v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:firstname.lastname@example.orgDo not in violate CAN-SPAM Act of 2003Check the official website here https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003.You can verify your emails are following the rules as instructed and earn good grades.Content Of Your EmailsThere are billion active user accounts worldwide, so always check the content of your emails.The words and phrases are usually in the subject line or body of the email and can trigger the spam filtering system.Below are 15 common spam phrases to avoid:1) Cell phone cancer scam2) Message contains disclaimer3) Take action now4) Multi-level marketingIf you have tried all the steps and still your business emails are going to recipient’s spam box, you may need to consider a paid Linux consultant or email service or a large email host for sending business mails. The paid email services offer auto responses which can be set up based on other actions taken by users.Subscribe and follow Golibrary on Facebookand Linkedinto get all the updates.
Prayag Sangode ***Linux, Cloud & Devops Architect & Technical Content Writer***
I am a Linux Enthusiast and Supporter/Promoter of Open Source Technology with over 12+ years of experience in Linux, Cloud and Devops.
I am A Technical Content writer for various sites like :