Is it becoming impossible to be a small mail provider

dkimemailemail-serverspamspf

I operate a small mail server for my private emails, some friends who have websites and two NGOs. In total my server sends between 60 and 400 messages a day. Now a lot of these emails are personal mails, between two or more people who know each other. Occasionally (usually once or twice a week) there will be a mailing that goes out to "members" of one NGO, informing them what's new etc.

Now I have already moved off the "mass mailings" (about 100 recipients, all personally known and manually subscribed through a paper form) to mailgun.org.

I still get (and increasingly so), rejected messages. Especially big email providers like Gmail, Yahoo or Microsoft (hotmail, live.com, …) just decide to reject with a 550 or send personal messages to the Spam folder of the recipients. Sometimes this happens:

  • gmail user sends email to user on my system
  • user on my system replies
  • the reply is being rejected or sent to spam

Things I have done:

  • set up DKIM (per-domain signing of all outgoing email)
  • set up SPF, domains usually have ~all, some -all
  • I have a correct PTR for my mail server IP
  • obviously no open relay, users can only send from their own email address after authentication
  • I have DMARC policies for most of the domains
  • I rate limit outgoing messages, for some mail servers down to 1 per minute
  • mail test services report "perfect" scores (all pass) for all of the above
  • I regularily check my IP for blacklisting using http://www.dnsbl.info – it's always all green

Now the paradox comes here: for most of the big mail providers, there is a way to register to monitor rejection rates and IP reputation:

but I do not classify as bulk sender, because of the low volume. So I did register to monitor my reputation and rejection rates, but because I do not send bulk email, there are no reports.

Is there anything else I can do to improve mail delivery rates? Or should I give in and stop trying to operate my own mail server?

In case it is relevant: I use postfix and have very strict rules about incoming mail (i.e. no unknown domains/host names or invalid SPF records, I use spamassassin etc.)

Update

Here is an example, sent from me to my in-laws and it arrived in their SPAM folder: http://pastebin.com/BC6YgjpQ (I replaced the sending address domain with example.com and the receivers address with example@gmail.com)

Since the question came up: Connections to Gmail are Untrusted TLS connection established to gmail-smtp-in.l.google.com[2a00:1450:400c:c0b::1b]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits) encrypted.

Best Answer

There should be no issues becoming a small mail provider. You seem to be doing the right things. Many large providers don't get things right, and hopefully get most of their mail delivered.

If mail is being sent to the SPAM folder, it is likely you have missed something. There should be a record of why you have delivery issues:

  • For bounced messages read the response. It should specify why the mail was bounced. If you can, make sure bounce messages are logged.
  • For messages that are sent to the Spam folder, examine the message headers on the delivered message. This should (will for GMail or Yahoo) contain details of at some of the checks that were done. This help you determine what the issue is.

A few things you did not specify although some should be caught by the validation report:

  • rDNS validation of your mail servers address succeeds. (Your PTR record should return only one address.)
  • Your server used the name on the PTR record in its EHLO or HELO message.
  • Setup an SPF record for your mail server's domain ("v=spf1 a -all").
  • You have registered with dnswl.org.
  • You have had the DKIM public key(s) published in the correct location. You can use the same key for multiple domains. It may help to have other organizations use CNAME records to DNS records you control.
  • You have used a large DKIM key 1024 or larger.
  • Process outgoing mail through a spam filter (at least log issues).

If you have DMARC you can configure delivery status reports and bounce reports. This will allow you to receive delivery reports. I receive reports from Google, Microsoft and Yahoo. Please note disposition "none" indicates the mail was delivered.

Related Topic