DNS settings to fix emails being marked as spam

Posted

Recently a number of emails sent from one of our domains was getting tagged as spam by the receipent. Here are some things I learnt trying to fix this problem...

Check for DNS Issues

According to Wikipedia, there are a number of anti-spam techniques and in my case, I first checked the three that relate to the Domain Name System (DNS) configuration:

  • The email server must have a DKIM (DomainKeys Identified Mail) TXT record configured, by publishing the sender’s public key in the DNS (v=DKIM1;...), “to detect forged sender addresses in emails (email spoofing). (quoted from Wikipedia)

  • And, a SPF (Sender Policy Framework) TXT record must be configured (v=spf1...) for the “receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain’s administrators” (quoted from Wikipedia).

  • And ideally, the Reverse DNS (rDNS) PTR record should be correctly set up.

In addition, Google Mail (GMail) may also perform additional “domain reputation” verification, as described by Google Postmaster Tools:

To understand more about Google Postmaster Tools, I read this primer by Mailgun, Google Postmaster Tools: Understanding Sender Reputation.

Configuration

Performing DNS changes will depend on your hosting provider. Some examples below:

With CPanel v92, you can verify and fix anyDNS entry issues in the Email Delivery page:

CPanel Email Deliverability Check

Or on older software you can manually enter all this DNS entries if you knew what to enter, e.g. for Plesk:

Plesk DNS Settings

If all else fails, then the hosting provider must make the changes.

Test

To check if there are issues with DKIM, SPF, blacklists, etc., I used Mail Tester, and after fixing the issues, the score went from 4 to 7.8 to 10.

Mail-Tester Score

Check Blacklists

Apart from Google’s method of marking spam, your domain or IP may be on email blacklists too.

For a shared server, being on a blacklist or having a bad / low “IP reputation” with Google could potentially be a result ofother tenants on your server spamming out emails... If this is the case, then there is not much you can do except to move server or provider, or get a dedicated IP address - which may involve getting a Virtual Private Server (VPS) instead of a shared host.

On a final note, one may need to check with the recipient too - if they have a client-side spam (Bayesian) filter that has been “trained” to mark certain mails as spam, then they need to do the opposite and mark as “not spam” until re-trained. For example, a shared server provider might automatically enable SpamAssassin, or users could install a spam filter or proxy on a PC too.

Test

Among its tools, MXToolbox has one called Email health that checks a domain against a huge number of email blacklists.

Conclusion

I hope this helps someone, as we spent days agonizing over this, when the tools above would have helped us identify the issue quickly. We even considering moving hosting providers or subscribing to email services instead!