This article contains helpful information to make sure that other servers or network do not mark your email as spam. You do not want to send spam from your server. For more information on how to make sure that you do not send spam, read our How to Prevent Email Abuse documentation.
Use email authentication
DKIM and SPF
DKIM (Domain Keys Identified Email) and SPF (Sender Policy Framework) authentication can help verify that email comes from a trusted sender. DKIM is a validation system that detects email spoofing. It allows your mail server to check whether a domain's administrators authorized email from a domain. The email includes a digital signature that your mail server uses to verify the sender's public key in their DNS record.
SPF uses DNS records to prevent email spoofing. If an email message uses falsified sender addresses, SPF uses the DNS record for the sender's domain to detect the modification in the email's header.
On servers that run CentOS 7, you may see a
named warning about the absence of SPF resource records on DNS.
- This warning is not relevant on CentOS 7 servers, because RFC 7208 deprecated SPF records. CentOS 7 servers use TXT records instead of SPF records.
- Red Hat 7.1 and CentOS 7.1 both contain
bind-9.9.4-23.el7, which is an updated version of BIND that complies with RFC 7208. To resolve this issue, update your operating system to a version that contains the updated version of BIND. For more information, read the Red Hat Bugzilla case about SPF record errors.
For more information, read our Authentication documentation.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technical specification to help reduce the potential for email-based abuse. A DMARC policy uses DNS to confirm that an email message uses a valid DKIM and SPF record, and that the
From: header matches those records.
Many large email networks require that you use a DMARC policy to help protect their users from spam email. To prevent email rejections or spam flags within these networks, your server must use a DMARC policy.
Configure your server's PTR record
A PTR record resolves an IP address to a domain name. A PTR record resembles a reversed A record. Configure the PTR record of the primary IP address of your server to use the hostname of your server. If you have configured Exim to use a different IP address, ensure that the PTR record of that IP address uses the hostname of your server.
A record resemble the following example:
PTR records resemble the following example:
Spam and other networks
If email networks such as Gmail™, Yahoo, or Outlook mark your server's email as spam, you must identify the reason and resolve the problem. If you have recently resolved an issue with spam on your server or you received a new IP address which previously sent spam, you must notify the remote network. Make certain that you review the bulk sender policy of large email networks.
Bulk email best practices
We recommend that you adhere to the following best practices:
- Use the same IP address to send all bulk email.
- Use the same email address in the
From:header of your emails.
- Ensure that your email complies with RFC 5322.
- If your email uses HTML, ensure that it complies with HTML standards.
- Ensure that the contents of your email relate to the subject of your email.