wiki:email-deliverability

Version 21 (modified by Jamie McClelland, 5 years ago) (diff)

--

Email Deliverability Strategies

The goals of these changes are:

  • Prioritize sending of individual email over sending of bulk email
  • Reduce the number of times we are blocked
  • Reduce the labor/time it takes to recover from being blocked

Using mail.mayfirst.org

Currently we allow people to relay mail via either their primary server or mail.mayfirst.org. We should alert people of a cut-over time and then dis-allow mail relaying via the primary server.

We should also permanently assign at least three IP addresses to our two mail.mayfirst.org servers and all bulk mail servers and provide a simple script for swapping the smtp bind IP address. See also #3237

Reduce impact of forwarded spam

Like most providers, we allow people to forward mail sent to their MF/PL email address to another email account. As a result, spam sent to a user's MF/PL account is also forwarded, which gives the impression that we are spammers.

Although I've been opposed to any form of email censorship, I think we should make an exception in this case and filter out messages that are tagged by Spamassassin as spam and send these messages to /dev/null. We can make this policy clear in the members control panel whenever someone chooses to forward email sent to them. And we should be clear that if they want to be sure to receive all mail sent to them, they must deliver it to an MF/PL user account. See #7556.

Discourage web site mail relaying via primary host

Any server in our network can relay mail via bulk.mayfirst.org, however, many web sites still send email via localhost. We should implement a policy on primary hosts that limit the number of messages our primary hosts will send to 50 per user per hour.

Improved monitoring

Ross' has recently completed a nagios alert to warn us when the mailq for any server goes over 100.

We should add:

  • Monitor for known mail.log strings that indicate blocking (I have a list already): #831
  • Checking for signs that a web site is compromised (not sure how to do this): not assigned a ticket
  • Check for signs on mail.mayfirst.org that a relay mail account has been compromised (e.g. certain number of messages sent per hour): not assigned a ticket
  • Use the check_dnsbl Nagios plugin: #5736

Pursue bulk mailer status and apply for feedback loops for our email list servers with major mail providers

Many providers allow us to apply for bulk mailer status. We should pursue this for assata.mayfirst.org and leslie.mayfirst.org, our two mailing list servers.

See email-deliverability-status for current status of our bulk mail and feedback loop applications.

Followed up in: #6314

Provide tools for release mailq back log

See current process: bulk mail relay.

Thanks to taggart for the idea. We have multiple relay servers and have our bulk mail servers use round robin DNS to randomly pick the relay servers. See: #6662.

We are also rate-limiting outgoing messages when it seems to help.

open deliverability tickets

Open Tickets tagged blocklist or email-deliverability

Ticket Summary Keywords Status Owner Type Priority