Updated: July 30, 2021
Every day, 22.4 billion spam emails go out over the internet, spam scammers earn an average of $7,000 each, and businesses lose an estimated average of $60 million to spam [1]. Every day.
But are you one of these spammers? Could you unwillingly or unwittingly be contributing to those numbers? Let’s find out!
Here are 7 tactics you can implement today to avoid your mail server becoming a source of spam and to ensure your messages get accepted by most remote servers.
How to Configure Your Email Server to Avoid Becoming a Source of Spam
1. Set up reverse DNS and SPF records for your IP and the domain(s) you’re hosting
They help track the origin of emails and also add credibility to the mail server itself. Some incoming mail servers don’t even consider accepting a message from an IP address that doesn’t identify itself with a PTR record in a reverse DNS zone.
The Axigen best practices for DNS configuration are summarized here.
2. Configure your server to sign the messages with DomainKeys or DKIM
DomainKeys and DKIM provide a method for validating a domain name identity that is associated with a message through cryptographic authentication.
3. Secure SMTP Services for your server
There are 5 settings required on your mail server in order to secure SMTP services. Also, make sure to request authentication for remote deliveries.
4. Limit the maximum rate at which authenticated users can send messages
Aim for values that would not interfere with the normal operation of a human user but would slow down any spamming, in case an account gets compromised.
It’s also useful to limit the maximum number of unique recipients that a user can contact within the given time interval, via the setting from the same context.
Also, as an admin, make use of the field “email address where sent over-quota notification emails will be sent” since this will give you visibility into whose accounts breach this limit.
5. Set up password complexity and expiration policies to force users to use strong passwords and reset their passwords regularly
If you’re using password expiration, please keep in mind that the age of a password is calculated since it was last changed, regardless of whether the password expiration option was enabled or not. Because of this, if you’ve never used this feature and enable password expiration now, most users would be forced to change their passwords immediately.
Also, Two Factor Authentication should be enabled and even mandatory.
6. Try to avoid, as much as possible, any reason for which the accounts could get compromised
If acceptable, you could require all users to connect via SSL connections by adding SSL-enabled listeners and disabling plain listeners. From a functionality point of view, the only plain listener that *must* exist is for the SMTP service on port 25, which should not be used for message submission by authenticated users as recommended in the Securing SMTP Services.
7. Try to avoid any reasons for which your mail server could send too many NDRs (backscatter) to remote users
Do not use the Automatic Migration feature longer than necessary.
By following these guidelines, we guarantee you won’t end up as a source of spam; your emails will reach their intended inboxes and will not be eliminated by spam filters or end up in the Promotions folder.
To avoid your mail server getting spammed, check out this antispam configuration tutorial.
[1] All data from a DataProt.net Spam Statistics Report dated February 11, 2021