I’ve decided to go full-in with my own mail server. The #ProtonMail bridge over SSH+VPN tunnel is no substitute for a proper mail server - plus it’s awfully slow when used as a full IMAP server and it breaks the IMAP implementation in a lot of ways.
I’ve created my new domain, gone through the configuration of DKIM/DMARC/SPF like a good postmaster, just to get immediately blacklisted by @spamhaus on my first outbound email.
I’ve been through this before, but in my previous experiences a blacklist removal ticket would be either resolved automatically or within a couple of hours at most.
In this case, nearly 24h and three tickets later and nothing is moving. Not even some directions on how to get removed or an ETA. The mailboxes have already been all migrated with forwarding configured on the old addresses, but outbound email is still broken because being blacklisted by a single company means being unable to communicate with nearly any mail servers out there.
Does anyone have any tips on how a #Spamhaus blacklist removal process can be sped up?
You really just got to send more e-mail and then ask your friends to mark it as "not-spam" .. #spamhaus is probably the least you have to worry about. I run my own e-mail server as well:
@djsumdog yup, indeed mail-tester.com gives a 10/10 to my new mail domain (it’s not the first time I set up one), but only a couple of hours ago @spamhaus removed it from their blacklist.
And I still get quarantine reports from noreply-dmarc-support@google.com when I send emails to GMail addresses informing me that the email has been quarantined (although the report clearly states that all the checks are green).
I’m trying to imagine how the WWW would like if in order to run my own website I first needed the approval of an external company whose blacklist is used by 90% of the browsers out there, if by default every new website is blacklisted, if removal from that blacklist involved opening a ticket to that company, and if even after removal arbitrary major browser producers out there would still arbitrarily refuse to connect to your website (using very opaque acceptance criteria).
I understand that the potential for spam/scam is higher with email than with HTTP, but if my domain checks all the boxes (SPF/DMARC/DKIM/RDNS/TLS) then a “you can send email to everyone, and if something is wrong for too long we blacklist you” policy should apply.
@fabio
I run my own email server as well, and I've done so for more than 10 years.
Spamhaus has not been the biggest of my pains, that slot belonged to #Microsoft (particularly #hotmail) and #Yahoo, and it took years for them to finally accept our emails without complains.
I believe some of the problem was because I hadn't implemented DMARC fully, I made 2 big mistakes, I think:
Choosing 'quarantine' instead of 'reject' in my DMARC directive. I did this because I wanted to monitor before turning more strict (and then forgot). I should have gone with a more restrictive directive from day 0.
Choosing not to send daily DMARC reports to other domains/servers, because I thought these messages were going to increase my traffic with spam servers, so it could be counter productive. I believe it worked the other way, having not done so actually costed some reputation to my server, so if I did it again, I would be shooting DMARC reports from day 0 as well.
Note that making these 2 mistakes won't prevent you from getting 10/10 score for the email tests, however your emails won't reach to the usual suspects.
As your server is considered 'matured' by Microsoft and Yahoo, you may consider using an alternative external email service such as AWS SES. It is extremely cheap and reliable.
Add comment