Mail delivery done right

A few days ago, my wife complained that her best friend never replied her email. Considering how much time they spend together, chances she decided to ignore them were close to null, so there was probably a problem between the chair and the Maildir.

Because of the ever growing spam, sending a simple I love you to your significant other can be a real pain in the ass, even more since I Love You was the name of biggest worm of the 2000’s. Email providers all apply different rules about incoming messages, rules that sometimes depend on whether you’re using IPv4 or IPv6.

If you have any doubt that your SMTP is blacklisted by Microsoft, give this less than 1 minute check from your relay host.

dagobah ~: telnet mx1.hotmail.com 25
Trying 65.55.33.119...
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 COL004-MC5F22.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.microsoft.com/en-us/anti-spam.mspx. Tue, 25 Nov 2014 09:15:15 -0800
helo hotmail.com
250 COL004-MC5F22.hotmail.com (3.20.0.138) Hello [62.210.113.68]
Mail From: frederic@de-villamil.com
550 SC-001 (COL004-MC5F22) Unfortunately, messages from 62.210.113.68 weren't sent. Please contact your Internet service provider since part of their network is on our block list. You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors.

I had a problem and so had people around me running their mail server at French hosting company Online. With a few exception, Hotmail MXes simply didn’t want to talk with us.

Fixing it is a 10 minutes, 2 step operation.

First, fill in Microsoft form and tell them which IPs you’re going to send your email from. For some odd reasons, the French version of the form is both simpler and shorter than the English one. There’s probably some legal reasons behind this, or maybe Microsoft site is slightly outdated as the French version runs on old msn.com while the English one runs on more recent live.com.

After a short time, you’ll get an email telling you whether or not they accepted your revision request. Once you get it, check if everything is OK.

dagobah ~: telnet mx1.hotmail.com 25
Trying 65.55.37.88...
Connected to mx1.hotmail.com.
Escape character is '^]'.
220 COL004-MC2F41.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.microsoft.com/en-us/anti-spam.mspx. Wed, 26 Nov 2014 11:45:03 -0800
helo hotmail
250 COL004-MC2F41.hotmail.com (3.20.0.138) Hello [62.210.113.68]
Mail From: frederic@de-villamil.com
250 frederic@de-villamil.com....Sender OK
RCPT TO: neuromancien@hotmail.com
550 Requested action not taken: mailbox unavailable

Obviously, they’ve deleted my 1996 Hotmail address, but at least, their MXes accept to talk with me. It’s now time for you to become more respectable, aka setup your SPF record.

Standing for Sender Policy Framework, SPF is a DNS record you need to add to your zones. SPF is an attempt to reduce identity theft in email by establishing a list of valid senders. They say « emails for this domain should be sent from here, here and there, if it’s not the case refuse them / mark them as junk / do nothing ».

Here’s a very simple SPF record to add for your platyp.us domain:

platyp.us.       IN      TXT "v=spf1 mx -all"
platyp.us.       IN      SPF "v=spf1 mx -all"

Here’s what it means.

v=spf1
Use spf v1.
mx
The incoming mail servers (MX) of the domain are authorized to send mails.
-all
Everything else is forbiden.

Note that using SPF type records is now deprecated. Only TXT records should be used.

Now, let’s do something a little more complicated:

  • Include every allowed senders of another domain.
  • Add a specific sender.
  • Add every machine that have a specific reverse (ptr). This one is particularly useful to allow platforms like Mailchimp to send emails on your behalf.
platyp.us.       IN      TXT "v=spf1 mx a:dagobah.fv.gs ptr:servers.mcsv.net include:poney.com -all"

Translated in something humanly readable, you get:

v=spf1
Use spf v1.
mx
The incoming mail servers (MX) of the domain are authorized to send mails.
a:dagobah.fv.gs
The host dagobah.fv.gs is allowed to send emails for your domain
ptr:servers.mcsv.net
Hosts having servers.mcsv.net as a reverse.
include:poney.com
Everything that’s OK for poney.com is also OK for platyp.us.
-all
Everything else is forbiden.

You can also decide to add ipv4 or ipv6 addresses, and even complete subnets using the CIDR annotation.

Also, be careful with include, a or ptr mx for a domain: SPF is only valid if it has also been configured for the domains they point to.

Here you are, you can now send email to your friends at Hotmail. You can also decide that Hotmail was cool 15 years ago but is definitely lame today and find new, tech savvy friends instead.

Perry the Platypus wants you to subscribe now! Even if you don't visit my site on a regular basis, you can get the latest posts delivered to you for free via Email: