Improving email deliverability using MX, SPF and PTR records

Junk email is a widely acknowledged bain of any email inbox, with current statistics suggesting that spam email is responsible for over 60% of all email traffic. What can be worse however, for both users and valid service operators, is email being misclassified as spam.

The below is a guide to allow email services such as Gmail, Yahoo and Outlook/Hotmail to determine effectively whether email you are sending should be classified as spam or not.

This article should not be considered a guide on how to spam, nor get your spam messages delivered. If your email is for cheap pills, weight loss regimes or dodgy financing schemes, the below is not going to help you. No part of this guide should negate your compliance with local laws (such as CANSPAM).

MX records

In a similar way to how A and CNAME records are used in your DNS to point visitors to your webserver to view your content, MX records exist for the purpose of advertising where your email server(s) are located.

Failing to set these will obviously mean that any email sent to you will not be delivered, but if an MX record does not point to an email server you are sending email from it is highly likely that your email will get marked as spam by mail services.

As such the first step to ensure your mail is delivered is to confirm that where possible and applicable your MX record for your domain points to the server(s) you are sending email from. There are cases where this is not possible. If you make use of a third party email service to handle your emails (such as Gmail or similar) but send confirmation emails (such as for account creation or forgotten passwords) from your web server from the same domain, you would want to have your MX records point to your mail provider’s and not your server.

If your MX record points to the same address as your web server then you can can skip to the section entitled SPF. If not and you do not use an external email service, you need to edit the MX record for your domain to point to the same address as your web server(s) IP(s).

SPF records

The Sender Policy Framework was a system conceived around 2006 to allow system administrators to specify their systems which should be recognised as approved to send emails. Incoming emails for domains which have SPF configured are then checked by email services such as Gmail to confirm if the emails they have received are from permitted sources for the applicable domain. Dependant on the configuration set for the domain, one of various actions would then be completed such as sending the email to a user’s spam box, discarding the email completely or allowing the email to proceed to a user’s inbox.

Microsoft has made an SPF Wizard tool available which can be used to produce the SPF record for your domain. This then needs to be added via your DNS administration system for your domain.

When creating this record it is important to make sure that it does not affect any settings for any external email system you use. It is worth checking the documentation for your email provider to confirm if they provide any advice on their particular implementation. This commonly includes making use of an external SPF record inclusion, which is referred to as “Outsourced domains”.

One additional option of the SPF system is to confirm the presence of a PTR record for the domain, the details of which is shown below.

PTR records

DNS pointer records (abbreviated to PTR) are conceptually considered to be reverse DNS addresses. Whilst most DNS records deal with addressing of a textual domain to a numerical IP address, PTRs work on pointing from a IP address to a text based domain name. This is used by email services for a process called “forward-confirmed reverse DNS” . This is a very commonly used and effective check for anti-spam purposes.

The process works by taking the IP address that the mail service receives an email from and then conducts a PTR lookup (reverse lookup). The text record that is returned is then used to conduct a lookup on the A record (forward lookup). It is expected that the result returned for the A record provides the same IP that the mail serviced received the email from.

DNS Blackhole Lists

DNS blackhole listings are an additional common tool used by email providers to ascertain whether an email is likely to be considered as spam. A DNS Blackhole list (DNSBL) is a list of IP addresses which have been determined in the past to have been involved with spamming activities. The exact criteria for being listed varies from list to list, but most commonly will be due to sending large amounts of spam email, having sent email to a honeypot service or containing know nefarious links in the email content.

In order for your email to be delivered to mail services, you should ensure that your IP address is not listed on these lists. You can check your IP address using public tools. De-listing an IP can be difficult, normally requires a period of time to elapse with no infringement and can require payment/donation. It may be easier to change the IP address that your emails are sent from or consider using an outsourced service.

Image credit: Alexander Baxevanis

Leave a Reply

Your email address will not be published.