The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.
How to tell the internet than an IP is safe.
Hi Experts.
I am doing work for a manufacturer. They have email that is hosted by the ISP, so it is not in house.
I have a legacy system (AS400/iseries) that is in-house that I am sending emails out to vendors for Purchase orders. The system creates PDF's then creates the email and sends out. So it does not go thru the regular email system.
So, we have had some emails not get delivered and some bounce back. I have gone thru the option to tell Office 365 to whitelist the ip address we are sending from.
The question is, Can we tell the world that our IP is safe via DNS in some way? Otherwise, we are going to have to send emails to companies that we get kickbacks from and request that they white list us. Issue is small now, but I am getting ready to add customer service to emailing invoices, etc too and it is only going to get bigger.
I am doing work for a manufacturer. They have email that is hosted by the ISP, so it is not in house.
I have a legacy system (AS400/iseries) that is in-house that I am sending emails out to vendors for Purchase orders. The system creates PDF's then creates the email and sends out. So it does not go thru the regular email system.
So, we have had some emails not get delivered and some bounce back. I have gone thru the option to tell Office 365 to whitelist the ip address we are sending from.
The question is, Can we tell the world that our IP is safe via DNS in some way? Otherwise, we are going to have to send emails to companies that we get kickbacks from and request that they white list us. Issue is small now, but I am getting ready to add customer service to emailing invoices, etc too and it is only going to get bigger.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
You can use HTTPS for your site. It is secure version of HTTP.
Read more details about this from Wiki-
https://en.wikipedia.org/wiki/HTTPS
Read more details about this from Wiki-
https://en.wikipedia.org/wiki/HTTPS
Some mail systems do a lookup on the IP address and see if it is associated with a DNS MX record associated with the domain. Some use SPF, as noted above. In both cases, they want to see that the IP address that is establishing an SMTP connection has something in DNS that they can use to verify that the IP is associated with the domain found in FROM addresses.
Best practice is to just forward all mail through the same mail server(s). The rest of the business forwards mail through the ISP, so, if possible, it would be best to just configure the iSeries to just do the same thing. Is there an in-house mail server (Exchange, for example), or does each user actually have a mailbox with the ISP?
(Mail isn't delivered over HTTPS, so HTTPS has nothing to do with this conversation.)
Best practice is to just forward all mail through the same mail server(s). The rest of the business forwards mail through the ISP, so, if possible, it would be best to just configure the iSeries to just do the same thing. Is there an in-house mail server (Exchange, for example), or does each user actually have a mailbox with the ISP?
(Mail isn't delivered over HTTPS, so HTTPS has nothing to do with this conversation.)
A few things you can do:
1. Many "blacklists" of untrustworthy IP addresses exist. Some mail systems consult these, and refuse to accept email for them, or regard it with suspicion. You can check if you IP is on a heap of more common blacklists here: https://mxtoolbox.com/blacklists.aspx
2. Most companies have an SPF record in DNS. This tells mail servers what IP email should be expected to come from for a particular domain. If an SPF record is absent, many mail servers will regard that as suspicious, if it is there, but does not include the IP, it will be considered even more dodgy. Make sure you have an SPF in place, and it includes the IP that the AS400 sends on. More on SFP records here: https://en.wikipedia.org/wiki/Sender_Policy_Framework
3. You might consider DKIM, which adds some authentication data to outgoing emails, however that would need to be supported by the mail program on the AS400, which might be difficult. More here: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
4. There are a few free services that will check email and give you an opinion about how "spammy" they may be. You just send a sample, and it is examined. This one is pretty good: https://www.mail-tester.com/
So, to summarise: Checking blacklists is essential, if you are on any email WILL be blocked. No SPF record will mean ALL email sent from our domain will be treated as suspicious, a mismatch for the AS400 IP will cause blocking. Realistically, in 2017 a correct SPF is essential. DKIM would be nice, but you can probably manage without it. Throwing an email at a an online spam checker should tell you anything else that might be problematic. If the online spam checker includes stuff that you don't understand, post the results back here, and someone will probably be able to help you.
1. Many "blacklists" of untrustworthy IP addresses exist. Some mail systems consult these, and refuse to accept email for them, or regard it with suspicion. You can check if you IP is on a heap of more common blacklists here: https://mxtoolbox.com/blacklists.aspx
2. Most companies have an SPF record in DNS. This tells mail servers what IP email should be expected to come from for a particular domain. If an SPF record is absent, many mail servers will regard that as suspicious, if it is there, but does not include the IP, it will be considered even more dodgy. Make sure you have an SPF in place, and it includes the IP that the AS400 sends on. More on SFP records here: https://en.wikipedia.org/wiki/Sender_Policy_Framework
3. You might consider DKIM, which adds some authentication data to outgoing emails, however that would need to be supported by the mail program on the AS400, which might be difficult. More here: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
4. There are a few free services that will check email and give you an opinion about how "spammy" they may be. You just send a sample, and it is examined. This one is pretty good: https://www.mail-tester.com/
So, to summarise: Checking blacklists is essential, if you are on any email WILL be blocked. No SPF record will mean ALL email sent from our domain will be treated as suspicious, a mismatch for the AS400 IP will cause blocking. Realistically, in 2017 a correct SPF is essential. DKIM would be nice, but you can probably manage without it. Throwing an email at a an online spam checker should tell you anything else that might be problematic. If the online spam checker includes stuff that you don't understand, post the results back here, and someone will probably be able to help you.
As Dmitri, said, this is handled by correctly setting up an SPF record for your domain.
This record indicates which IPs are valid to be sending email on your behalf.
For example...
Says all mailgun.org IPs are legal to send email for my personal domain.
Never imagine you'd correctly setup your SPF records. Always verify them with a tool.
https://dmarcian.com/spf-s
This record indicates which IPs are valid to be sending email on your behalf.
For example...
lxd: net11-the-sacred-plant # dig +short mailgun.davidfavor.com txt
"v=spf1 include:mailgun.org ~all"
Says all mailgun.org IPs are legal to send email for my personal domain.
Never imagine you'd correctly setup your SPF records. Always verify them with a tool.
https://dmarcian.com/spf-s
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Be sure to user the DMarician tool to verify your SPF records.
I've been setting up mail systems since the mid 1990s + I still check every step of my work, as producing high deliverability email requires many steps + each must be 100% correct, or all subsequent steps make no difference.
I've been setting up mail systems since the mid 1990s + I still check every step of my work, as producing high deliverability email requires many steps + each must be 100% correct, or all subsequent steps make no difference.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
https://en.wikipedia.org/wiki/Sender_Policy_Framework