You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by mizzio <mi...@sinapto.net> on 2007/09/19 12:07:01 UTC
OT - massive newsletter
hello everybody,
I apologize to ask an off-topic question, and feel free to point me to
any other resources on the net.
I'm setting up an SMTP server (centos + qmail) on a dell quad core
machine for sending out a periodic newsletter (10 millions a month).
In order to avoid any possible blacklisting problem, I'm looking for all
the best practices. Right now I've set up:
- Dedicated public IP address
- Dedicated domain and MX record with correct reverse resolution.
I'm looking into in SPF but I have no experience on this.
Any help is greatly appreciated.
Thank you.
Maurizio
Re: OT - massive newsletter
Posted by mizzio <mi...@sinapto.net>.
thank you for the "good luck" :-)
mizzio
On mer, 2007-09-19 at 12:32 +0200, Paolo Cravero wrote:
> mizzio wrote:
>
> > I'm setting up an SMTP server (centos + qmail) on a dell quad core
> > machine for sending out a periodic newsletter (10 millions a month).
> >
> > In order to avoid any possible blacklisting problem, I'm looking for all
> > the best practices. Right now I've set up:
>
> You need EXPLICIT authorization (opt-in) of all recipients and be able to
> prove it. This is required by EU (and thus your/my country law) and the best
> insurance not to end up in blacklists.
>
> Good luck,
> Paolo
>
>
Re: OT - massive newsletter
Posted by Paolo Cravero <pc...@as2594.net>.
mizzio wrote:
> I'm setting up an SMTP server (centos + qmail) on a dell quad core
> machine for sending out a periodic newsletter (10 millions a month).
>
> In order to avoid any possible blacklisting problem, I'm looking for all
> the best practices. Right now I've set up:
You need EXPLICIT authorization (opt-in) of all recipients and be able to
prove it. This is required by EU (and thus your/my country law) and the best
insurance not to end up in blacklists.
Good luck,
Paolo
Re: OT - massive newsletter
Posted by mizzio <mi...@sinapto.net>.
thanks again, very good and complete list of best practices !
cheers,
maurizio
On dom, 2007-09-23 at 22:53 +0200, mouss wrote:
> think it is good in the case of mass mailers.
> otherwise, "miscreants" may nuke your reputation. and if you send mail
> to hotmail, you'd better have S
Re: OT - massive newsletter
Posted by mouss <mo...@netoyen.net>.
mizzio wrote:
> hello everybody,
>
> I apologize to ask an off-topic question, and feel free to point me to
> any other resources on the net.
>
> I'm setting up an SMTP server (centos + qmail) on a dell quad core
> machine for sending out a periodic newsletter (10 millions a month).
>
> In order to avoid any possible blacklisting problem, I'm looking for all
> the best practices. Right now I've set up:
>
> - Dedicated public IP address
> - Dedicated domain and MX record with correct reverse resolution.
>
> I'm looking into in SPF but I have no experience on this.
>
1- do not subscribe an address unless it is verified: you must send a
message to the address, and the owner must reply. the confirmation
message must contain something unique so that nobody can guess and send
a forged reply. The thing is that: you must _guarantee_ that the _owner_
of the mailbox wants to get your mail.
2- you must remove addresses that bounce (after some number of bounces
for instance).
3- you should re-ask for confirmation after some time (people do quit
jobs and get replaced). once a year should be a minimum.
4- users must be able to unsubscribe via mail _and_ via the web,
whatever they prefer (the reason is that if an address is no more used
as "sender", the user will find it hard to unsubscribe via email).
5- the web unsubscription form should not result in an error. This may
happen, but if it happens too often, it is a sign of a fake form. same
goes for unsubscription by email.
6- accept all valid email addresses. For example, '+' is a valid
character in the local-part (actually, almost all characters are valid
if escaped).
7- accept mail to postmaster and abuse. and accept mail from the null
sender address.
8- use a valid address in the From and Reply-To headers. don't use
noreply@.
9- send valid mail. This includes correctly encoded headers (all headers
are ascii. no accented letters unless encoded according to the MIME
specification).
10- the machine that sends mail should have a meangful reverse DNS, and
it must "match" (IP -> name -> ip should return the original IP). the
helo name should match this IP (helo -> ip should yield the IP of the
machine). Ideally, use the same domain for: sender, reverse dns and
helo. This will help you get a "reputation". at gmail, this is enough to
get you a "best-guess SPF".
11- implement SPF (only allow very few addresses). while I don't care
for SPF for general use, I think it is good in the case of mass mailers.
otherwise, "miscreants" may nuke your reputation. and if you send mail
to hotmail, you'd better have SPF. SPF is trivial. see the "wizard" at
openspf.org.
12- implement DKIM. exceptionally if you deliver to gmail and yahoo.
with postfix, look for the dkim milter.
13- fill in the forms at large mail providers (yahoo, ...).
Re: OT - massive newsletter
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* mizzio <mi...@sinapto.net>:
> hello everybody,
>
> I apologize to ask an off-topic question, and feel free to point me to
> any other resources on the net.
>
> I'm setting up an SMTP server (centos + qmail) on a dell quad core
> machine for sending out a periodic newsletter (10 millions a month).
Rather use Postfix for that. Postfix can re-use existing connections
(thus decreasing the concurrency of SMTP sessions) and will sort the
recipient lists by MX host.
Also, it has several workaround that enable you to send mail to system
behind CISCO PIX firewalls.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to plonk@charite.de
Re: OT - massive newsletter
Posted by mizzio <mi...@sinapto.net>.
Thank you (very good reading).
Would you suggest postfix then ?
Thanks
Maurizio
On mer, 2007-09-19 at 12:30 +0200, Matus UHLAR - fantomas wrote:
> On 19.09.07 12:07, mizzio wrote:
> > hello everybody,
> >
> > I apologize to ask an off-topic question, and feel free to point me to
> > any other resources on the net.
> >
> > I'm setting up an SMTP server (centos + qmail) on a dell quad core
> > machine for sending out a periodic newsletter (10 millions a month).
> >
> > In order to avoid any possible blacklisting problem, I'm looking for all
> > the best practices. Right now I've set up:
> >
> > - Dedicated public IP address
> > - Dedicated domain and MX record with correct reverse resolution.
> >
> > I'm looking into in SPF but I have no experience on this.
>
> SPF won't help you in not getting blacklisted. SPF can only preserve your
> domain from being forged by other servers. (well, not much server uses this
> check yet, but it's at least detectable)
>
> > Any help is greatly appreciated.
>
> use opt-in subscribing with good verification (so noone can fake
> subscribe confirmation), give users way of easy unsibscribing...
>
> send mail in batches and avoid qmail if possible (qmail unbundles batches
> and sends each mail separately)
>
> btw did you read http://wiki.apache.org/spamassassin/AvoidingFpsForSenders ?
Re: OT - massive newsletter
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 19.09.07 12:07, mizzio wrote:
> hello everybody,
>
> I apologize to ask an off-topic question, and feel free to point me to
> any other resources on the net.
>
> I'm setting up an SMTP server (centos + qmail) on a dell quad core
> machine for sending out a periodic newsletter (10 millions a month).
>
> In order to avoid any possible blacklisting problem, I'm looking for all
> the best practices. Right now I've set up:
>
> - Dedicated public IP address
> - Dedicated domain and MX record with correct reverse resolution.
>
> I'm looking into in SPF but I have no experience on this.
SPF won't help you in not getting blacklisted. SPF can only preserve your
domain from being forged by other servers. (well, not much server uses this
check yet, but it's at least detectable)
> Any help is greatly appreciated.
use opt-in subscribing with good verification (so noone can fake
subscribe confirmation), give users way of easy unsibscribing...
send mail in batches and avoid qmail if possible (qmail unbundles batches
and sends each mail separately)
btw did you read http://wiki.apache.org/spamassassin/AvoidingFpsForSenders ?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.
RE: OT - massive newsletter
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Wednesday, September 19, 2007 12:16 PM +0100 "Randal, Phil"
<pr...@herefordshire.gov.uk> wrote:
> If you don't want to annoy a lot of people your spamming (oops,
> newsletter sending) software needs to deal with NDRs back from
> recipient's domains and either put their subscription on hold after a
> small number of failures or automatically cancel them.
Mailman seems to have such a bounce mechanism.
Re: OT - massive newsletter
Posted by mouss <mo...@netoyen.net>.
Kris Deugau wrote:
> Ralf Hildebrandt wrote:
>> * Randal, Phil <pr...@herefordshire.gov.uk>:
>>> If you don't want to annoy a lot of people your spamming (oops,
>>> newsletter sending) software needs to deal with NDRs back from
>>> recipient's domains and either put their subscription on hold after a
>>> small number of failures or automatically cancel them.
>>>
>>> There's nothing worse than mailing lists which keep sending to
>>> non-existent recipients.
>>
>> amen to that!
>
> Thirded. There's a "newsletter" that some of my spamfilter customers
> want to get, and others want blacklisted, that doesn't *accept* mail
> from the SMTP null sender. Period. I may start bouncing the
> postmaster notices *I* get to deal with to their postmaster@ along
> with a complaint about their RFC-violating behaviour.
>
with postfix, you can use check_recipient_access with
smtpd_restriction_classes to implement per recipient access controls.
This may allow you to accept the newsletter (client ip and/or sender)
only for those customers who want it.
...
> I'd drop them in a deep dark hole (/dev/null feels about right) if
> there weren't customers that actually *want* to receive their glop. :/
RE: OT - massive newsletter
Posted by "Randal, Phil" <pr...@herefordshire.gov.uk>.
Kris Deugau wrote:
> Ralf Hildebrandt wrote:
>> * Randal, Phil <pr...@herefordshire.gov.uk>:
>>> If you don't want to annoy a lot of people your spamming (oops,
>>> newsletter sending) software needs to deal with NDRs back from
>>> recipient's domains and either put their subscription on hold after
>>> a small number of failures or automatically cancel them.
>>>
>>> There's nothing worse than mailing lists which keep sending to
>>> non-existent recipients.
>>
>> amen to that!
>
> Thirded. There's a "newsletter" that some of my spamfilter customers
> want to get, and others want blacklisted, that doesn't *accept* mail
> from the SMTP null sender. Period. I may start bouncing the
> postmaster notices *I* get to deal with to their postmaster@ along
> with
> a complaint
> about their RFC-violating behaviour.
>
> I'd drop them in a deep dark hole (/dev/null feels about
> right) if there
> weren't customers that actually *want* to receive their glop. :/
>
> -kgd
There are a number of high-profile sites which are very badly behaved in
this respect.
Friends Reunited being one of them.
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
Re: OT - massive newsletter
Posted by Kris Deugau <kd...@vianet.ca>.
Ralf Hildebrandt wrote:
> * Randal, Phil <pr...@herefordshire.gov.uk>:
>> If you don't want to annoy a lot of people your spamming (oops,
>> newsletter sending) software needs to deal with NDRs back from
>> recipient's domains and either put their subscription on hold after a
>> small number of failures or automatically cancel them.
>>
>> There's nothing worse than mailing lists which keep sending to
>> non-existent recipients.
>
> amen to that!
Thirded. There's a "newsletter" that some of my spamfilter customers
want to get, and others want blacklisted, that doesn't *accept* mail
from the SMTP null sender. Period. I may start bouncing the postmaster
notices *I* get to deal with to their postmaster@ along with a complaint
about their RFC-violating behaviour.
I'd drop them in a deep dark hole (/dev/null feels about right) if there
weren't customers that actually *want* to receive their glop. :/
-kgd
Re: OT - massive newsletter
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* Randal, Phil <pr...@herefordshire.gov.uk>:
> If you don't want to annoy a lot of people your spamming (oops,
> newsletter sending) software needs to deal with NDRs back from
> recipient's domains and either put their subscription on hold after a
> small number of failures or automatically cancel them.
>
> There's nothing worse than mailing lists which keep sending to
> non-existent recipients.
amen to that!
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to plonk@charite.de
RE: OT - massive newsletter
Posted by "Randal, Phil" <pr...@herefordshire.gov.uk>.
If you don't want to annoy a lot of people your spamming (oops,
newsletter sending) software needs to deal with NDRs back from
recipient's domains and either put their subscription on hold after a
small number of failures or automatically cancel them.
There's nothing worse than mailing lists which keep sending to
non-existent recipients.
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: mizzio [mailto:mizzio@sinapto.net]
> Sent: 19 September 2007 11:07
> To: users@spamassassin.apache.org
> Subject: OT - massive newsletter
>
> hello everybody,
>
> I apologize to ask an off-topic question, and feel free to point me to
> any other resources on the net.
>
> I'm setting up an SMTP server (centos + qmail) on a dell quad core
> machine for sending out a periodic newsletter (10 millions a month).
>
> In order to avoid any possible blacklisting problem, I'm
> looking for all
> the best practices. Right now I've set up:
>
> - Dedicated public IP address
> - Dedicated domain and MX record with correct reverse resolution.
>
> I'm looking into in SPF but I have no experience on this.
>
> Any help is greatly appreciated.
>
> Thank you.
> Maurizio
>
>
Re: OT - massive newsletter
Posted by mizzio <mi...@sinapto.net>.
The service is not new - it should be just moved to a new platform.
cheers
maurizio
On sab, 2007-09-22 at 07:40 -0400, Dave Koontz wrote:
> If I might ask, where are you getting the list "SEED" addresses from?
> It's hard for me to imagine you have such a large number of users that
> have already requested information you have not configured to send yet.
> If this is a purchased list of addresses ... you may have some problems
> quickly. Remember, it's not just giving users an OPT out option, but
> ensuring you are only sending to those that specifically requested
> information from you in advance.
>
>
>
> mizzio wrote:
> > Thank you to everyone for the support.
> >
> > Maurizio
> >
> >
>
>
Re: OT - massive newsletter
Posted by "John D. Hardin" <jh...@impsec.org>.
On Sat, 22 Sep 2007, Dave Koontz wrote:
> If I might ask, where are you getting the list "SEED" addresses
> from? It's hard for me to imagine you have such a large number of
> users that have already requested information you have not
> configured to send yet. If this is a purchased list of addresses
> ... you may have some problems quickly. Remember, it's not just
> giving users an OPT out option, but ensuring you are only sending
> to those that specifically requested information from you in
> advance.
Good mailing list software would give the option to confirm imported
addresses the same way it confirms individual subscription requests.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The big news on the streets today is that the people of Baqubah
are generally ecstatic, although many hold in reserve a serious
concern that we will abandon them again. For many Iraqis, we have
morphed from being invaders to occupiers to members of a tribe.
-- Michael Yon, 05 July 2007
-----------------------------------------------------------------------
246 days until the Mars Phoenix lander arrives at Mars
Re: OT - massive newsletter
Posted by Dave Koontz <dk...@mbc.edu>.
If I might ask, where are you getting the list "SEED" addresses from?
It's hard for me to imagine you have such a large number of users that
have already requested information you have not configured to send yet.
If this is a purchased list of addresses ... you may have some problems
quickly. Remember, it's not just giving users an OPT out option, but
ensuring you are only sending to those that specifically requested
information from you in advance.
mizzio wrote:
> Thank you to everyone for the support.
>
> Maurizio
>
>
Re: OT - massive newsletter
Posted by Mick Pollard <li...@lunix.com.au>.
> > > I'm setting up an SMTP server (centos + qmail) on a dell quad core
> > > machine for sending out a periodic newsletter (10 millions a
> > > month).
> > >
> > You might consider using mailing-list software such as mailman, which
> > allows people to subscribe and unsubscribe and takes care of
> > verification of subscriptions.
> >
> > I don't know how it would behave under a 10M-subscriber load, though.
> >
I have never used this software but it looks like it might be better suited to what you what to do.
http://freshmeat.net/projects/openemm/
--
Mick Pollard <li...@lunix.com.au>
Re: OT - massive newsletter
Posted by mizzio <mi...@sinapto.net>.
Thank you to everyone for the support.
Maurizio
On mer, 2007-09-19 at 08:17 -0700, John D. Hardin wrote:
> On Wed, 19 Sep 2007, mizzio wrote:
>
> > I'm setting up an SMTP server (centos + qmail) on a dell quad core
> > machine for sending out a periodic newsletter (10 millions a
> > month).
> >
> > In order to avoid any possible blacklisting problem, I'm looking
> > for all the best practices.
>
> As others have said, explicitly verified subscription.
>
> You might consider using mailing-list software such as mailman, which
> allows people to subscribe and unsubscribe and takes care of
> verification of subscriptions.
>
> I don't know how it would behave under a 10M-subscriber load, though.
>
> --
> John Hardin KA7OHZ http://www.impsec.org/~jhardin/
> jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
> key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
> -----------------------------------------------------------------------
> The Constitution is a written instrument. As such its meaning does
> not alter. That which it meant when adopted, it means now.
> -- U.S. Supreme Court
> SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905)
> -----------------------------------------------------------------------
> Today: Talk Like a Pirate day
>
>
Re: OT - massive newsletter
Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 19 Sep 2007, mizzio wrote:
> I'm setting up an SMTP server (centos + qmail) on a dell quad core
> machine for sending out a periodic newsletter (10 millions a
> month).
>
> In order to avoid any possible blacklisting problem, I'm looking
> for all the best practices.
As others have said, explicitly verified subscription.
You might consider using mailing-list software such as mailman, which
allows people to subscribe and unsubscribe and takes care of
verification of subscriptions.
I don't know how it would behave under a 10M-subscriber load, though.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The Constitution is a written instrument. As such its meaning does
not alter. That which it meant when adopted, it means now.
-- U.S. Supreme Court
SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905)
-----------------------------------------------------------------------
Today: Talk Like a Pirate day