[eikenberry]

Once you have SPF/DKIM in place and make sure your IP isn't already on a blacklist for some past (previous users) infractions you should be good to go. I've run my own mail server for years and have only had to remove it from a blacklist once. So once you get past some initial blacklist monitoring work, you are good to go.

That does bring up the point of how to do blacklist monitoring. There are various commercial services out there that will allow you to check for free and monitor 1 host or something (eg. https://mxtoolbox.com/). I'd prefer to run my own though, does anyone know of a good setup for this?

[SwellJoe]

Yep. I work on software that runs on thousands of mail servers (I work on Virtualmin), and it is entirely possible to run your own mail server with good delivery rates. It's honestly not even that hard, if you get SPF, DKIM, PTR records in DNS right, and you correctly handle bounces and unsubscribes promptly. We've been sending out a few thousand emails a day for over a decade without incident, and we have several people who run bigger mailing lists than we do.

Though there are a few minor caveats to this. Microsoft (Hotmail, Outlook, Live, etc. addresses) mail servers are ornery, in that they hold grudges against IP addresses for a long time (seemingly forever, as the server we moved to recently had been in our possession for non-email use for a couple of years, and it was still on a Microsoft blacklist from a prior owner's abuse), and they make you jump through a few hoops to get it removed. Even with SPF and DKIM, they rejected 100% of our mail until we got off of their blacklist. Our previous server never had that problem...but we'd been on the same IP for like five or six years.

You need to be on an IP that is dedicated and that you're going to own for a long time, and not part of consumer IP blocks; you can't effectively run a mail server on a cable or DSL line, even business class, without jumping through a lot of hoops. But, if you're in a colo, you'll be fine. This also applies to AWS and other cloud server IP addresses; as I understand it, huge swaths of them have been burned by spammers who spin up and spam until they get shut down, and then move to another.

So, I guess it's relatively tricky to get things working at the beginning and you may have to fight a little with some of the big email vendors, but it's not really an ongoing thing, in my experience. Get it right, and then don't spam or let your users spam, respond appropriately when abuse does happen, and you can run your own mail server relatively painlessly.

[eikenberry]

Not something I can run, but http://www.mailradar.com/ seems like a better free service. They let you monitor 5 IPs for inclusion on blacklists which works better for a personal setup where you might have more than 1 domain but wouldn't have more than a couple VMs as the MX servers.

[balladeer]

I signed up for mailradar.com and the confirmation email landed in the Spam folder of my Gmail account.

[yrro]

> First name is invalid (use min 4 characters)

But it's my name!

[jrnichols]

"Once you have SPF/DKIM in place and make sure your IP isn't already on a blacklist for some past "

you'd think that it would be this simple, but it's not. I have had SPF/DKIM set up from day one, a totally clean IP, doesn't show up on any block lists at all, yet i'm still having some problems delivering to certain ISPs. Verizon is the biggest problem right now. I had problems delivering to Gmail because my server didn't have a good enough reputation. Everything from my IP was going right into the Gmail spam folder and there was nothing that I could do about it except sit back and wait. It took weeks for Gmail to finally decide that my reputation was good enough.

It's scary just how much power Google has over many things email these days.

Now I have to convince Verizon that my IP is not a dynamically assigned one.

[bigiain]

Question: where's your IP address come from? I'd have guessed that common cloud VM IP pools are likely all trashed permanently already? I somehow doubt AWS or DO or Linode or Rackspace et al are worthwhile places to host an outbound mail server? I'd also guess ISP pools of home IP addresses are probably just as poisoned. Is proper SPF/DKIM setup "enough" to overcome that? (Or are my suspicions about pools of IP addresses unfounded?)

[eikenberry]

Cloud providers are not as bad as you'd think. I've tested several DO IPs using various checkers, as I've been thinking about moving my server there (currently at prgmr.com), and they have all been clean. SPF and not being an open relay seem to be the 2 important things to keep you off the blacklists. I still don't have DKIM (been on my TODO for a while... but lazy) and haven't been put on a blacklist in many years.

[startling]

I used Digital Ocean for a year. No problems, never sent spam. Then my mail started being spamfiltered, apparently because a neighbor was spamming. Seriously don't recommend using cloud hosts if you care about people receiving your email.

[bigiain]

Hmmm, thanks for that. I just checked my CloudAtCost VM, which I'd never have considered running outbound mail from, and it's not on _any_ of the 90+ blacklists mxtools checks. This astounds me!

[icebraining]

FWIW, I stopped using my home connection because it was listed on Spamhaus' PBL, you might want to check that out if you plan on using yours: https://www.spamhaus.org/pbl/

I'm using DO currently and it's been working fine, though it's just for personal email.

[kalleboo]

I'm surprised to hear there are home ISPs that still allow outgoing traffic on port 25... I used to run an email server at home, and both ISPs I used required you to route all outgoing email through their SMTP server (which presumably had an outgoing spam filter on it). This worked fine for me because it meant my outgoing mail had a good reputation.

[garaetjjte]

Why? I expect from ISPs to deliver IP packets to/from my address, without filtering on basis what is in payload.

Though once when device connected to my wifi got infected and started sending spam, I got angry (not e)mail from ISP, so I drop tcp/25 on my router firewall.

[kalleboo]

So you, someone technical enough to set up their own email server, was spamming people, and it presumably took days or weeks for someone to report you, and you to check your mailbox and get around configuring your firewall.

Now imagine the typical user who has no idea what the letter means or how to configure their router and just ignores it...

I'm surprised your whole ISPs dynamic IP pool isn't already on every spam block list.

edit: just realized you aren't the poster I was replying to, so presumably you're not running your own email server

[startling]

I used DO for a year without a problem, and then my IP was blacklisted (apparently a neighbor was spamming) and I couldn't do anything about it. Be warned, and frequently check if Google accounts receive mail frequently.

[wjd2030]

I ended up using an smtp service from Mailjet to get around this issue. 600 free emails a month.

[josephb]

How does your setup interface with Mailjet?

[Sir_Cmpwn]

FWIW you can appeal to most major blocklists to have your IP address cleaned. I had no problem doing this for my own mail server.

[TheGrumpyBrit]

I use DO without any problems. You need to make sure your IP isn't blacklisted before you start (and if it is, trash the instance and try again), and keep an eye on blacklists in case your range gets caught, but you should really be doing that anyway.

[brightball]

Don't forget DMARC. Setting it up strictly and monitoring it via something like dmarcian or other tools should keep your domain clean as long as the IP is safe.