I checked the DNS of my domains hosted at DH using http://www.dnsreport.com/tools/dnsreport.ch?domain=%s, where %s should be replaced by your domain name.
Some small problems came up:
- QUOTE: "Mail server host name in greeting WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won’t cause any harm, but is a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server.
mx2.randy.mail.dreamhost.com claims to be host lynch.dreamhost.com [but that host is at 220.127.116.11, not 18.104.22.168].
mx1.randy.mail.dreamhost.com claims to be host decker.dreamhost.com [but that host is at 22.214.171.124, not 126.96.36.199]."
- QUOTE: “SPF record [see spf.pobox.com] Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).”
Changing (1) would probably involve significant effort and isn’t worth the trouble.
SPF records (2) are another story: couldn’t the addition/maintenance of SPF records (they go in the TXT record of a domain’s DNS) for domain with DNS hosted at DH be entirely automated? I grant that SPF record checking is still a voluntary thing (most sane domain MX servers wouldn’t reject incoming mail because the sender domain has no SPF records), but it might reject a few percent more of spam.
Another possibility for reducing inbound spam at DH is to use the Postfix features to reject mail at the SMTP setup stage by DNS lookups, enforcing server black-lists, etc.: my ISP does this for each domain hosted, and the domain admin contact receives a daily report of rejects, e.g. items like this QUOTE
Jun 2 19:10:26 ns postfix/smtpd: NOQUEUE: reject: RCPT from unknown[188.8.131.52]: 554 Service unavailable; Client host [184.108.40.206] blocked using list.dsbl.org; http://dsbl.org/listing?220.127.116.11; from=TerriPosey@dentalism.com firstname.lastname@example.org proto=SMTP helo=<18.104.22.168>
May 31 08:15:21 ns postfix/smtpd: NOQUEUE: reject: RCPT from unknown[22.214.171.124]: 566 <126.96.36.199>: Helo command rejected: Forged helo name - this looks like spam; from=PROSEGQARVSEGD@animail.net email@example.com proto=SMTP helo=<188.8.131.52>
May 29 13:24:28 ns postfix/smtpd: NOQUEUE: reject: RCPT from bxf177.neoplus.adsl.tpnet.pl[184.108.40.206]: 551 <bxf177.neoplus.adsl.tpnet.pl[220.127.116.11]>: Client host rejected: use your ISPs SMTP server - no direct SMTP connections allowed; from=ShaynPlatt894@unet.com firstname.lastname@example.org proto=SMTP helo=<unet.com>
which help identify any false positive identification of servers spamming email@example.com. If legitimate mail is being rejected, and the problem can’t be resolved by the sender, the customer can instruct the sender to send mail to a special non-checked subdomain address, e.g. firstname.lastname@example.org.
In my two-year experience of this Postfix configuration, roughly 90% of spam gets rejected, and 1/200 legitimate emails are mistakenly rejected: it really does perform well!
Insert Real Name
insertrealname AT DELETEyahoo.ca