Re: OT - massive newsletter
On 19.09.07 12:07, mizzio wrote: > hello everybody, > > I apologize to ask an off-topic question, and feel free to point me to > any other resources on the net. > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > machine for sending out a periodic newsletter (10 millions a month). > > In order to avoid any possible blacklisting problem, I'm looking for all > the best practices. Right now I've set up: > > - Dedicated public IP address > - Dedicated domain and MX record with correct reverse resolution. > > I'm looking into in SPF but I have no experience on this. SPF won't help you in not getting blacklisted. SPF can only preserve your domain from being forged by other servers. (well, not much server uses this check yet, but it's at least detectable) > Any help is greatly appreciated. use opt-in subscribing with good verification (so noone can fake subscribe confirmation), give users way of easy unsibscribing... send mail in batches and avoid qmail if possible (qmail unbundles batches and sends each mail separately) btw did you read http://wiki.apache.org/spamassassin/AvoidingFpsForSenders ? -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam is for losers who can't get business any other way.
Re: OT - massive newsletter
mizzio wrote: I'm setting up an SMTP server (centos + qmail) on a dell quad core machine for sending out a periodic newsletter (10 millions a month). In order to avoid any possible blacklisting problem, I'm looking for all the best practices. Right now I've set up: You need EXPLICIT authorization (opt-in) of all recipients and be able to prove it. This is required by EU (and thus your/my country law) and the best insurance not to end up in blacklists. Good luck, Paolo
Re: OT - massive newsletter
Thank you (very good reading). Would you suggest postfix then ? Thanks Maurizio On mer, 2007-09-19 at 12:30 +0200, Matus UHLAR - fantomas wrote: > On 19.09.07 12:07, mizzio wrote: > > hello everybody, > > > > I apologize to ask an off-topic question, and feel free to point me to > > any other resources on the net. > > > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > > machine for sending out a periodic newsletter (10 millions a month). > > > > In order to avoid any possible blacklisting problem, I'm looking for all > > the best practices. Right now I've set up: > > > > - Dedicated public IP address > > - Dedicated domain and MX record with correct reverse resolution. > > > > I'm looking into in SPF but I have no experience on this. > > SPF won't help you in not getting blacklisted. SPF can only preserve your > domain from being forged by other servers. (well, not much server uses this > check yet, but it's at least detectable) > > > Any help is greatly appreciated. > > use opt-in subscribing with good verification (so noone can fake > subscribe confirmation), give users way of easy unsibscribing... > > send mail in batches and avoid qmail if possible (qmail unbundles batches > and sends each mail separately) > > btw did you read http://wiki.apache.org/spamassassin/AvoidingFpsForSenders ?
Re: OT - massive newsletter
* mizzio <[EMAIL PROTECTED]>: > hello everybody, > > I apologize to ask an off-topic question, and feel free to point me to > any other resources on the net. > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > machine for sending out a periodic newsletter (10 millions a month). Rather use Postfix for that. Postfix can re-use existing connections (thus decreasing the concurrency of SMTP sessions) and will sort the recipient lists by MX host. Also, it has several workaround that enable you to send mail to system behind CISCO PIX firewalls. -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
Re: OT - massive newsletter
thank you for the "good luck" :-) mizzio On mer, 2007-09-19 at 12:32 +0200, Paolo Cravero wrote: > mizzio wrote: > > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > > machine for sending out a periodic newsletter (10 millions a month). > > > > In order to avoid any possible blacklisting problem, I'm looking for all > > the best practices. Right now I've set up: > > You need EXPLICIT authorization (opt-in) of all recipients and be able to > prove it. This is required by EU (and thus your/my country law) and the best > insurance not to end up in blacklists. > > Good luck, > Paolo > >
RE: OT - massive newsletter
If you don't want to annoy a lot of people your spamming (oops, newsletter sending) software needs to deal with NDRs back from recipient's domains and either put their subscription on hold after a small number of failures or automatically cancel them. There's nothing worse than mailing lists which keep sending to non-existent recipients. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -Original Message- > From: mizzio [mailto:[EMAIL PROTECTED] > Sent: 19 September 2007 11:07 > To: users@spamassassin.apache.org > Subject: OT - massive newsletter > > hello everybody, > > I apologize to ask an off-topic question, and feel free to point me to > any other resources on the net. > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > machine for sending out a periodic newsletter (10 millions a month). > > In order to avoid any possible blacklisting problem, I'm > looking for all > the best practices. Right now I've set up: > > - Dedicated public IP address > - Dedicated domain and MX record with correct reverse resolution. > > I'm looking into in SPF but I have no experience on this. > > Any help is greatly appreciated. > > Thank you. > Maurizio > >
Re: OT - massive newsletter
* Randal, Phil <[EMAIL PROTECTED]>: > If you don't want to annoy a lot of people your spamming (oops, > newsletter sending) software needs to deal with NDRs back from > recipient's domains and either put their subscription on hold after a > small number of failures or automatically cancel them. > > There's nothing worse than mailing lists which keep sending to > non-existent recipients. amen to that! -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBFsend no mail to [EMAIL PROTECTED]
Re: OT - massive newsletter
Ralf Hildebrandt wrote: * Randal, Phil <[EMAIL PROTECTED]>: If you don't want to annoy a lot of people your spamming (oops, newsletter sending) software needs to deal with NDRs back from recipient's domains and either put their subscription on hold after a small number of failures or automatically cancel them. There's nothing worse than mailing lists which keep sending to non-existent recipients. amen to that! Thirded. There's a "newsletter" that some of my spamfilter customers want to get, and others want blacklisted, that doesn't *accept* mail from the SMTP null sender. Period. I may start bouncing the postmaster notices *I* get to deal with to their postmaster@ along with a complaint about their RFC-violating behaviour. I'd drop them in a deep dark hole (/dev/null feels about right) if there weren't customers that actually *want* to receive their glop. :/ -kgd
Re: OT - massive newsletter
On Wed, 19 Sep 2007, mizzio wrote: > I'm setting up an SMTP server (centos + qmail) on a dell quad core > machine for sending out a periodic newsletter (10 millions a > month). > > In order to avoid any possible blacklisting problem, I'm looking > for all the best practices. As others have said, explicitly verified subscription. You might consider using mailing-list software such as mailman, which allows people to subscribe and unsubscribe and takes care of verification of subscriptions. I don't know how it would behave under a 10M-subscriber load, though. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The Constitution is a written instrument. As such its meaning does not alter. That which it meant when adopted, it means now. -- U.S. Supreme Court SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905) --- Today: Talk Like a Pirate day
RE: OT - massive newsletter
Kris Deugau wrote: > Ralf Hildebrandt wrote: >> * Randal, Phil <[EMAIL PROTECTED]>: >>> If you don't want to annoy a lot of people your spamming (oops, >>> newsletter sending) software needs to deal with NDRs back from >>> recipient's domains and either put their subscription on hold after >>> a small number of failures or automatically cancel them. >>> >>> There's nothing worse than mailing lists which keep sending to >>> non-existent recipients. >> >> amen to that! > > Thirded. There's a "newsletter" that some of my spamfilter customers > want to get, and others want blacklisted, that doesn't *accept* mail > from the SMTP null sender. Period. I may start bouncing the > postmaster notices *I* get to deal with to their postmaster@ along > with > a complaint > about their RFC-violating behaviour. > > I'd drop them in a deep dark hole (/dev/null feels about > right) if there > weren't customers that actually *want* to receive their glop. :/ > > -kgd There are a number of high-profile sites which are very badly behaved in this respect. Friends Reunited being one of them. Cheers, Phil -- Phil Randal Network Engineer Herefordshire Council Hereford, UK
Re: OT - massive newsletter
>> >> * mizzio <[EMAIL PROTECTED]>: >> > hello everybody, >> > >> > I apologize to ask an off-topic question, and feel free to point me to >> > any other resources on the net. >> > >> > I'm setting up an SMTP server (centos + qmail) on a dell quad core >> > machine for sending out a periodic newsletter (10 millions a month). >> >> Rather use Postfix for that. Postfix can re-use existing connections >> (thus decreasing the concurrency of SMTP sessions) and will sort the >> recipient lists by MX host. >> >> Also, it has several workaround that enable you to send mail to system >> behind CISCO PIX firewalls. >> Hi, I definitely appreciate the idea of reducing concurrency. Unless the sender is well known (or has agreements with major providers), recipients might limit the amount of mails they are willing to accept per unit of time. I would expect that measure to be based on actual mails rather than connections, so sorting the messages by target mx may not be what you really want. Wolfgang Hamann
RE: OT - massive newsletter
--On Wednesday, September 19, 2007 12:16 PM +0100 "Randal, Phil" <[EMAIL PROTECTED]> wrote: If you don't want to annoy a lot of people your spamming (oops, newsletter sending) software needs to deal with NDRs back from recipient's domains and either put their subscription on hold after a small number of failures or automatically cancel them. Mailman seems to have such a bounce mechanism.
Re: OT - massive newsletter
Thank you to everyone for the support. Maurizio On mer, 2007-09-19 at 08:17 -0700, John D. Hardin wrote: > On Wed, 19 Sep 2007, mizzio wrote: > > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > > machine for sending out a periodic newsletter (10 millions a > > month). > > > > In order to avoid any possible blacklisting problem, I'm looking > > for all the best practices. > > As others have said, explicitly verified subscription. > > You might consider using mailing-list software such as mailman, which > allows people to subscribe and unsubscribe and takes care of > verification of subscriptions. > > I don't know how it would behave under a 10M-subscriber load, though. > > -- > John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ > [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > The Constitution is a written instrument. As such its meaning does > not alter. That which it meant when adopted, it means now. > -- U.S. Supreme Court >SOUTH CAROLINA v. US, 199 U.S. 437, 448 (1905) > --- > Today: Talk Like a Pirate day > >
Re: OT - massive newsletter
> > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > > > machine for sending out a periodic newsletter (10 millions a > > > month). > > > > > You might consider using mailing-list software such as mailman, which > > allows people to subscribe and unsubscribe and takes care of > > verification of subscriptions. > > > > I don't know how it would behave under a 10M-subscriber load, though. > > I have never used this software but it looks like it might be better suited to what you what to do. http://freshmeat.net/projects/openemm/ -- Mick Pollard <[EMAIL PROTECTED]> pgpSr65p757bR.pgp Description: PGP signature
Re: OT - massive newsletter
If I might ask, where are you getting the list "SEED" addresses from? It's hard for me to imagine you have such a large number of users that have already requested information you have not configured to send yet. If this is a purchased list of addresses ... you may have some problems quickly. Remember, it's not just giving users an OPT out option, but ensuring you are only sending to those that specifically requested information from you in advance. mizzio wrote: > Thank you to everyone for the support. > > Maurizio > >
Re: OT - massive newsletter
On Sat, 22 Sep 2007, Dave Koontz wrote: > If I might ask, where are you getting the list "SEED" addresses > from? It's hard for me to imagine you have such a large number of > users that have already requested information you have not > configured to send yet. If this is a purchased list of addresses > ... you may have some problems quickly. Remember, it's not just > giving users an OPT out option, but ensuring you are only sending > to those that specifically requested information from you in > advance. Good mailing list software would give the option to confirm imported addresses the same way it confirms individual subscription requests. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The big news on the streets today is that the people of Baqubah are generally ecstatic, although many hold in reserve a serious concern that we will abandon them again. For many Iraqis, we have morphed from being invaders to occupiers to members of a tribe. -- Michael Yon, 05 July 2007 --- 246 days until the Mars Phoenix lander arrives at Mars
Re: OT - massive newsletter
The service is not new - it should be just moved to a new platform. cheers maurizio On sab, 2007-09-22 at 07:40 -0400, Dave Koontz wrote: > If I might ask, where are you getting the list "SEED" addresses from? > It's hard for me to imagine you have such a large number of users that > have already requested information you have not configured to send yet. > If this is a purchased list of addresses ... you may have some problems > quickly. Remember, it's not just giving users an OPT out option, but > ensuring you are only sending to those that specifically requested > information from you in advance. > > > > mizzio wrote: > > Thank you to everyone for the support. > > > > Maurizio > > > > > >
Re: OT - massive newsletter
mizzio wrote: > hello everybody, > > I apologize to ask an off-topic question, and feel free to point me to > any other resources on the net. > > I'm setting up an SMTP server (centos + qmail) on a dell quad core > machine for sending out a periodic newsletter (10 millions a month). > > In order to avoid any possible blacklisting problem, I'm looking for all > the best practices. Right now I've set up: > > - Dedicated public IP address > - Dedicated domain and MX record with correct reverse resolution. > > I'm looking into in SPF but I have no experience on this. > 1- do not subscribe an address unless it is verified: you must send a message to the address, and the owner must reply. the confirmation message must contain something unique so that nobody can guess and send a forged reply. The thing is that: you must _guarantee_ that the _owner_ of the mailbox wants to get your mail. 2- you must remove addresses that bounce (after some number of bounces for instance). 3- you should re-ask for confirmation after some time (people do quit jobs and get replaced). once a year should be a minimum. 4- users must be able to unsubscribe via mail _and_ via the web, whatever they prefer (the reason is that if an address is no more used as "sender", the user will find it hard to unsubscribe via email). 5- the web unsubscription form should not result in an error. This may happen, but if it happens too often, it is a sign of a fake form. same goes for unsubscription by email. 6- accept all valid email addresses. For example, '+' is a valid character in the local-part (actually, almost all characters are valid if escaped). 7- accept mail to postmaster and abuse. and accept mail from the null sender address. 8- use a valid address in the From and Reply-To headers. don't use [EMAIL PROTECTED] 9- send valid mail. This includes correctly encoded headers (all headers are ascii. no accented letters unless encoded according to the MIME specification). 10- the machine that sends mail should have a meangful reverse DNS, and it must "match" (IP -> name -> ip should return the original IP). the helo name should match this IP (helo -> ip should yield the IP of the machine). Ideally, use the same domain for: sender, reverse dns and helo. This will help you get a "reputation". at gmail, this is enough to get you a "best-guess SPF". 11- implement SPF (only allow very few addresses). while I don't care for SPF for general use, I think it is good in the case of mass mailers. otherwise, "miscreants" may nuke your reputation. and if you send mail to hotmail, you'd better have SPF. SPF is trivial. see the "wizard" at openspf.org. 12- implement DKIM. exceptionally if you deliver to gmail and yahoo. with postfix, look for the dkim milter. 13- fill in the forms at large mail providers (yahoo, ...).
Re: OT - massive newsletter
Kris Deugau wrote: > Ralf Hildebrandt wrote: >> * Randal, Phil <[EMAIL PROTECTED]>: >>> If you don't want to annoy a lot of people your spamming (oops, >>> newsletter sending) software needs to deal with NDRs back from >>> recipient's domains and either put their subscription on hold after a >>> small number of failures or automatically cancel them. >>> >>> There's nothing worse than mailing lists which keep sending to >>> non-existent recipients. >> >> amen to that! > > Thirded. There's a "newsletter" that some of my spamfilter customers > want to get, and others want blacklisted, that doesn't *accept* mail > from the SMTP null sender. Period. I may start bouncing the > postmaster notices *I* get to deal with to their postmaster@ along > with a complaint about their RFC-violating behaviour. > with postfix, you can use check_recipient_access with smtpd_restriction_classes to implement per recipient access controls. This may allow you to accept the newsletter (client ip and/or sender) only for those customers who want it. ... > I'd drop them in a deep dark hole (/dev/null feels about right) if > there weren't customers that actually *want* to receive their glop. :/
Re: OT - massive newsletter
thanks again, very good and complete list of best practices ! cheers, maurizio On dom, 2007-09-23 at 22:53 +0200, mouss wrote: > think it is good in the case of mass mailers. > otherwise, "miscreants" may nuke your reputation. and if you send mail > to hotmail, you'd better have S