Proper proper proper email and DNS setup

My YunoHost server

Hardware: Computer in a place dedicated for servers
YunoHost version: 3.6.4
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no

Description of my issue

Hey hello everyone :slight_smile:
I know this is nothing but a new problem, and there is plenty of issues already posted about this, but here I am and hotmail is blocking again emails from our domain, and lots of sweet people cannot write anymore to their dear friends they care about. I’ve already told them that they’re best solution is to tell to their sweet friends that freedom will feel good to them when leaving hotmail, but this takes some time :wink: and in the meantime, I’m writing to microsoft again and again asking them to remove our domain from their intentional small providers blacklist.

But doing all this, I checked a bit the ratings of our domain on some tools and got some results I don’t fully understand, so I was thinking maybe here some people would have nice insights on those results:

1 - mxtoolbox.com

It says that everything is fine, but displays a warning saying: DMARC Quarantine/Reject policy not enabled. I’m using the standard recommendations of yunohost for DMARC record so I don’t fully understand what that mean. Any idea?

2 - mail-tester.com

It gives a rating of 10/10, but specifies somewhere that:

Your reverse DNS does not match with your sending domain.
    IP: XX.XXX.XXX.XXX
    HELO: domain.tld
    rDNS: sub.domain.tld

I don’t think this should be a problem, since in domain.tld's DNS record there is
@ 3600 IN MX 5 sub.domain.tld.
and
sub 3600 IN CNAME domain.tld.
So the redirection should be fine, from what I understand.
Anyone sees a problem in that or has an idea why mail-tester is complaining?

Thank you for any advises and take care :slight_smile:

Weeeeeell here we’re talking about reverse DNS which is different from “regular” DNS … If you can, you could tweak the reverse DNS on your provider/ISP’s side, maybe that could improve things …

Not sure either what this means … but apparently there are some ambiguities in what to do with the DMARC record … A small discussion started in DMARC none could be interpreted as DMARC reject by some mail hosters · Issue #1297 · YunoHost/issues · GitHub

Thanks Aleks for the quick answer :slight_smile: and for the link to the DMARC discussion.

For the reverse DNS do you mean configure it to lead to domain.tld? If so I did that at first a year or so ago, and then some mail config tester (I think mxtoolbox) was reporting it as bad configuration, and then I read about it being bad practice to point a reverse DNS to a root domain (one reason was scalability but I think it wasn’t the only one). That’s why I changed it to sub.domain.tld, and added the CNAME in my domain.tld DNS config.
Well since not any mail provider other than microsoft complains, I’ll assume it must be fine and microsoft just likes creating problems.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.