Many common email providers enforce guidelines and policies for sending/receiving email. Typically, they will publish their acceptable use policies. For example, Google, Yahoo!, and AOL all provide best practices to help reduce the amount of Spam within their respective networks.
By the end of this article, you will know how to configure your domain and VPS or Dedicated server to ensure third party mail servers can authenticate the identity of your server. This will allow them to confirm that your domain is authorized to send mail from the IP address assigned by your server, avoiding IP blacklisting.
Authentication via DNS Records
As internet security standards evolve, more and more mail servers are requiring the implementation of a few TXT records. These records are simple text DNS records that contain, you guessed it–text. This text is specifically read and used by a mail server when an email is presented for delivery. Depending on the records (and its configuration), the mail server will process email delivery accordingly. Below is a summary and brief description for each DNS record.
The first record we’ll discuss is the Sender Policy Framework (SPF) record. SPF records allow you to create your own policy that dictates authorized senders. This means that only those on the list are able to be authenticated by any receiving server that is reviewing the SPF record. Upon a successful check, the email is assumed to be legitimate. If the check is unsuccessful, the email is considered spoofed (illegitimate) and dealt with according to how the SPF policy is set up. You can see more information and details on implementing an effective SPF record for your domain in our Guide to SPF Records.
The second powerful record that’s important to enable, is your DomainKeys Identified Mail (DKIM) record. DKIM works like a digital signature, which when configured properly, can verify that the contents of the message have not been modified during transit. Typically this is useful in preventing the forgery of the From: address within the message headers, which is a common practice among spammers, called spoofing. In short, DKIM helps to uphold the integrity of an email during delivery, preventing your domain from appearing similar to a spoofed or Spam email. DKIM is simply enabled/disabled via cPanel. If you need more help with enabling DKIM, you can always refer to our article SPF Records and Domain Keys: Combating Spam.
After you enable SPF/DKIM, you’ll want to ensure you have a DMARC (Domain-based Message Authentication, Reporting & Conformance) record configured. This is your opportunity to specify how mail servers should handle messages from your domain that do not have valid SPF and DKIM records setup. Although you are pro-actively creating these records, a DMARC record can prove useful for a couple reasons. Because you can configure notifications of SPF/DKIM failures, you can identify ‘phishy’ behavior and take corrective action to prevent Spam from being sent from your server unknowingly. Also, since the DMARC standard is used by many email providers (such as Gmail, Yahoo, AOL, etc.), it can improve your sending ability. You can learn how to configure a basic DMARC record, in our article, How to Setup DMARC records in cPanel.
These common DNS records can help improve your outgoing email IP’s reputation. They can also prevent your emails from being flagged as Spam. Ultimately, the decision of how to handle email is up to the configuration of the receiving server. Continuing through this article, you will learn how you can modify your server, to conform with the guidelines and policies set forth by many common email providers.
Changing Your Server’s Hostname
You may have noticed that your VPS or Dedicated server uses a generic hostname (vps####.inmotionhosting.com, ded###.inmotionhosting.com). The hostname is simply your server’s name. When a mail server reviews the outgoing email IP address, it does so with the intent to authenticate the server’s name. An IP address Pointer (PTR) record, associates your IP address with your server’s hostname for this reason. In keeping with best practices, your mail server’s hostname and outgoing mail IP PTR record should be customized and matching.
Although there’s already a generic PTR and matching hostname provisioned upon creating your server, most email providers will require that this is reconfigured to a non-generic hostname. For instance, you can change vps####.inmotionhosting.com to server.example.com, replacing example.com with your actual domain. Having a matching PTR record and (non-generic) hostname can increase your chances of emails being delivered successfully and also minimize emails filtered as Spam. Review the important notes and additional concerns below for tips on choosing your own hostname and making this transition smoothly.
Learn more about cPanel management from our Managed VPS Hosting Product Guide.
Thoughts on “Configuring Your VPS or Dedicated Server as a Mail Server”
Is there an article on how to do this on a VPS without WHM, I happen to manage lots of VPS without WHM.
The command line instructions apply to cloud servers. You can use Certbot to create a free SSL certificate.
To update the SSL certificates after I change the server’s hostname, do I just click on “Update certificate” in the SSL configuration in CPanel? I have AutoSSL certificates.
Yes, or you can use the WHM AutoSSL tool.