\nThe first thing I noticed is that my Return-path and envelope-from were set to the server name rather than the domain of the user that I was sending the email from. There is a way to configure Exim4 to automatically use the domain of the user when sending email, but I couldn\u2019t figure out how to do it. I found this article<\/a> that explains how to change it. However, since all of the mail I send from that server comes from the same domain, I fixed the problem by changing the \/etc\/mailname file so that it has the sending domain rather than the server\u2019s domain.<\/p>\n
I also updated my SSL config with certbot to set up mail.wellgolly.com<\/i> as part of the SSL configuration. You need to do this separately from the website using Then I added a text file to my DNS. This spf file is not supposed to have a HOSTNAME label. The validator couldn\u2019t find the spf file when it had a label but finds it when I removed the label. Note that you include all of the servers that you use to send mail. In my case I use an ISP to send mail from my computers and wellgolly.com for the bulk email. As I mentioned earlier, I still haven\u2019t figured out why my order confirmation emails use mail.wellgolly.com so I put that in as well. If you send email from your phone, you\u2019d include that server as well.<\/p>\n DKIM<\/strong> The forum post from myleen says that you can use One thing that I forgot was that the my Exim configuration on my machine is not set up in separate files but is in one large config file, exim4.conf.template. To have the changes take effect you need to run sudo update-exim4.conf and then restart Exim.<\/p>\n Notice that the line dkim_selector = x<\/i>. The x can be anything but when you add the DKIM key you need to use the same label. In my case, x._domainkey<\/i>.<\/p>\n Generate the public and private keys as described in the article and add two TXT files<\/p>\n These are the TXT files I created so that the validator is happy. Verification<\/strong> Make sure that Exim has permission to read the dkim.private.key file. This caused some validation errors. I don\u2019t know who the user is that is sending the mail, so I couldn\u2019t add them to a group. What I did instead was make everyone able to read the file using Reverse DNS<\/strong> So to fix this I edited \/etc\/hosts to remove the mail.<\/i> prefix.<\/p>\n List Unsubscribe<\/strong> This is what the mail validator says now and I score 10\/10. Unfortunately, that didn\u2019t prevent Gmail from marking my email as spam, but at least it didn\u2019t get rejected entirely.<\/p>\n I couldn\u2019t track down what the T_SPF_PERMERROR means but it doesn\u2019t seem to have any effect on my score.<\/p>\n One thing that paradoxically did have an effect on my score was a ratio of text to graphics that was too high. I added a paragraph of text and that issue was resolved.<\/p>\n The results from verifier.port25.com are encouraging as well. Unlike Mail Tester, they don\u2019t tell you how to fix the problems or even really what the results mean. They are free however, and now that I know a bit about what everything means, I\u2019ll probably use them for checking things when I make changes. The simple verifier has some options that you can find at their website<\/a>. I also used it to check what\u2019s happening with my other mail by sending a command-line email. In case you\u2019ve forgotten, when you send a multi-line command you terminate it with ctl-d.<\/p>\n The Result<\/strong> I did get a lot of bounces since many people do not keep the same address forever like I do. Many of them are from schools and companies so it makes sense that the email address is deactivated after a while when employees leave. Lots of bounces for mailbox full so most of them are also probably old email addresses.<\/p>\n I dumped all of the undeliverable mail into a file so I can make a list of bad addresses and the first one in the list also has a bunch of diagnostic stuff in it. An interesting bit was this section: According to the Barracuda website<\/a> my score if .62 is great since The score ranges from 0 (definitely not spam) to 10 or higher (definitely spam).<\/em> That program is fairly popular and there were 52 other messages that I got back 35 had a score of 0, 6 had a score of 1.09, two had a score of 2.02 and the rest were between .21 and .91. I\u2019m not sure I can do anything about the high scores since the report doesn\u2019t make a lot of sense to me. My embedded URLs use HTTPS and are really short\u2014just the domain name followed by exercises\/overview.html. Most of the points come from their custom rules so there\u2019s not much I can do about that.<\/p>\n One message had this report which makes no sense to me, but maybe it will be useful to someone else. There were 36 of these: You can try to decipher it at the Microsoft website but I think the good part for me is CAT:NONE; since all of the listed categories are bad and NONE appears to be the default that indicates that the message is not spam.<\/p>\n One of the things that you need to do to keep off the spam lists is remove old email addresses. I don\u2019t plan on sending bulk emails to my customers very often but if I do I want to stay off the spammer list. So I created a list of bad addresses. The first thing I did was to search for I then looked for Combining the two gives me slightly fewer addresses than using the There were a handful of I have a new product that I want to notify my customers of and since it has been a while since I last sent an email blast and I have moved to a new server, I wanted to make sure I was conforming to the latest best practices. And when they sign up I want … Continue reading Sending Bulk Email<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-2974","post","type-post","status-publish","format-standard","hentry","category-coding"],"_links":{"self":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2974"}],"version-history":[{"count":20,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2974\/revisions"}],"predecessor-version":[{"id":2994,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/2974\/revisions\/2994"}],"wp:attachment":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}sudo certbot certonly --standalone -d mail.wellgolly.com<\/code>. However, since I changed the sending domain from mail.wellgolly.com<\/i> to wellgolly.com<\/i> this didn\u2019t matter in the end for my bulk email but since my confirmation and billing emails still send out from mail.wellgolly.com<\/i>. (I\u2019m working on figuring out why they do that\u2014the code uses PHP and was written by my guys 25 years ago, so I haven\u2019t quite figured it out yet.)<\/p>\n
\nv=spf1 mx a ip4:173.255.194.220 ip6:2600:3c00::f03c:91ff:fe70:bc93 include:charter.net include:wellgolly.com include:mail.wellgolly.com -all<\/code><\/p>\n
\nI found these two links that were useful for setting up DKIM with Exim4. myleen<\/a> and a concise explanation from Mike Pultz<\/a>.
\n\nremote_smtp:\n debug_print = "T: remote_smtp for $local_part@$domain"\n driver = smtp\n dkim_domain = wellgolly.com\n dkim_selector = x\n dkim_private_key = \/etc\/exim4\/dkim.private.key\n dkim_canon = relaxed<\/code><\/pre><\/p>\ndkim_domain = ${lc:${domain:$h_from:}}<\/code> but I didn\u2019t try it.<\/p>\nx._domainkey.example.com. TXT v=DKIM1; t=y; k=rsa; p=<public key><\/code>
\n _domainkey.example.com. t=y; o=~;<\/code><\/p>\n
\n
<\/p>\n
\nYou can send an email to check-auth@verifier.port25.com and it will respond with cryptic summary of results. This is good if you understand all the terms and how to fix things. I didn\u2019t, so I used Mail Tester<\/a> to check my mailings. It\u2019s free for the first three but since I was fixing and testing based on their feedback I ponied up the 25\u20ac ($27.50 with conversion fee of .15) and got 25 tests.<\/p>\nchmod o+rx<\/code>.<\/p>\n
\nI was getting this error:
\n\nYour IP address 173.255.194.220 is associated with the domain wellgolly.com.\nNevertheless your message appears to be sent from mail.wellgolly.com.\nYou may want to change the host name of your server to wellgolly.com.<\/code><\/pre><\/p>\n
\nThis is recommended for newsletters so I added it. I can\u2019t see it in the mail readers that I use, but it got rid of some negative scoring on the validator so I added it. I think Spark uses it to indicate that the message is a Newsletter<\/i>.
\nUnsubscribe<\/a><\/p>\nList-Unsubscribe: <mailto: unsubrequests@exampledomain.com?subject=unsubscribe>, <http:\/\/www.exampledomain.com\/unsubscribe.html><\/code><\/p>\n
\n
\n
\n
<\/p>\n
\n\n==========================================================\nSummary of Results\n==========================================================\nSPF check: pass\n"iprev" check: pass\nDKIM check: pass\nSpamAssassin check: ham\n\n==========================================================\nDetails:\n==========================================================\n\nHELO hostname: wellgolly.com\nSource IP: 2600:3c00::f03c:91ff:fe70:bc93\nmail-from: sales-support@wellgolly.com\n\n----------------------------------------------------------\nSPF check details:\n----------------------------------------------------------\nResult: pass\nID(s) verified: smtp.mailfrom=sales-support@wellgolly.com\n\nDNS record(s):\n wellgolly.com. 300 IN TXT "v=spf1 mx a ip4:173.255.194.220 ip6:2600:3c00::f03c:91ff:fe70:bc93 include:charter.net include:wellgolly.com include:mail.wellgolly.com-all"\n wellgolly.com. 300 IN MX 1 mail.wellgolly.com.\n mail.wellgolly.com. 300 IN AAAA 2600:3c00::f03c:91ff:fe70:bc93\n\n----------------------------------------------------------\n"iprev" check details:\n----------------------------------------------------------\nResult: pass (matches wellgolly.com)\nID(s) verified: policy.iprev="2600:3c00::f03c:91ff:fe70:bc93"\n\nDNS record(s):\n 3.9.c.b.0.7.e.f.f.f.1.9.c.3.0.f.0.0.0.0.0.0.0.0.0.0.c.3.0.0.6.2.ip6.arpa. 300 IN PTR wellgolly.com.\n wellgolly.com. 300 IN AAAA 2600:3c00::f03c:91ff:fe70:bc93\n\n----------------------------------------------------------\nDKIM check details:\n----------------------------------------------------------\nResult: pass (matches From: sales-support@wellgolly.com)\nID(s) verified: header.d=wellgolly.com<\/code><\/pre><\/p>\n
\n\n\/usr\/sbin\/exim -v check-auth@verifier.port25.com\nFrom: sales-support@wellgolly.com\nTo: check-auth@verifier.port25.com\nSubject: DKIM Test\ntest message<\/code><\/pre><\/p>\n
\nI sent out my mass mailing to customers today and, unlike previous years, I did not get any bounces for missing SPF record, line length exceeded, or spam filters. So the couple of days figuring this out was worth it.<\/p>\n
\n\nX-Barracuda-Spam-Score: 0.62\nX-Barracuda-Spam-Status: No, SCORE=0.62 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=5.0 tests=ANY_BOUNCE_MESSAGE, BOUNCE_MESSAGE, BSF_SC0_SA074b, BSF_SC0_SA590, EMPTY_ENV_FROM, NO_REAL_NAME, SH_BIG5_05413_BODY_104\nX-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.83021\n Rule breakdown below\n pts rule name description\n ---- ---------------------- --------------------------------------------------\n 0.00 EMPTY_ENV_FROM Empty Envelope From Address\n 0.00 NO_REAL_NAME From: does not include a real name\n 0.21 SH_BIG5_05413_BODY_104 BODY: Body: contain "UNSUBSCRIBE"\n 0.20 BSF_SC0_SA590 Custom Rule SA590\n 0.20 BSF_SC0_SA074b Custom Rule SA074b\n 0.00 BOUNCE_MESSAGE MTA bounce message\n 0.00 ANY_BOUNCE_MESSAGE Message is some kind of bounce message\n<\/code><\/pre><\/p>\n\n Rule breakdown below\n pts rule name description\n ---- ---------------------- --------------------------------------------------\n 0.00 NORMAL_HTTP_TO_IP Uses a dotted-decimal IP address in URL\n 0.00 NO_REAL_NAME From: does not include a real name\n 0.00 MIME_BOUND_MANY_HEX Spam tool pattern in MIME boundary\n 0.00 EMPTY_ENV_FROM Empty Envelope From Address\n 0.32 URI_HEX URI: URI hostname has long hexadecimal sequence\n 0.00 IP_LINK_PLUS URI: Dotted-decimal IP address followed by CGI\n 0.50 WEIRD_PORT URI: Uses non-standard port number for HTTP\n 0.00 HTML_MESSAGE BODY: HTML included in message\n 0.20 BSF_SC0_SA590 Custom Rule SA590\n 0.50 BSF_RULE7568M Custom Rule 7568M\n 0.50 BSF_RULE_7582B Custom Rule 7582B\n 0.00 BOUNCE_MESSAGE MTA bounce message\n 0.00 ANY_BOUNCE_MESSAGE Message is some kind of bounce message>\/code>\n \n\nThere were only five messages checked with SpamAssassin and this was the result:\n<code>\nX-Spam-Status: No, score=0.0 required=9.9 tests=HTML_MESSAGE\n autolearn=disabled version=3.3.2\nX-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) <\/code><\/pre><\/p>\n
\n\nX-ENA-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=3.554,\n required 4, BAYES_00 -2.20, DATE_IN_PAST_06_12 1.54,\n DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10,\n DKIM_VALID_EF -0.10, DMARC_PASS -0.00, ENA_BAD_OPTOUT 2.20,\n ENA_BAD_OPTOUT5 0.00, ENA_BAYES_OFFSET 2.20, HTML_MESSAGE 0.00,\n ENA_BAD_OPTOUT5 0.00, ENA_BAYES_OFFSET 2.20, HTML_MESSAGE 0.00,\n SPF_HELO_PASS -0.20, SPF_PERMERROR 0.20, T_SPF_PERMERROR 0.01)<\/code><\/pre><\/p>\n
\n\nX-Forefront-Antispam-Report:\n CIP:134.197.10.234;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:UC-Exchange1.unr.edu;PTR:InfoDomainNonexistent;CAT:NONE;SFTY:;SFS:(50650200002)(4636009)(136003)(396003)(346002)(376002)(39860400002)(1930700014)(46966005)(30864003)(78352004)(42882007)(336012)(26005)(7696005)(498600001)(45080400002)(2876002)(31686004)(8936002)(8676002)(2906002)(83380400001)(6916009)(55016002)(786003)(316002)(31696002)(82310400002)(70586007)(70206006)(66576008)(82740400003)(956004)(47076004)(81166007)(5660300002)(356005)(53652003)(559001)(579004)(299355004);DIR:OUT;SFP:1501;<\/code><\/pre><\/p>\nX-Failed-Recipients:<\/code>. This provided me with a clean list of 86% of the bounces.<\/p>\nTo: "<\/code>. This gave me more lines than bounced messages but by filtering out every line that didn\u2019t end in >, sorting the remainder and removing duplicate lines, I got it down to one line per address. 94% of the bounces.<\/p>\nTo: "<\/code> method alone. This probably happened because I had people in the database multiple times with slightly different name fields.<\/p>\nUnknown address error<\/code> messages that didn\u2019t fit any pattern for automatic filtering. They were only 1% of the total so I cleaned them up by hand. Nothing else popped out to me so I think I\u2019ll leave it at that.<\/p>\n","protected":false},"excerpt":{"rendered":"