Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The whole IP reputation problem seems to mostly be a Google/Microsoft problem.

Unfortunately, most of the world seems to use one of those two platforms.

Routing mail to those two services via a third party seems like the wisest choice. May I ask how you implemented that?



I use exim4. So after doing the usual SES setup, I can change the smarthost router to look like this:

  SMARTHOST_FOR_MS = email-smtp.us-east-2.amazonaws.com::587
  smarthost:
    debug_print = "R: smarthost for $local_part@$domain"
    driver = manualroute
    domains = ! +local_domains
    transport = remote_smtp_smarthost
    route_list = hotmail.com SMARTHOST_FOR_MS byname ; \
                 live.com SMARTHOST_FOR_MS byname ; \
                 outlook.com SMARTHOST_FOR_MS byname ; \
                 msn.com SMARTHOST_FOR_MS byname ; \
                 live.co.uk SMARTHOST_FOR_MS byname ; \
                 hotmail.co.uk SMARTHOST_FOR_MS byname ; \
                 * DCsmarthost byname
    host_find_failed = defer
    same_domain_copy_routing = yes
    no_more
If there was a much larger list of problem destinations I'd maybe do something nicer involving separate routers and a domainlist, but those cover all the cases that are broken right now.


How about custom domains hosted on m365?


Interestingly, I've not had a problem delivering directly to those (except the time I switched to an IP block with a bad rep and couldn't deliver anything anywhere directly at all); it's just the ones on the list above that don't like me.

Mysterious and ineffable are the ways of Microsoft.

(note that their MX record is usually a *.protection.outlook.com entry regardless of the custom domain, so I'd use that to bootstrap a rule if I had a more general problem with Microsoft)


how does that work with SPF, DMARC, DKIM?

don't you have to authorize email-smtp.us-east-2.amazonaws.com to send email on your behalf?

if you don't wouldn't every spammer use that?

also, how much does that cost? i don't need to send more than a dozen email per year like that.


Yes, you do need to include:amazonses.com in your SPF. Amazon aren't too bad at kicking spammers off SES promptly. More importantly, Amazon doesn't sign for DKIM - your server still does that; so no-one else gets to DKIM for you; and you can set the DMARC policy to require both.

SES currently charges $0.10 per 1000 outbound emails. The first 3000 mails are free. I received my first official bill for $0.02 after around two years of use.

Do investigate other relay services. I only stopped at SES because I was in a mad rush and it was the first one I tried that did everything I needed, without bouncing or getting filed to trash on any services I cared about. I have done nothing like a full survey of the market, and there may well be a better option. It is the general approach I am suggesting, not trying to shill SES specifically despite what it may look like.


"not trying to shill SES specifically"

i didn't assume that. obviously you can only talk about the one that you are using, and while the general setup applies to other such services, i can now file SES as an option that works. and with that price point i am probably going to be to lazy to look for alternatives. (although i should check if the email service i am already paying can do that too without requiring me to send all emails through them)


Excellent, thank you!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: