Skip to content

Instantly share code, notes, and snippets.

@jorgecarleitao

jorgecarleitao/email.md

Last active September 16, 2025 16:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jorgecarleitao/67a4ddbad045229ef8a77ad415ac49c6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jorgecarleitao/67a4ddbad045229ef8a77ad415ac49c6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
email.md

Acceptance criteria

Send an email to https://www.mail-tester.com/ and https://www.mailgenius.com/ and it yields a score of 10.0/10.0

Assumptions

  1. You control the DNS of your email domain
  2. You have some control about the email server / provider
  3. You can modify the rDNS of your email server or provider

Info you need aheada

  • ipv4 of your email server or email provider: ${IP}
  • a domain of your email: ${DOMAIN}
  • the url of yout email server or provider: ${EMAIL_URL}
  • The DKIM pub key of the email server or provider: ${RSA_PUB}

Steps

Step 1 - MX DNS record

Place the record with priority 10 in your DNS:

MX 10 ${EMAIL_URL}

Step 2 - SPF protection

Place the record in your DNS:

TXT "v=spf1 a mx ip4:${IP} ~all"

Step 3 - DKIM protection

DNS TXT
rsa._domainkey.${DOMAIN}
v=DKIM1; k=rsa; h=sha256; p=${RSA_PUB}

Step 4 - DMARC protection

DNS TXT
v=DMARC1; p=reject

Step 5 - rDNS protection

Set the rDNS of your email server (or email provider should allow to change this) to point to ${EMAIL_URL}.

Step 6 - Whitelist IP from Barracuda

Barracuda tends to list IPs that have default (or non-valid) PTR records, which means most of our non-allocated IPs are listed there. As soon as a PTR record has been set, the IP is often automatically delisted. In case this does not happen fast enough, you (or we) can fill out the Barracuda removal form and the IP is then usually delisted within a few days: https://www.barracudacentral.org/rbl/removal-request

Since you have set a valid PTR record for the IP, we have filled out the removal form, and the IP should be delisted within a few days.

Step 7 - Whitelist IP from SpamRATS

SpamRATS have a fairly aggressive blacklisting policy, and will list entire /24 or even larger ranges if only a few IPs were caught being abusive, or having non-valid PTRs. Once an entire range has been listed, it is not possible to remove the range, it is only possible to remove individual IPs, and only if those IPs are being used for a mail server. This means we cannot proactively delist these IPs, even if it has been many years since the range initially got listed, or that happened before we got the range.

To delist an IP the official SpamRATS contact form can be used: https://www.spamrats.com/contact.php

For SpamRATS to delist an IP, they want to know who is running the mail server. This means that not only should there be a valid PTR (rDNS) record, but SpamRATS requires the domain in the PTR record to resolve to a website where contact information for the responsible company or individual can be found.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment