I run my own Postfix email server for my personal mail, and for several other domains via virtual hosts. Between several different software packages, protocols, standards, and 3rd parties involved in email it's difficult to track down problems in certain circumstances.
Our server was getting added to blacklists and being blocked outright by some mail providers. Considering the volume we produce - tens of emails for a single day, if we're busy - I was very perplexed by this. We don't have DKIM/SPF configured, but it seemed a little harsh to consider us reject-able solely based on that.
Recently I discovered part of the problem. I was visiting my Mother, who also uses my email server, and she mentioned that gmail was blocking her messages. Anyone with a gmail address was rejecting her messages, 100% of the time. I asked her to give it a try while I was visiting this summer, and saw that she was getting a DKIM error message. Strange, because we don't use DKIM...
...but GoDaddy does. My mother registers her domain with GoDaddy, and uses their web site services, and manually switched her MX records to point to my domain. What I didn't realize is that GoDaddy had additional auto-generated DKIM and SPF records that were referencing their email server, which had been left in place.
When a receiving mail server checked SPF or DKIM, they would use GoDaddy's email server - which correctly responded that they didn't know anything about
mail.fragdev.net. That would mark any of Mom's messages as invalid and/or spammy, and hurt our mail server's reputation in the process.
We've corrected the error, but I'm still waiting to see if it improves the server's standing and removes it from some of the blacklists it's been added to. I still have to implement SPF and DKIM myself, but there are challenges when you host mail for so many different groups. This is why it's common wisdom that you should never host your own mail server!
Tags: server dns mail