Creating a fully ‘safe’ and trusted e-mail domain for Hotmail/Gmail


We recently encountered a lot of issues when trying to e-mail to Hotmail, Live.com or Gmail users – all email messages turned up in the Junk folder. This was odd since we didn’t alter anything on our side and we know for a fact that our clients don’t send any spam out.

The past few years company’s are trying to fight spam off through several ways and these methods were largely expanded by company’s like Google, Apple and Hotmail. Actually, yesterday even the dutch bank ING announced to use a new technique called DKIM. This is just one of the new techniques that large e-mail providers are implementing right now to right spam.

I will list all available techniques right now that are needed to be on the ‘safe’ side while sending e-mail to these domains.

SPF Records
From Wikipedia:
Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS).

Though we already implemented SPF in our DNS servers for most of our clients i couldn’t get my head around the fact that Hotmail was complaining it couldn’t find the SPF records in our name-servers. It turns out that hotmail wants to see these records both as TXT as well as SPF type records; it does a check on both! For more information about SPF and what it does, read more on Wikipedia.

Basicly this would mean you have 2 identical records in the name-servers, in case of bind9 this would be:
domain.com. IN SPF “v=spf1 a mx ~all”
domain.com. IN TXT “v=spf1 a mx ~all”

Then your good to go on this topic but not yet done !

Sender ID (SIDF)
This one is designed by our friends at Microsoft (yaay!) to prevent there clients from receiving spam (i can hear you think, hotmail.com and no spam ?? .. exactly). Well, anyway this is only useful if you are aiming for Hotmail.com/Live.com users or the new Outlook.com – Gmail doesn’t seem to use it.

To use Sender ID you have to set up both the SPF record (above) which is the version 1 SPF record, and the SPFv2 record.This should look something like this:
spf2.0/pra a mx a:mail.wipa.nl ip4:171.25.179.25 ?all

DKIM
DKIM Signatures allow the signing domain to claim responsibility for an email. You can find a very good how-to here and here using Postfix, Sender ID, SPF and DKIM.

Once you have configured all of the above mentioned items you are good to go!