Best Practices for running a mail server

Don’t hide behind anonymity.

Mail server domain whois should have an identifiable registrant organization, there should be a point of contact for any technical and abuse problems related to the mail server. If your registry hides registrant data, it might be a good idea to have a web site with the same name that’s not just showing a welcome message from an uninitialized CMS or hosting package. Mails sent to the abuse address must be read and acted upon, except for blatant spam of course.

Naturally, don’t send spam

Have all your users understand that sending unsolicited bulk/commercial mail is not acceptable and will lead to termination.

Have proper DNS setup


This is recomended to reduce spoofing.


Split off email submission

Use a separate submission port for authenticated and encrypted mail submissions from your users. Add authentication information in mail headers to make identifying hacked mail accounts possible.

Restrict addresses users can use

If possible, restrict the use of foreign From: addresses to trusted users and automatic software. Don’t let just anybody send mails from

Avoid creating backscatter

Either reject mails in the SMTP dialog or accept them. If you use spam detection software after SMTP acceptance, it should flag messages but still deliver them. There are cases such as autoresponders for vacations and mailing list software which will need to automatically send responses to sender addresses, but these should be monitored closely to detect abuse early.

SPF and Forwarding

Large Providers (gmail, Microsoft, etc)

If you want to send mail to recipients who have accounts at big email providers, be aware that all of the above cannot guarantee that these providers won’t reject your mail, put it straight into recipient’s spam folder or just silently discard it - they just impose their own rules on anyone and you virtually can’t do anything about it.