Email going to spam. Dmarc, dkim, spf settings to improve delivery rate?

I am trying to migrate my domains from cpanel and i did some testing to mail deliverability. Most times when i sent to microsoft (outlook hotmail) or gmail mail went to spam. (my droplet is new and not blacklisted)

i have set up reverse dns properly and also i added a dmarc record as following:

Webmin -> Servers -> Bind DNS Server -> Choose domain -> Choose type DMARC and finally i created the record adding 100 to percentage of messages to apply policy

After i did the following

Virtualmin -> Email Settings -> DomainKeys Identified mail and save.

My first question is if this is a proper way to create a DMARC and DKIM record. Should i do it manually for every virtual server? Second question is what else i can do in order to improve mail deliverability?

Thank you in advance

Alex

Status: 
Closed (fixed)

Comments

Ilia's picture
Submitted by Ilia on Fri, 04/10/2020 - 05:48

Hi,

Thank you for choosing Virtualmin!

If this is a proper way to create a DKIM record.

Yes. It's all correct and no further actions would be needed in the future, when new domains are added.

If this is a proper way to create a DMARC record.

Not exactly. You should rather go to Server Configuration/DNS Options and use DMARC record enabled option.

Should i do it manually for every virtual server (DMARC)

For DMARC records, you would have to edit Server Templates and its BIND DNS Domain and enable Add DMARC DNS record.

What else i can do in order to improve mail deliverability?

I would set DMARC policy to "reject". SPF record should still and also be enabled on mentioned DNS Options page above.

For DMARC records, you would have to edit Server Templates and its BIND DNS Domain and enable Add DMARC DNS record.

Thank you for your reply. Sorry for asking again but just to be sure. There is no a global option in order DMARC is enabled by default after a new virtual server created or migrated right?

Thank you

Ilia's picture
Submitted by Ilia on Fri, 04/10/2020 - 09:08

Thank you for your reply. Sorry for asking again but just to be sure. There is no a global option in order DMARC is enabled by default after a new virtual server created or migrated right

No, I don't think so.

However, in case you have hundreds of domains and doing it manually is difficult, you could use Virtualmin CLI to run mass update:

virtualmin modify-dns --domain name | --all-domains | --all-nonvirt-domains
                     [--spf | --no-spf]
                     [--spf-add-a hostname]*
                     [--spf-add-mx domain]*
                     [--spf-add-ip4 address]*
                     [--spf-add-ip6 address]*
                     [--spf-remove-a hostname]*
                     [--spf-remove-mx domain]*
                     [--spf-remove-ip4 address]*
                     [--spf-remove-ip6 address]*
                     [--spf-all-disallow | --spf-all-discourage |
                      --spf-all-neutral | --spf-all-allow |
                      --spf-all-default]
                     [--dmarc | --no-dmarc]
                     [--dmarc-policy none|quarantine|reject]
                     [--dmarc-percent number]
                     [--add-record "name type value"]
                     [--add-record-with-ttl "name type TTL value"]
                     [--remove-record "name type value"]
                     [--ttl seconds | --all-ttl seconds]
                     [--add-slave hostname]* | [--add-all-slaves]
                     [--remove-slave hostname]*
                     [--dns-ip address | --no-dns-ip]
                     [--enable-dnssec | --disable-dnssec]
                     [--enable-tlsa | --disable-tlsa | --sync-tlsa]

Thank you. No i have not hundreds only 30, it's not difficult to do it manually. I wanted just to avoid have in mind to do it every time i add a new virtual server but i will put a post-it memo on my screen! :-p

Thank you

Ilia's picture
Submitted by Ilia on Fri, 04/10/2020 - 10:23

I wanted just to avoid have in mind to do it every time i add a new virtual server

In this case, just make sure to enable it on Server Templates.

In this case, just make sure to enable it on Server Templates.

Yes! (i hope i did it right i added a screenshot!)

Thank you

Ilia's picture
Submitted by Ilia on Fri, 04/10/2020 - 11:07

Yes! (i hope i did it right i added a screenshot!)

Yeah, looks good.

Status: Active ยป Closed (fixed)