2
WHITE PAPER The Role of DNS in Email Deliverability BOOSTING EMAIL DELIVERABILITY: THE ROLE OF DNS e spam battle is escalating: as ISPs get better at identifying and blocking unsolic- ited email messages, spammers are trying harder to make it past filters. One of the ways they get around filters is by making their unsolicited spam look like your “ham” (legitimate email). Your mail gets blocked because, in one way or another, your mail looks like spam to your recipients’ ISPs. How can you ensure your legitimate mail isn’t mistaken for spam? You probably already know that certain words, however innocuous, can be suspect when found in the subject line of an email message (think “teen”, “loan” or “credit”). But what In order to have a complete DNS record, you need to have a static IP address for your email server. you might not know is that many ISPs may be blocking your mail before they even see the subject line. Why? Because they can’t be sure that you are who you say you are. is is why your Reputa- tion Score is so important. Until you establish a good Reputation Score, many ISPs may block your email before your reader even sees the subject line. Helping ISPs verify your identity therefore is a crucial part of en- suring that your email messages make it to the recipient’s inbox. Your email can get past this first delivery hurdle if you (1) have a static IP address, (2) have both forward and reverse DNS set up for your domain name, and (3) have all authentication proposals in place such as your Sender ID, Domain Keys and SPF record. What is DNS? DNS stands for Domain Name System, and it’s how computers find each other on the Internet. DNS is like one giant phone book in which you can look up a domain name and find the IP address of the computer to which you’d like to connect. For example, if you wanted to send email to us here at Lyris, your mail server would perform a DNS lookup to determine where to send it. is DNS lookup lets you send mail to the easily-remem- bered [email protected], instead of to [email protected], the IP address to which our mail is routed. The Importance of a Static IP Address In order to have a complete DNS record, you need to have a static IP address for your email server. Static IP addresses are generally used by web and email servers. Generally speaking, a static IP address is “assigned” to a particular computer, and it stays the same, more or less (hence the “static” part of the term). A dynamic IP address, on the other hand, changes every time the computer connects to a network or the Internet. Dynamic IP addresses are typically used by individual users with dial-up or DSL accounts on personal computers. Such users are not typically sending their email directly to recipients; instead, they’re sending their email to their ISP’s email server, which is then responsible for the actual sending and receiving of their email. Usually, you can’t make a complete DNS record for a dynamic IP address, and they are typically not used for email servers. Some email list management programs like ListManager won’t even function correctly if they are configured with dynamic IP addresses. ISPs typically won’t accept email sent directly from “here today gone tomorrow” email servers using dynamic IPs, since these messages are likely to be from a virus-infected computer or a spammer.

547 dns-role

Embed Size (px)

Citation preview

Page 1: 547 dns-role

WHITE PAPER

The Role of DNS in Email Deliverability

BooSTiNg Email DElivERaBiliTy: ThE RolE of DNS The spam battle is escalating: as ISPs get better at identifying and blocking unsolic-ited email messages, spammers are trying harder to make it past filters. One of the ways they get around filters is by making their unsolicited spam look like your “ham” (legitimate email). Your mail gets blocked because, in one way or another, your mail looks like spam to your recipients’ ISPs.

How can you ensure your legitimate mail isn’t mistaken for spam? You probably already know that certain words, however innocuous, can be suspect when found in the subject line of an email message (think “teen”, “loan” or “credit”). But what

in order to have a complete DNS record, you need to have a static iP address for your email server.

you might not know is that many ISPs may be blocking your mail before they even see the subject line. Why? Because they can’t be sure that you are who you say you are. This is why your Reputa-tion Score is so important. Until you establish a good Reputation Score, many ISPs may block your email before your reader even sees the subject line.

Helping ISPs verify your identity therefore is a crucial part of en-suring that your email messages make it to the recipient’s inbox. Your email can get past this first delivery hurdle if you (1) have a static IP address, (2) have both forward and reverse DNS set up for your domain name, and (3) have all authentication proposals in place such as your Sender ID, Domain Keys and SPF record.

What is DNS? DNS stands for Domain Name System, and it’s how computers find each other on the Internet. DNS is like one giant phone book in which you can look up a domain name and find the IP address of the computer to which you’d like to connect.

For example, if you wanted to send email to us here at Lyris, your mail server would perform a DNS lookup to determine where to send it. This DNS lookup lets you send mail to the easily-remem-bered [email protected], instead of to [email protected], the IP address to which our mail is routed.

The importance of a Static iP address

In order to have a complete DNS record, you need to have a static IP address for your email server.

Static IP addresses are generally used by web and email servers. Generally speaking, a static IP address is “assigned” to a particular computer, and it stays the same, more or less (hence the “static” part of the term).

A dynamic IP address, on the other hand, changes every time the computer connects to a network or the Internet. Dynamic IP addresses are typically used by individual users with dial-up or DSL accounts on personal computers. Such users are not typically sending their email directly to recipients; instead, they’re sending their email to their ISP’s email server, which is then responsible for the actual sending and receiving of their email.

Usually, you can’t make a complete DNS record for a dynamic IP address, and they are typically not used for email servers. Some email list management programs like ListManager won’t even function correctly if they are configured with dynamic IP addresses.

ISPs typically won’t accept email sent directly from “here today gone tomorrow” email servers using dynamic IPs, since these messages are likely to be from a virus-infected computer or a spammer.

Page 2: 547 dns-role

WHITE PAPER The Role of DNS in Email Deliverability2

lyris, inc. | 5858 horton Street, Suite 270 | Emeryville Ca 94608 USa | www.lyris.comToll free 888.GO.LYRIS (465.9747) | International calls 510.844.1600 | Fax 510.844.1598 | Customer support 888.LYRIS.CS (597.4727) or 571.730.5259

Having a static IP is analogous to having a consistent phone num-ber or physical address—it tells the world you’re stable in that location and that you plan on being around in the future.

As deliverability expert Robb Wilson of Lyris puts it, “you’re building a relationship with ISPs, and your relationship is inte-grally linked to that IP address. A lot of companies think that they can’t afford a static IP address, but that’s not true at all anymore. They’re very affordable these days.”

DNS, Backwards and forwards

Because DNS is such an important way of establishing identity on the Internet, spammers will often forge domain names or IP addresses to hide where their mail is coming from. To detect these forgeries, ISPs often perform what’s called a reverse DNS lookup on incoming messages.

A forward DNS lookup begins with the domain name, and checks to see which IP addresses are associated with it. A reverse DNS lookup takes the IP address that’s trying to make the connection and checks to see if there is a registered domain associated with it.

For example, if an incoming message claims to be coming from the 66.160.177.11 IP address, an ISP would look up the domain to see if it resolves to lyris.com. If it doesn’t, the message may be a forgery, or the hapless sender may not have a correct DNS entry. In either case, the message will most likely be identified as spam (when ISPs block spam, they shoot first and ask questions later—if at all).

You can help ISPs verify your identity by making sure that your DNS entry is complete and correct. To make sure your domain has all the correct entries, you can use a web site like http://www.dnsreport.com/. If you have any questions about the entries there, the person or organization responsible for your domain should be able to answer them and make any necessary adjustments.

So where does SPf come in?

A newer form of authenticating incoming email is SPF, or Sender Policy Framework, which was created to help prevent spammers from damaging the reputations of reliable publishers.

In a nutshell, SPF is a more specific DNS entry that lists which IP addresses are approved to send mail for your domain. If a con-

nection comes from a different IP address than that specified in the record, the recipient may rightly suspect a forgery and reject the message as spam. To learn more about SPF, or to learn how to make an SPF record for your domain, see http://spf.pobox.com/.

SPF has not been universally adopted, and not all ISPs check for it. But of the many systems proposed to prevent forgeries, it’s the most widespread and the most easily implemented.

and finally

Performing these types of DNS lookups is an easy way for ISPs to differentiate legitimate email publishers from those who are out to scam their customers. Correcting DNS issues won’t guarantee that your email gets delivered, but it’s a kind of hand-raising gesture that identifies you as a conscientious Internet citizen and displays a willingness to be checked out by the organizations that process your messages. By using a static IP address, having both forward and reverse DNS set up for your domain name and adding SPF information to your record, you’re letting the ISPs know that you’re one of the “good guys,” which makes it far less likely that your email will be mistaken for spam.

aBoUT lyRiS

Lyris, Inc. is the online marketing expert delivering the right mix of software technology and industry knowledge to help its customers simplify their marketing efforts and optimize campaign ROI. Through the delivery of the industry’s first on-demand integrated marketing suite, Lyris HQ, and knowledge-sharing community, www.lyrishq.com, to secure and reliable on-premise solutions, including Lyris ListManager, Lyris provides customers the right tools to optimize the management, collaboration and execution of their online and mobile marketing initiatives. These sophisticated, yet easy-to-use tools provide marketers a suite of best-of-breed applications for managing email marketing campaigns, publishing and managing Web site content, creating landing pages, optimizing Web sites and search engine marketing. Lyris’ solutions are available as software or as hosted applications and are used by agencies and more than 5,000 customers world-wide, from Fortune 500 corporations to fast growing startups. To find out more about Lyris’ products and services, please contactus at www.lyris.com.

http://www.lyris.com

lesson04 - Config and Manage DNS Server Role

lesson04 - Config and Manage DNS Server Role

Documents
Webinar DNS 1550 DNS 1100

Webinar DNS 1550 DNS 1100

Documents
Circular 547

Circular 547

Documents
Role of DNS in Botnet Command and Control

Role of DNS in Botnet Command and Control

Technology
Boletin 547

Boletin 547

Documents
Technical Impacts of DNS Privacy and Security on Network … · network security toolkit . Given the important and div erse role of DNS in network operations and policy enforcement

Technical Impacts of DNS Privacy and Security on Network … · network security toolkit . Given the important and div erse role of DNS in network operations and policy enforcement

Documents
DNS Operator Role in domain management€¦ · Registry (.ca) TLD DNS (.ca) 2nd Level (i.e. mynewdomain.ca) Hosting Provider Content Delivery Network (CDN) DNS Operator (Delegation)

DNS Operator Role in domain management€¦ · Registry (.ca) TLD DNS (.ca) 2nd Level (i.e. mynewdomain.ca) Hosting Provider Content Delivery Network (CDN) DNS Operator (Delegation)

Documents
24 547-558

24 547-558

Education
Networking:! UDP&!DNS! · Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu DNS servers yahoo.com DNS servers amazon.com

Networking:! UDP&!DNS! · Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu DNS servers yahoo.com DNS servers amazon.com

Documents
DNS Security: New Threats, Immediate Responses, Long Term ... · New Threats, Immediate Responses, Long Term Outlook ... Infoblox DNS Security Features Provid e ... The role of DNS

DNS Security: New Threats, Immediate Responses, Long Term ... · New Threats, Immediate Responses, Long Term Outlook ... Infoblox DNS Security Features Provid e ... The role of DNS

Documents
Holmes County, Florida Health Services Directory · NON-EMERGENCY NUMBERS 2 Police Fire Ambulance Bonifay 850-547-3661 850-547-2861 850- 547-4671 Esto 850-547-4421 850-263-0911 850-547-4671

Holmes County, Florida Health Services Directory · NON-EMERGENCY NUMBERS 2 Police Fire Ambulance Bonifay 850-547-3661 850-547-2861 850- 547-4671 Esto 850-547-4421 850-263-0911 850-547-4671

Documents
Passive DNS Hardening - Farsight Security...Introduction DNS Security Issues Passive DNS hardening DNSDB DNS Passive DNS ISC SIE Passive DNS I Passive DNS replicationis a technology

Passive DNS Hardening - Farsight Security...Introduction DNS Security Issues Passive DNS hardening DNSDB DNS Passive DNS ISC SIE Passive DNS I Passive DNS replicationis a technology

Documents
Everwood 547 Heavy Commercial Traffic - NRF Select · 2020. 8. 19. · 547 013 Gunstock 547 011 Rustic Charm 547 002 Glacier 547 005 Pewter Plate 547 003 Latte 547 016 Weathered Oak

Everwood 547 Heavy Commercial Traffic - NRF Select · 2020. 8. 19. · 547 013 Gunstock 547 011 Rustic Charm 547 002 Glacier 547 005 Pewter Plate 547 003 Latte 547 016 Weathered Oak

Documents
Configuring and Managing the DNS Server Role Lesson 4

Configuring and Managing the DNS Server Role Lesson 4

Documents
dns ile alakalı diyer kelimeler · dns failover 1300 0,36 17,75 euro dns 720 0,05 6,03 dns management 1300 0,5 7,92 dns registration 720 0,89 27,22 dns blacklist 1600 0,11 2,69 dns

dns ile alakalı diyer kelimeler · dns failover 1300 0,36 17,75 euro dns 720 0,05 6,03 dns management 1300 0,5 7,92 dns registration 720 0,89 27,22 dns blacklist 1600 0,11 2,69 dns

Documents
DNS Session 2: DNS cache operation and DNS debuggingbrian/doc/dns/dns2-presentation.pdf · DNS Session 2: DNS cache operation and DNS debugging ... the wrong answers if the authoritative

DNS Session 2: DNS cache operation and DNS debuggingbrian/doc/dns/dns2-presentation.pdf · DNS Session 2: DNS cache operation and DNS debugging ... the wrong answers if the authoritative

Documents
one piece 547

one piece 547

Documents
livrepository.liverpool.ac.uklivrepository.liverpool.ac.uk/3046422/1/R1 EBD 547 Testin…  · Web viewCyberbullying victimisation and mental distress: Testing the moderating role

livrepository.liverpool.ac.uklivrepository.liverpool.ac.uk/3046422/1/R1 EBD 547 Testin…  · Web viewCyberbullying victimisation and mental distress: Testing the moderating role

Documents
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address

Documents
547 gendergoodpractices(1)

547 gendergoodpractices(1)

Documents
Snippetz Issue 547

Snippetz Issue 547

Documents
Present 547

Present 547

Documents
Ukchinesetime 547

Ukchinesetime 547

Documents
547 gendergoodpractices

547 gendergoodpractices

Documents
Managing the Central Configuration - Cisco€¦ · 547 UDP DHCPv6clienttoserver 647 TCP DHCPfailoverservertoserver Cisco Prime IP Express 8.3 Administration Guide 2 ... last-ha-dns-role-switch-time

Managing the Central Configuration - Cisco€¦ · 547 UDP DHCPv6clienttoserver 647 TCP DHCPfailoverservertoserver Cisco Prime IP Express 8.3 Administration Guide 2 ... last-ha-dns-role-switch-time

Documents
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations

Documents
RIPE76 DNS Privacy measurements · DNS WG @ RIPE76 DNS Privacy Measurements Latest Measurements on DNS Privacy Sinodun ... Unbound . DNS WG @ RIPE76 DNS Privacy Measurements Test

RIPE76 DNS Privacy measurements · DNS WG @ RIPE76 DNS Privacy Measurements Latest Measurements on DNS Privacy Sinodun ... Unbound . DNS WG @ RIPE76 DNS Privacy Measurements Test

Documents
Networking:! UDP&!DNS! · 2018-06-27 · Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu DNS servers yahoo.com DNS servers amazon.com

Networking:! UDP&!DNS! · 2018-06-27 · Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu DNS servers yahoo.com DNS servers amazon.com

Documents
Special Education 547

Special Education 547

Documents
Brazilian News 547

Brazilian News 547

Documents