KB ARTICLE: Email Policy

The “ACCESSMY.EMAIL” mail exchange (MX) network will show warnings in your mail log/history to assist with resolving delivery issues. This is normal behaviour.

At all times it is assumed the administrator looking at this information understands the technical terms within this document and can perform diagnostics to check their own network issues.

Support requests

Normally limited to the network in our control and any issues that may exist on the external network is not part of our included support. If requested to perform diagnostic checks and assist with tasks beyond the “ACCESSMY.EMAIL” network then it will become chargeable at the standard technician hourly rate.

If you believe you need assistance delivering mail to recipients on the “ACCESSMY.EMAIL” network. Submit your email issue

Information regarding the sender domain name and the “To:” mail address will assist with any support request. Additional information may be required to communicate further, telephone number and GMT hours of contact as different time zones may be required.

Bulk email / Mailing lists

If your intention is to reach out to multiple email recipients with genuine products, services and/or updates, use a professional mass mailing service like http://mailchimp.com that has an un-subscribe feature. This may be an inconvenience to you initially but to prevent spam and phishing scams the “ACCESSMY.EMAIL” network will reject bulk email that does not provide a working un-subscribe function.

Having the right tools to reach multiple email recipients will save you and your business time and help your recipients trust your entity / brand. Please consult with your I.T. company or advisor regarding usage and setup of mass mailing services.

Users sending emails of the same email item with recipient counts of 10 or more recipients is classed as mass mailing is not supported on the “ACCESSMY.EMAIL” network, detection of mass mailing delivery via our network will result in suspension of mail delivery for the offending domain until issues are resolved.

Honeypot email lists

To prevent spam and phishing scams the “ACCESSMY.EMAIL” network will reject emails sent to the honeypot mail list. This process is automated and dynamic and list content is not found on publically available blacklists.

Any sender email address can be removed by request from the honeypot blacklist provided the sender has updated their own recipient mailing list to use valid email addresses and has a working opt-out policy adhered. Submit your email issue

RBL (Real-Time Black Listing)

RBL is a common issue for networks with blacklisted IP address, dynamic IP addressing and known (or victims of) malware/spamming programs.

Please check this website http://www.anti-abuse.org/multi-rbl-check before assuming any network is delivering mail as normal. Issues that may exist on any external network is not part of our standard services and will incur support charges if requested to assist beyond the “ACCESSMY.EMAIL” network.

If you are sending legitimate emails, you can submit an exception. Submit your email issue

Greylisting

For mail servers that behave according to Internet standards, your message will be delivered. However, your mail delivery may be initially delayed a few minutes.

Some email delivery servers do not follow email standards regarding greylisting and may require further support. If you are sending legitimate emails, you can request an exception. Submit your email issue

Domain name not resolving

For mail servers that behave according to Internet standards, your message will be delivered. However, using a invalid domain name that cannot be resolved using standard DNS queries will fail as it does not exist and cannot be replied to.

*If your domain name has just been setup, please wait 24hrs for DNS updates to complete (DNS propagation)

Valid SMTP hostname

Please note invalid hostname error notification is due to the sending SMTP server's and not the recipient.

This affects email senders that are typically using genuine email services that are simply mis-configured. Over time with IP address changes and DNS not set correctly during a change or initial setup can easily be missed and is easily resolved by the senders mail administrator or service provider.

Note, Google, Office365 and other large scale email hosting email providers do manage reverse DNS (rDNS or PTR), so is generally a side effect issue for self-hosted email operators.

A Valid hostname lookup for SMTP traffic is based on two parts of DNS to have a fully qualified host name

1 SMTP sending service has a correct DNS A record that must resolve to the current IP address used by the sending host.

2 SMTP sending service Reverse DNS (PTR) need to be matching the set DNS A record.

A RECORD
Genuine email services should be setup with a resolving DNS name for the sending IP address used to send your emails. The majority of malcious senders using email SMTP services to deliver junk/phishing will find it nearly impossible to have a valid DNS hostname for such activities and remain out of IP blacklists for any length of time. (Postmasters need to beware that it is possible that malicious emails can be delivered from compromised SMTP server/mailboxes that already have a valid DNS hostname).

See external link to test your SMTP sending DNS A record matches the expected IP address: https://mxtoolbox.com/SuperTool.aspx?action=a:replace-with-your-hostname

PTR RECORD
If you are unable to update your reverse PTR name for a IP address used to match the DNS A record, then use a SMTP smarthost to do the email delivery for your domain name. Email services should not be hosted from dynamic IP's and some ISP's may not offer a reverse DNS (rDNS or PTR) option.

Additionally, do not have more than one reverse DNS (rDNS or PTR) record per IP address.
When a email arrives, at that exact time of DNS lookup of the SMTP sender IP address there is no guarantee the DNS reply provided by the reverse DNS (rDNS or PTR) will match the A record - This is a seperate DNS lookup so both DNS A and reverse DNS (rDNS or PTR) must match at all times.

See external link to test your sending your IP's reverse DNS: https://mxtoolbox.com/SuperTool.aspx?action=ptr:replace-with-your-ip

SMTP HELO ADVISORY
Please ensure your SMTP service says its DNS HELO hostname and that this hostname matches the IP address advertised. (see your operating system support pages on updating the advertised hostname SMTP banner)

SPF (Sender Policy Framework)

For mail servers that behave according to Internet standards, your message will be delivered. However, external networks using Sender Policy Framework DNS settings may not allow for mail forwarding and will produce an error stating xyz mail is not allowing to be delivered.

If you have received an email notifying you (the email sender) that your email cannot be delivered to the recipient due to SPF policy/notice, please consult with your I.T. consultant as this is either the sent email forwarded by the receiving mailbox (recipient's mail service) or a sender domain name issue, the latter can be easily fixed with a corrected DNS TXT value. https://en.wikipedia.org/wiki/Sender_Policy_Framework

*Forwarding mail is not recommended, consider using a mail fetch service to avoid delivery issues as forwarding email will be rejected when a strict SPF policy is implemented.

Embedded html/web links

Messages containing web links to potentially malicious files will be rejected. If your message is for legitimate purposes, try resending your message without links to websites, signature and any images.

Common issues with messages can be a compromised company website, hidden links in text or a compromised mailbox sending messages with malicious links. Compromises can be current or past security events.

If you are sending legitimate emails, you can request an exception. Submit your email issue

Phishing emails ("fishing")

The “ACCESSMY.EMAIL” network protects users from domain sitters and phishing emails by rejecting look-a-like domain names that are used to look similar to an existing domain name.

These look-a-like emails aim to trick the email user by presenting a email that is typically sent internally within the business.

Example, your company is using @salescompany.com for business email, but a sender using domain email @sa1escompany.com asking your accounts department to make a payment for company xyz. This is a phishing attempt (note how the L is replaced by the number one within "sa1escompany.com").

Phishing emails with double angle bracket sets

The use of two double angle bracket sets "<>" by email senders is not allowed. This technique is used to take advantage of a feature in mailing clients such as Microsoft Outlook called "Friendly Names" in an attempt to obscure the actual sender's email address. This will be automatically rejected.

Example of two double angle bracket sets: "A Name Here <person-i-know@yourcompany.com>" <abc123-scammer@hotmail.com>, this only occurs due to sender misconfiguration or phishing emails and the "Friendly Names" feature shows this as "A Name Here <person-i-know@yourcompany.com>". This is compared to a genuine email and the "Friendly Names" feature showing this as "A Name Here".

URL Redirects / Shortening

Usage of tools to make a long internet links look shorter to the human eye is done by using URL Shortening services. These are tools used by genuine services, however, these tools are also used by malicous email senders to hide un-safe internet links from antivirus scanners and email blacklists. We cannot allow URL Shortening links to pass through the ACCESSMY EMAIL NETWORK and recommend genuine services avoid using such tools and keep the actual internet links showing in plain view.

You can read more on the topic https://en.wikipedia.org/wiki/URL_shortening.

Mail client software or services

Known email delivery services that generate high rates of junk content are rejected, software used for spamming automation is also blocked. If you are a user of older applications like Microsoft's Outlook Express (Only found on Windows XP and earlier), please move to newer up-to-date operating system or at the very least use alternative software like Mozilla Thunderbird. Alternatively use webmail service supplied by your email provider (ie gmail.com, outlook.com etc).

TLD domain names

All common TLD (Top Level Domains) using examples like .com .net .co are accepted with standard mail policies applied, new TLD domains like .xyz .faith .news are rejected.

If you are sending legitimate emails, you can request an exception. Submit your email issue

Discarded emails

Mail deliveries from known spamming or abusive senders will not be notified of failed/bounced deliveries.

SMTP client services

Only by application, the “ACCESSMY.EMAIL” network can offer SMTP relay and custom whitelist and blacklist services.

*Monthly service costs apply.