This is a short help article that describes common non- and misconfigurations that can impact the deliverability and integrity of the mail you send.
You can use the guidelines listed in this article to ensure that mail from you gets delivered to Zone and our customers.
Error messages
If you’ve had mail bounce with the reject message below, you should make sure that you follow the best practices listed below.
5.7.1 Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent, this message has been blocked.
Note: Zone does not allowlist anyone.
Best practices
The tips listed below are not unique to Zone and will help with deliverability elsewhere as well. In addition to deliverability, these guidelines help against cybercriminals impersonating you or your company.
How to exactly configure these aspects depends on the service provider(s). If this seems overly technical, it’s safer to ask for help from your provider.
There are various tools online, such as Hardenize, you can use to verify your domain’s current and modified configuration.
Here’s a list of things you should keep in mind when sending mail:
- TLS – Transport Layer Security
The most basic, most common and easiest to enable security feature. Enable and use transport layer encryption for mail you’re sending. No matter the actual contents of the mail you send, the letters should be protected in transit. - SPF – Sender Policy Framework
Make sure your domain has a SPF record and make sure it lists both IPv4 and IPv6 addresses from which you are sending mail from. At this point in time it’s not okay to send mail without explicitly authorizing origins that may do so. - DKIM – Domain Keys Identified Mail
Try to make sure that your mail is cryptographically signed. This should exist in parallel to SPF. In addition to integrity guarantees, it also makes it easier for your recipients. It allows your recipients to forward mail they received from you to their other addresses without allowing someone to forge your domain. - DMARC – Domain-based Message Authentication, Reporting and Conformance
DMARC is the glue between SPF and DKIM, making it possible to fine-tune how mail that violates a policy is dealt with. If properly configured alongside previously listed, it makes impersonating much much harder. It’s recommended that it’s configured to “p=reject” once you’ve set up DKIM and SPF, “p=quarantine” is a reasonable beginning.