Adjust e-mail to let it pass through spam filters

Spam filters are far from being perfect. This guide describes what you can do if your legitimate e-mails keep getting blocked by spam filters.


Sign e-mail with DomainKeys and DKIM

DomainKeys technology and its newer version DKIM allow the receiving part to check if the incoming e-mail is indeed sent from the e-mail address which appears in the message. Spammers usually forge addresses in e-mails and therefore can't sign e-mails with DomainKeys and DKIM. If your e-mail has a valid DomainKeys and DKIM signatures, the chances the receiving part will consider it spam will reduce significantly.

Note that DomainKeys/DKIM signing must be the very last thing you during creating the e-mail. If you modify the e-mail content after the signature has been created, it will become invalid.

To support DomainKeys/DKIM, you need a pair of certificates:

Certificates can be created with OpenSSL tool. Unlike SSL and S/MIME certificates, self-signed DomainKeys/DKIM certificates are perfectly OK. Just make sure the certificate's private key is at least 1024 bits strong.

When the receiving part gets an incoming message signed with DomainKeys/DKIM, it validates that the message is not altered using the signature in the message and the public certificate on your server. This assures that the message was sent by someone who has access to the private certificate for this server.

Even if spammer was able to send e-mail through your server (e.g. the server is open relay), the spammer will be unable to properly sign e-mails without access to the private certificate. Of course, the private certificate must be kept in a safe place. Do not give it to anyone! If you have external (but legitimate) users which need to send e-mail through your server and sign with DKIM/DomainKeys, implement server-side signing of their e-mails instead of giving the certificate to them.

All types and classes related to DKIM/DomainKeys reside in MailBee.Security namespace. Also, MailMessage object provides a convenient MailMessage.DomainKeysSign method for quick access to the "sign with DKIM/DomainKeys" function.

The sample below signs the message with DomainKeys and DKIM. The sample assumes that the DK/DKIM public key resides in DNS TXT record named dk._domainkey.company.com and the corresponding private key resides in C:\Temp\rsa1024.private file:

Smtp mailer = new Smtp();

// Set the message properties.
mailer.Message.From.Email = "john.doe@company.com";
mailer.Message.To.Add("jane.doe@example.com");
mailer.Message.Subject = "Hello";
mailer.Message.BodyPlainText = "Hello, Jane, can we meet today?";

// Sign the message with DomainKeys and DKIM.
mailer.Message.DomainKeysSign(false, null, @"C:\Temp\rsa1024.private",
    true, "dk", DomainKeysTypes.Both);

// Send the message via SMTP server (authentication is enabled).
mailer.SmtpServers.Add("mail.company.com", "john.doe@company.com", "secret");
mailer.Send();
Dim mailer As Smtp = New Smtp()

' Set the message properties.
mailer.Message.From.Email = "john.doe@company.com"
mailer.Message.To.Add("jane.doe@example.com")
mailer.Message.Subject = "Hello"
mailer.Message.BodyPlainText = "Hello, Jane, can we meet today?"

' Sign the message with DomainKeys and DKIM.
mailer.Message.DomainKeysSign(False, Nothing, "C:\Temp\rsa512.private", _
    True, "dk", DomainKeysTypes.Both)

' Send the message via SMTP server (authentication is enabled).
mailer.SmtpServers.Add("mail.company.com", "john.doe@company.com", "secret")
mailer.Send()

We assume that MailBee, MailBee.Mime, MailBee.SmtpMail and MailBee.Security namespaces are already imported and MailBee.Global.LicenseKey is specified (in the code or in app.config or web.config file). To learn more, refer to Import namespaces and set license key topic.

Other notes:

To read more on DomainKeys/DKIM, refer to DomainKeys class. It provides more explanations and features in addition to MailMessage.DomainKeysSign method.


General suggestions

Although DomainKeys/DKIM is a powerful tool to satisfy spam filters, it's often not sufficient (or even not possible to use at all if you are not an administrator of the server and thus cannot add entries to its DNS records).

What else you can do with the server (if you're the server's admin):

What else you can do with the e-mails you're creating (if you're just a user):


Send feedback to AfterLogic

Copyright © 2006-2024 AfterLogic Corporation. All rights reserved.