From the 1st June 2024, in order to send emails to users on (or via) Spam Safe Mail, sending email servers need to adhere to the following strict standards for inbound emails…
Requirement Overview
Here is a quick at a glance overview of the requirements for sending to users on our service…
| Required | Notes | |
| SPF record |  |
|
| PTR record | |
Must match any A / MX record |
| A, MX record | |
Must match PTR record |
| DKIM record | |
|
| DMARC record | |
|
| TLS | |
TLS v1.2 minimum (TLS v1.3 preferred) |
| TLS v1.0 / v1.1 |  |
This version is compromised and unacceptable |
| Unencrypted Email | |
Will be outright rejected |
| From Address | |
From domain cannot be from a domain protected by us |
Requirement Detail
For more technical details explaining the strict requirements further…
- If your mail server is called “mail.acme.com” then the IP address it is sending from should have a reverse PTR DNS entry for “mail.acme.com”. The A and MX DNS record should also point to “mail.acme.com”. In the case of clustered email systems, we will check that the sending IP matches at least one of your A and MX records, and that matches your PTR record.
- We will check the SPF DNS record for the domain that your mail server is asking to send from, ie, should mail server “mail.acme.com” try to send an email for, or on behalf of, “Joe@Bloggs.com”, then we will check the SPF DNS record for the domain “Bloggs.com” to ensure that “mail.acme.com” is allowed to send on behalf of “Bloggs.com”.
- We will be checking DKIM records, and no longer allowing relaxed or soft failing.
- We will be checking DMARC records, and hard rejecting emails with missing DMARC DNS records.
- Your server will need to send inbound email with at least TLS v1.2 security enabled, preferably TLS v1.3 which will become a future requirement.
- Lastly, you cannot send an email into us from outside our network purporting to be from an email domain protected by Spam Safe Mail. If you have an application or webserver with this requirement, you will need a mailbox on our network in order for it to send email from. We can then include all A, MX, PTR, SPF, DKIM, DMARC and TLS requirements, and, additionally provide full support for this mailbox.
For more information on the new Internet security standard for email, please click here, or on Google here.
