Inbound Email Requirements
Inbound Email Requirements avatar

From the 1st June 2024, in order to send emails to users on (or via) Spam Safe Mail, sending email servers need to adhere to the following strict standards for inbound emails…

Requirement Overview

Here is a quick at a glance overview of the requirements for sending to users on our service…

Required Notes
SPF record
PTR record Must match any A / MX record
A, MX record Must match PTR record
DKIM record
DMARC record
TLS TLS v1.2 minimum (TLS v1.3 preferred)
TLS v1.0 / v1.1 This version is compromised and unacceptable
Unencrypted Email Will be outright rejected
From Address From domain cannot be from a domain protected by us

Requirement Detail

For more technical details explaining the strict requirements further…

  • If your mail server is called “mail.acme.com” then the IP address it is sending from should have a reverse PTR DNS entry for “mail.acme.com”.  The A and MX DNS record should also point to “mail.acme.com”.  In the case of clustered email systems, we will check that the sending IP matches at least one of your A and MX records, and that matches your PTR record.
  • We will check the SPF DNS record for the domain that your mail server is asking to send from, ie, should mail server “mail.acme.com” try to send an email for, or on behalf of, “Joe@Bloggs.com”, then we will check the SPF DNS record for the domain “Bloggs.com” to ensure that “mail.acme.com” is allowed to send on behalf of “Bloggs.com”.
  • We will be checking DKIM records, and no longer allowing relaxed or soft failing.
  • We will be checking DMARC records, and hard rejecting emails with missing DMARC DNS records.
  • Your server will need to send inbound email with at least TLS v1.2 security enabled, preferably TLS v1.3 which will become a future requirement.
  • Lastly, you cannot send an email into us from outside our network purporting to be from an email domain protected by Spam Safe Mail.  If you have an application or webserver with this requirement, you will need a mailbox on our network in order for it to send email from.  We can then include all A, MX, PTR, SPF, DKIM, DMARC and TLS requirements, and, additionally provide full support for this mailbox.

For more information on the new Internet security standard for email, please click here, or on Google here.