One of the most annoying thing that can happen to your brand is having your emails flagged as spam.This usually happens when when your Ip address is blacklisted for sending spam,improper authentication records i.e the domain does not exist or poor formatting in the email,
In phpmailer sometimes it may be caused by writing a wrong from email or non existent email address.
Why A Legit IP Address Gets Blacklisted
IP blacklisting is probably the most common concern for users on shared web hosting .
By default, when you signup for web hosting, your account is placed on a “shared” IP address meaning many different websites are using the same IP.
For example, let’s say I purchase a Cloud Web Hosting account with the domain moviesmonga.com. When its setup on our cloud, it’s going to share an IP address with many other websites on the node.
If just one of these websites fails to update their WordPress, uses weak wp-admin credentials, or uses weak credentials on an email account, a spammer can compromise and send out malicious emails.
Prevent email spamming using the following measures
Using A Dedicated IP Address
The most common solution to prevent IP blacklisting is to order a dedicated IP address with your web hosting account for KES 3200/year (about KES 267/mo).
Using a dedicated IP address on your domain gives the appearance to the outward Internet that you’re on a dedicated server.
Since it’s not shared with any other website, you don’t have to worry about other websites that have failed to update WordPress, are using weak security credentials, etc.
Most of our customers that rely on their emails being delivered will chose to go this route.
We’ve found this greatly helps such situations! You can also always add additional IPs for the cost above.
Setting Up Proper Authentication Records
IP aside, there are some email authentication records that should be configured with your DNS so incoming email servers can validate the emails are legitimate:
- rDNS – Reverse DNS records allow the inbound email server to check the IP and ensure a legitimate domain is attached to it. If there is no domain attached to the IP, it’s a red flag. By default all IP addresses at NameHero will include this record to the server’s hostname. While this is certainly better than not having a record, it’s not as good as having it attached to the actual domain. With a shared IP address, that’s not possible, so a reason to have a dedicated IP.
- DKIM – DomainKeys Identified Mail is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam. Proper records tell the inbound mail server the email is legitimate.
- SPF – Sender Policy Framework is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam. As with DKIM, proper records also inform the inbound mail server the email is from the actual owner of the domain; hence is legitimate.
By default, cPanel sets up these records automatically as long as your DNS resolves to Uxtcloud (i.e. our nameservers).
You can easily check these records by going to cPanel -> Email Deliverability:
From here, you can see if any problem exists:
This screenshot tells us there is an issue with the rDNS record. If you click on “manage” it will provide specific details:
rDNS Record
For this example, the website keydiets.com is using a shared IP address, hence the rDNS record points back to the hostname.
While this doesn’t mean all emails are going to end up in Spam, some maybe blocked depending on the configuration of an inbound mail server.
The solution to correct this is to have a dedicated IP address with your domain set as the rDNS.
If you have a dedicated IP, our team has to manually set the rDNS record on the network level, which you can have completed by logging a new support ticket.
DKIM Record
The DKIM record should always be “valid.” If it’s not, you should make necessary corrections.
Inside of cPanel -> Email Deliverability -> Manage you can verify this and also automatically make changes to correct it (as long as you’re using our nameservers):
As you can see in this example, the record is present and no further action is required.
If you’ve recently migrated your account from another web host, you may need to correct this. Additionally, if you’re using a third-party DNS provider such as Cloudflare or Easy DNS, you’ll need to login to their control panel and add this text record manually.
SPF Record
Just like the DKIM record, the SPF should always be “valid.” If not, you may run into email deliverability issues, and should take necessary steps to correct:
If you’re using our nameservers and created the account with us (i.e. not migrated) it should be automatically set.
If you’ve migrated from another web host or are using third-party DNS, you may need to make necessary changes. Thankfully this interface inside of cPanel makes things pretty easy.
Additionally, if you’re sending mail from external sources (i.e. third party software vendors, Gmail, Yahoo, etc.) you may need to customize this record to let inbound mail servers know it’s you and not someone spoofing you.
This can easily be completed by clicking the “Customize” link below the “Value” field:
Some of these settings can get a bit confusing, therefore I recommend clicking the question mark icon beside each to get a full explanation of what each one means.
Additionally, you should always consult/refer to whatever third-party application you’re using to get their suggestions. Most will tell you exactly what you need to add.
Check Your Email Formatting
If you’re sending bulk emails (i.e. more than a couple people at once) you should check your formatting to make sure it doesn’t appear to be Spam.
Fairly often we’ll see some customers sending 100% legitimate emails to their customers but their formatting is poor and it’s coming off as Spam (sometimes even being flagged by our security team).
In short, there are many tools out there, such as Mail-Tester, where you can actually send your email to them and they’ll tell you rather it looks like Spam or not.
It’ll also verify the records mentioned above, helping you cover all your bases.
Security Prevention
Finally, it’s very important to take security measures to ensure your account is secured to prevent it from being compromised, rendering all the work completed useless.
As mentioned above, spammers will often compromise legitimate hosting accounts as they know they can easily “inbox” their scams from accounts with proper records setup.
Along with our real-time malware scanning, automatic software patching, and dedicated security team, there are some very simple things you can do:
- Keep WordPress/software updated – You always want to be running the latest version of WordPress including your plugins and themes. Our automatic patching will “buy” sometime if updates cannot be made immediately, but they should be conducted within a reasonable amount of time.
- Use secure passwords – If you can remember your password, it’s not secure. You should use the password generator inside of cPanel to create FTP, email, and other accounts (including your wp-admin login). Use a password manager such as LastPass or 1Password to keep track of them all.
- Scan your computer regularly for viruses – Most viruses on computers include key loggers to try and compromise such accounts. Keeping your computer clean is also a big step for security.
If you complete these three things on a regular basis, you’ll rarely ever have a security event on your hosting account. Unfortunately so many customers will ignore this until it’s too late. Don’t let that be you!
At Uxtcloud we have many proactive measures in place to prevent this including a dedicated security team that’s specifically looking for such activity 24x7x365.
While we’re able to prevent most, some are able to slip through, and while we mitigate them quickly, it only takes a couple emails to get an IP blacklisted.
Do you need email hosting?Click here to order with us a webmail email hosting.You can also use third party email providers i.e google and zoho,for google you have to pay for it on a monthly basis same to zoho ,the only difference is that zoho has a free basic package for startups.
