I run an email forwarding services https://hanami.run so I can share quite a bit about this.
Oppose with what many said, delivery to gmail.com is easisest. Now, where it's land is another question. Their spam filtering also very quick to learn.
icloud and hotmail are the worst because no way to get unblocked. You just fill in the form and wait in the dark. If you got luckly enough, they work on your ticket and unblock the ip. And here is the thing, they outright reject connection so your email cannot event reach the spam inbox.
Any host providers that are cheap are most liklely has their IP blocked by proofpoint or microsoft already.
My strategy was to use server on Hetzner, then try to buy float IP then I can attach to any server. I have to try like 40 before I was able to get a pair of IP that aren't blocked by proofpoint/outlook.
Then I tried to warm up and build reputation by having a bunch of inbox email each others like 100 email per day then up to 1000 email per day.
Even with that I got blocked by proofpoint for no reason time by time...
So it's hard but with right strategy you can still do it. Just take more time and plan to build up and keep good reputation of your IPs.
But if I can offer a suggestion, it sounds like you were blocked by proofpoint while actively trying to spoof legitimate traffic in order to avoid detection by proofpoint. That's hardly "no reason at all," despite your having the best of intentions.
Is this viable in 2021 without huge resources? Can you go ipv6? What's the startup cost of an AS like? I assume there's the technical cost, but what about actually getting an AS assigned (time/money?), etc?
Depends on what huge resources counts as, and where you're located.
Last I checked (which was a while ago), APNIC has enough IPs to give new applicants two /24s with justification which will get you started without spending a lot of time/money in the IP resale market. If you're in ARIN or the RIPE regions I think you need to go to the market (but also need to justify, so you're looking for a single /24 to start). I don't know of it's accurate, but blog posts and auction sites seem to show about $15,000 for a /24, which is kind of a lot, but doable. You'll also need to arrange some hosting somewhere that you can credibly BGP with at least two networks to justify having an AS... There are some providers that will tunnel you to an internet exchange point and services like Vultr that might help you get started without a lot of investment.
And you'll need to learn BGP on the job. But I think you can do a lot with a simple unix box, you may not need a giant cisco router these days.
You can do it small yes. ARIN et all will gladly allocate you ipv6, but finding a transit provider with full support is a bit more tricky. The ARIN fees to start up are a few hundred.
That's incredibly insightful. But what made you buy your own server, ip etc instead of using say SES? Was it the cost thing or are you getting better delivery rates doing this?
When using SES, you cannot set FROM header to anything. The FROM has to be either an whitelisted email address or a domain that you own and verified with SES.
When forwarding email, we are receiving email from unknow domains. If we rewrite the FROM headers then the DKIM will invalid, so service will have to rewrite the FROM and clear out DKIM.
```
For example, if an email sent by Jane Example <jane@example.com> to info@example.com is processed by this script, the From and Reply-To headers will be set to:
From: Jane Example at jane@example.com <info@example.com>
Reply-To: jane@example.com
To override this behavior, set a verified fromEmail address (e.g., noreply@example.com) in the config object and the header will look like this.
```
We want to forward email as it is and retain everything so we have to run our own postix in order to do that.
Yeah you're right. I just recently figured that to get the spf and dkim alignment you have to set a custom mail from in the SES too and it significantly improves the delivery. Definitely makes sense to get your own servers as per your use case.
Oppose with what many said, delivery to gmail.com is easisest. Now, where it's land is another question. Their spam filtering also very quick to learn.
icloud and hotmail are the worst because no way to get unblocked. You just fill in the form and wait in the dark. If you got luckly enough, they work on your ticket and unblock the ip. And here is the thing, they outright reject connection so your email cannot event reach the spam inbox.
So when launch a new IP, you should check on https://ipcheck.proofpoint.com and https://sendersupport.olc.protection.outlook.com/snds/data.a...
Any host providers that are cheap are most liklely has their IP blocked by proofpoint or microsoft already.
My strategy was to use server on Hetzner, then try to buy float IP then I can attach to any server. I have to try like 40 before I was able to get a pair of IP that aren't blocked by proofpoint/outlook.
Then I tried to warm up and build reputation by having a bunch of inbox email each others like 100 email per day then up to 1000 email per day.
Even with that I got blocked by proofpoint for no reason time by time...
So it's hard but with right strategy you can still do it. Just take more time and plan to build up and keep good reputation of your IPs.