Do your server send mails asking for e-mail confirmations? Then ensure the receiver knows which domain the confirmation-mail origin from!
Have you ever wanted to sign up for a newsletter, or enroll into something on the net using your e-mail address?
Then the chances that you have received “Please confirm your e-mail address”-mails is pretty high. But what if the web server uses one domain, and the mail server uses another?
Sometimes you don’t receive the confirmation-emails since they are rejected by your mail server. Actually, the sender receives an error-message telling him or her that your main server won’t accept the mail. It may look like this for the sender;
Mail delivery to the following recipient has finally failed: firstname.lastname@example.org
Last reason: 500 5.0.0
Explanation: host vcode.no [220.127.116.11] said: Message Rejected for Policy Reasons
Transcript of session:
... while talking to vcode.no [18.104.22.168]:
>>> DATA (EOM)
<<< 500 Message Rejected for Policy Reasons
This is a typical sign that some sort of spam-filter has analyzed the inbound message and rejected it for some reason.
For example – you want to sign up for the newsletter at www.acme.com and enter your e-mail address. Since I know I am going to receive future newsletters from @acme.com, I have beforehand entered the domain @acme.com into my spam-filter’s white-list. The white-list ensures that any mails from @acme.com should be received without hick-ups.
Then it turns out that Acme is using a mail-letter-service and it is actually the mailletter-domain that sends the confirmation-mail. For example the newsletter-service sends mail from email@example.com . The domain @thesupermailservice.com wasn’t known to me up front, and my spam-filter finds that highly suspicious And, wham! Error 500 and “Rejected for Policy Reasons” is a fact.
Wouldn’t it be nice it Acme informed me about that in the first place, and the very page where I signed up in the first place? I think so.
Perhaps, in the future, we might even get a protocol or some technical handshake, making the white-listing process a breeze. I hope so