Recommendations for sending emails

GMX is committed to providing a trustworthy and secure service to its users. For this reason, careful evaluation of incoming emails and protection against unsolicited emails are top priority.

The following notes apply to the operators of delivering services:

Respect the recipient's wish not to receive unsolicited mail

If a GMX user can demonstrate that you have failed to stop sending undesired email despite a request to the contrary, we reserve the right to block your service permanently.

Observe legal requirements

Observe the legal requirements applicable in your own country. For the USA this is the Can-Spam Act for example. Note that senders of mass mails can be held responsible if they fail to seek the consent of the recipient.

Observe the recommendations of the MAAWG working group

The Messaging Anti-Abuse Working Group (MAAWG) cooperates with large and important internet service providers to regularly draft a guide to sending emails. Use this guide as the basis for your work.

RFC conformity

Emails and communications with our servers must comply with the current RFC defined standards.

No receipt from dial-up address ranges

Emails must be sent directly to our Mail Exchange server from dial-up networks. Emails from users with dynamic IP addresses must be sent via smart hosts or SMTP relay servers protected against misuse.

Reverse DNS entry

A Reverse DNS entry (FQDN) must exist for the delivering server.

Correct HELO

You must send a meaningful and plausible HELO/EHLO in the sense of RFC 5321.

Sender Policy Framework

On request from a customer, we will investigate your SPF records. The sender address for forwarded emails must thus be aliased as an SRS.

Hardening of servers against misuse

The delivering server must be protected against unauthorised access.

RBL lists

We check various, established RBL lists. Please make sure that your server is not on one of these lists. You can check this information at DNSBL.info.

The following rules apply for senders of mass mails:

Sanitisation of the address lists

The sender must immediately remove email addresses from their dispatch lists if hard bounces occur at these addresses. If you attempt to deliver mail to multiple unknown (or disabled) GMX accounts, you will be temporarily blocked. We reserve the right to block you permanently in this case.

Legal information requirement

You are only permitted to send emails to recipients from whom you have received permission to deliver mass mails, e.g. newsletters. We recommend the use of a double opt-in process.

The ordering party or the contractual partner of the sender must be clearly identifiable for the recipient.

We recommend including non-electronic contact information for the sender including the telephone number and the physical address in requested mass mails.

Opt-out

The recipient must be given a fast and simple opt-out option for receipt of the mass mail (newsletter, advertising etc.).

Each email should contain a note to this effect; however, an opt-out option can be provided in the form of a valid reply address.

Whitelisting by external providers

As a sender of mass mails we recommend that you participate in the Certified Senders Alliance. More information is available here.

  1. The Messaging, Malware and Mobile Anti-Abuse Working Group is an international association consisting of internet service providers, anti-spam and anti-virus technology producers as well as other interested parties. The association offers a member forum for the exchange around the topic security in telecommunications: https://www.m3aawg.org/
  2. RFC Indicates documents that describe the technical or organizational guidelines for the internet.
  3. A Reverse DNS entry or FQDN (Fully Qualified Domain Name or PTR-RR) is the unique name of an internet host. The FQDN can be used to discover the host's IP address. The Reverse DNS entry should be used as the HELO when sending emails.
  4. The HELO command is part of the SMTP protocol used for email delivery. With the help of this command, the email exchange between two servers gets initiated as the sending server transmits its full domain name. Analogous to that, a server indicates by means of the EHLO command that the extended SMTP protocol version (ESMTP) should be used.
  5. SPF (Sender Policy Framework) is a technology designed to make it more difficult to spoof sender addresses. It ascertains the IP addresses from which emails with a specific sender domain can be sent (or from which IP addresses mails may not be sent). To allow this to happen a TXT type (or SPF type if it exists) resource record is created in the DNS zone; it lists all the authorised IP addresses used as sending addresses in the domain. To check your SPF entry, we recommend the SPF Wizard on the Openspf.org site.
  6. When an email is redirected, a receiving system that validates email reception against an SPF entry is unable to validate the sender's identity. Forwarding servers should use SRS to encapsulate the sending address in an envelope to prevent SPF validation returning incorrect results. For more information on SRS refer to the Openspf.org site.
  7. An RBL list collects IP addresses. The list can be used to decide before establishing a connection if specific email senders are allowed to deliver to the receiving system, and to evaluate the spam probability with which emails are tagged. There are various types of lists of this kind. Some include IP addresses from which the owner is not prepared to receive and to which they are not prepared to send emails. Other lists include IP addresses which are known to be responsible for sending spam mail.
  8. Opt-in describes a procedure in which a consumer explicitly consents to be contacted for advertising purposes. In addition, the Double-Opt-In procedure makes sure that the email address provided really belongs to the consumer. In order to do that, usually a verification link will be sent to the email address. This verification link has to be accessed once before getting added to a distribution list. That way, it is possible to prevent unauthorized third parties from adding email addresses to distribution lists.