Challenges of email server development

Question

Email server development is quite challenging. One of the biggest challenge is when developing web application that sends out several emails on behalf of users. Emails will all be sent out from one SMTP feed with sender address that of individual users.

How do we ensure that if the users missuse the system (say send out spam messages) the server IP that sends out the email is not balck listed ?

I have been advised that registering in following organisations will help. But my question is, this alone will suffice ?

Messaging Anti-Abuse Working Group(www.maawg.org)

Email Experience Council(www.emailexperience.org)

Online Trust Alliance(www.otalliance.org)

Email Service Provider Coalition(www.espcoalition.org)

Return Path(www.returnpath.net)

Spam Arrest(www.spamarrest.com)

Any other thing needs to be done during development or configuration of the service ?

Answer 1

Considering that SMTP doesn't have a notion of "accounts," just senders and recipients, your question doesn't make a lot of sense. If the receiving server decides that you machine is generating spam, then it will probably blacklist your IP, not any "account" used to run the mail program (although it could decide to blacklist the sender address).

The easiest way to prevent this, of course, is to prevent your mail server from accepting outgoing mail that would be considered spam. There are lots of techniques to do this, such as Bayesian spam filters on the content, or keeping track of the usage patterns of a particular sender. But it's your responsibility; if you "whitelist" yourself with an organization and then behave in an inappropriate way, you'll end up blacklisted.

And before you start, you should at least get an overview of how SMTP works (and then move on to the actual RFCs).