I’m an admin on lemmy.ninja, a month-old Lemmy instance. Users are required to validate their emails, but the email sent to them to do this always ends up in the spam folder. There’s nothing we can do about that. We’ve found, however, that if the users are told to go get it, they can find the mail and validate just fine.
What’s the best way to get this message to users while they’re creating their new account? Is there a file we can edit to add instructions about checking their spam folder while they’re creating the “create” button?
I’m hoping someone has a creative solution. I know it won’t be a 100% fix, but any little bit helps.
The newness of your domain is not the primary problem.
- You have no SPF records on your domain.
- You have no DMARC record.
- You’re on the Spamhaus RBL.
the email sent to them to do this always ends up in the spam folder. There’s nothing we can do about that.
There’s lots you can do about that.
-
Check your MX records. If the email for the domain is actually hosted by Google, verify you implemented the correct MX records. If it’s not Google hosted, use the correct MX records for where it is. If you do not have email hosted for this domain, you need to fix that or change the FROM address the validation email to a valid domain/address.
-
Create a valid SPF record. This is going to include the SPF records of the email host (i.e. Google, again see their docs) and the ip address(es) of the SMTP server used to send the validation emails. If you’re using the bundled postfix container then it’s going to be the IP address of your lemmy server.
It looks like you’re using linode to host so it should be safe to send directly from the lemmy host. If you were hosting this on a residential connection you would need to setup an external SMTP relay (i.e. Amazon SES, Sendgrid, etc…) as most resi blocks are blacklisted.
-
Create a valid DMARC record.
-
Once the previous steps are fixed you need to petition Spamhaus to remove your IP from the RBL. You can cite having performed steps 1 through 3 to fix your issues if pressed.
This is a great tool! I’ve passed this information on to the lemmy.ninja instance owner. Thank you!
to underline getting those records setup, without them others can send emails pretending to be from you. They set who is allowed to send emails as you and how to check.
one of my first dmarc reports showed some russian ip address trying to send a few from my domain.
Set up SPF and DKIM on the domain for the server sending the emails, and preferably a DMARC policy as well.
This is usually enough to show that the domain can be trusted, and it will go through.
Fix your SPF, DKIM, and DMARC records, that should help.
If you set registration mode to requires application you can preface the application questionnaire with:
** CHECK YOUR SPAM FOLDER FOR AN EMAIL ** We can’t accept you until you have verified your email address.
But at the cost of having to manually approve each user.
for the future: this is why you always send some emails to other providers beforehand, so they have time to learn that you exist and aren’t a source of spam.
For marketing emails sure but for transactional emails you usually don’t have to warm IPs, just have the various email security things setup mentioned above
The best solution is to use a service like mailgun. It takes a long time to establish reputation so you can avoid the spam filters.