this post was submitted on 10 Jul 2023
47 points (100.0% liked)

Lemmy Support

4651 readers
2 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 5 years ago
MODERATORS
 

I'm an admin on lemmy.ninja, a month-old Lemmy instance. Users are required to validate their emails, but the email sent to them to do this always ends up in the spam folder. There's nothing we can do about that. We've found, however, that if the users are told to go get it, they can find the mail and validate just fine.

What's the best way to get this message to users while they're creating their new account? Is there a file we can edit to add instructions about checking their spam folder while they're creating the "create" button?

I'm hoping someone has a creative solution. I know it won't be a 100% fix, but any little bit helps.

top 9 comments
sorted by: hot top controversial new old
[–] [email protected] 22 points 1 year ago (1 children)

The newness of your domain is not the primary problem.

Full report

the email sent to them to do this always ends up in the spam folder. There’s nothing we can do about that.

There's lots you can do about that.

  1. Check your MX records. If the email for the domain is actually hosted by Google, verify you implemented the correct MX records. If it's not Google hosted, use the correct MX records for where it is. If you do not have email hosted for this domain, you need to fix that or change the FROM address the validation email to a valid domain/address.

  2. Create a valid SPF record. This is going to include the SPF records of the email host (i.e. Google, again see their docs) and the ip address(es) of the SMTP server used to send the validation emails. If you're using the bundled postfix container then it's going to be the IP address of your lemmy server.

It looks like you're using linode to host so it should be safe to send directly from the lemmy host. If you were hosting this on a residential connection you would need to setup an external SMTP relay (i.e. Amazon SES, Sendgrid, etc...) as most resi blocks are blacklisted.

  1. Create a valid DMARC record.

  2. Once the previous steps are fixed you need to petition Spamhaus to remove your IP from the RBL. You can cite having performed steps 1 through 3 to fix your issues if pressed.

[–] [email protected] 4 points 1 year ago (1 children)

This is a great tool! I've passed this information on to the lemmy.ninja instance owner. Thank you!

[–] [email protected] 1 points 1 year ago

to underline getting those records setup, without them others can send emails pretending to be from you. They set who is allowed to send emails as you and how to check.

one of my first dmarc reports showed some russian ip address trying to send a few from my domain.

[–] [email protected] 11 points 1 year ago

Set up SPF and DKIM on the domain for the server sending the emails, and preferably a DMARC policy as well.

This is usually enough to show that the domain can be trusted, and it will go through.

[–] [email protected] 9 points 1 year ago

Fix your SPF, DKIM, and DMARC records, that should help.

[–] Sami 8 points 1 year ago

If you set registration mode to requires application you can preface the application questionnaire with:

** CHECK YOUR SPAM FOLDER FOR AN EMAIL ** We can’t accept you until you have verified your email address.

But at the cost of having to manually approve each user.

[–] [email protected] 4 points 1 year ago (1 children)

for the future: this is why you always send some emails to other providers beforehand, so they have time to learn that you exist and aren't a source of spam.

[–] [email protected] 4 points 1 year ago

For marketing emails sure but for transactional emails you usually don't have to warm IPs, just have the various email security things setup mentioned above

[–] [email protected] 1 points 1 year ago

The best solution is to use a service like mailgun. It takes a long time to establish reputation so you can avoid the spam filters.