Hosted SMTP Server HELO setting

Geovani Enzo

New Email
Hello all, I need some help understanding the correct way to configure my HELO IP to ensure email delivery.

We have a dedicated SMTP server hosted offsite and we use a third party email marketing platform to send emails. The hosting company has control of our domain, and set up the SPF and DKIM records and both pass. I work remote, and often send campaigns from either home, or another office. The email marketing software by default uses the IP addresses of the internet connection I am using for the HELO.

Based on what I read, incoming servers look at the HELO message prior to accepting an email and perform a reverse dns on the senders domain, to ensure that IP in the HELO matches domain. To further ensure delivery, I had the hosting company add both domains to the SPF and DKIM records.

The email marketing platform allows me to change the HELO field, so I have the option to use either the server IP, home internet IP, or work office IP. I am curious as to which IP to use in HELO for maximum delivery rate.

As an example, I am going to show you a sample email header to illustrate. For this example, assume the Server HOST IP is (XXXXX), the office using port 25 (YYYYY), home using port 587 (ZZZZZ).

Sent from Home

Received: from unknown (HELO ZZZZZ) (john.doe@example.com@ ZZZZZ)
by XXXXX.static.Host.net

Since the HELO us not related to the host IP, does this increase the chances of being sent to junk?
 
Last edited by a moderator:

EQ Admin

EQ Forum Admin
Staff member
Since the HELO us not related to the host IP, does this increase the chances of being sent to junk?

Hi Geovani,

I don't think matching HELO matters much, at least not most of the time.

There are occasions when I have seen some ISP's with strict rules but it's usually possible to speak with their abuse departments and get misguided checks fixed.

What is your outgoing IP address?

In addition to the SPF and DKIM records I'd pay close attention to your Sender Score.

Here is a recent article about getting email delivered to the inbox at Gmail.

How long have you been sending email using the dedicated server?

The "email marketing platform" platform make me think you might not be closely monitoring bounces and removing bad addresses from your lists.

Once we know the IP address and can see the reputation we'll know more about what we're dealing with.

Are you getting any of the emails returned with an error message? If yes please copy some examples here.
 

Geovani Enzo

New Email
Sending emails for about a year. Roughly 10,000 new email addresses a month, plus another 10,o00 follow ups from previous. All bounces are removed properly, as are replys and unsubscribes.

The interesting thing is the server IP from the example (XXXXX), has no sender score. The prompt reads "Insufficient Email Seen". However, when i put the shared office IP that i use to send emails, YYYYY (cox), had a sender score of 72 (infrastructure seems to be high) My sending domain is associated with this IP when i check the sender score.
 

EQ Admin

EQ Forum Admin
Staff member
The sender score is based on the IP address seen by other email servers.

It won't be based on your home machine unless you sending directly to the MX servers for domains directly from your home machine.

In most cases it will be the IP address of your outgoing mail server setting.

It doesn't surprise me that your office network is seen if that's what you're sending through.

To be sure, send an email to Gmail with your email marketing software, and check the received-from headers to see what IP is receiving the email from.

That's the IP that matters, not your home computer.
 

Geovani Enzo

New Email
This is interesting. There are 3 areas in the header which references the received from information. So I am using Barracuda antivirus, and all of the outgoing emails are sent through the barracuda IP address. This is shown in the top portion of my headers. Example below

Return-Path: <myemail@mydomain.com>
Received: from 20pmail.ess.barracuda.com (20pmail.ess.barracuda.com. [111.222.333.444]) <----- Barracudas IP address

There is a second

Received: from mail.mydomain.com (mail.mydomain.com [XXXXX]) <------ My dedicated servers IP address, which is associated with the domain

Then there is a third portion of the header that is referencing both my server IP, and the ip address of the internet connection I am using. Same as previous example above.

Received: from unknown (HELO YYYYYY) (myemail@mydomain.com@ YYYYYYY) <------- Office internet IP, which I added to our SPF record
by XXXXX.static.Host.net <------ dedciated server IP with host domain.

My question in related to the third section which has the HELO. I can change this and i would think there is some impact.
 

Geovani Enzo

New Email
BTY - here is the bounce back with the error code. Looks like the IP that is rejecting the HELO is Barracuda

<john.doe@example.com>
111.222.3333 does not like recipient.
Remote host said: 550 No response to HELO/EHLO
Giving up on 111.222.3333

--- Below this line is a copy of the message.

Return-Path: <myemail@mydomain.com>
Received: (qmail 7929 invoked by uid 108); 2 Jun 2015 10:04:20 -0500
Received: from unknown (HELO wsip-YYYYYY) (myemail@mydomain.com@YYYYYY) <---- I setg the HELO to use the office internet IP, which is attached by attached to the end of my email address by default
 

EQ Admin

EQ Forum Admin
Staff member
Hi Geovani,

It's difficult to help when the headers and bounce messages are obfuscated.

If you have dedicated outgoing IP's from Barracuda using this name, they all appear to have excellent sender scores, for example:

;; ANSWER SECTION:
20pmail.ess.barracuda.com. 600 IN A 64.235.154.233
20pmail.ess.barracuda.com. 600 IN A 64.235.150.246
20pmail.ess.barracuda.com. 600 IN A 64.235.150.247
20pmail.ess.barracuda.com. 600 IN A 64.235.154.232

Barracuda Sender Score.jpg


<john.doe@example.com>
111.222.3333 does not like recipient.
Remote host said: 550 No response to HELO/EHLO
Giving up on 111.222.3333

In this example it appears the mail server for example.com is hanging up during the HELO part of the conversation.

If you can let us know the @example.com part of the email address, I can check the MX's and see what they are allowing and disallowing.

Does your company use the managed Barracuda service for handing outbound smtp relay from your corporate network?
 
Top