From someone else with similar experience: I've been following all best practices to the best of my abilities (rDNS/DMARC/DKIM/SPF/etc). After all that was properly in place, the only problematic receiver was Microsoft (outlook.com/hotmail.com/live.com), which bounced and provided an appeal process.
I filled the form, was requested documentation from my ISP on the IP address.
I asked my VPS hosting company (since they provide the public IP and therefore act as ISP) and they proactively reached out to Microsoft, who lifted the restriction after that.
So since then no delivery issues. YMMV.
If you intend to host this from your residential address, it can be a good idea to tunnel external traffic over VPN through a VPS or similar. Not only for privacy reasons, but also to get around ISP blocks and IP banlists. I don't know how flexible maddy is, but in postfix in case the above scenario wouldn't be resolved, I could have set to use mailgun/mailroute for MS domains only and relay like normally for others.
What do you use as a mail client (on desktop and on phones), and do you have a solution for server side signatures? If so, how well have you found that it supports Reply and Forwarding insertion? Does it support embedding signature logos as hidden attachments to workaround blocked images?
Do you also have any issue with icloud? I somehow get bad IP range and never been able to have them whitelist me, re-attempting seems just put put me into a blackhole queue support on their team :(
i have been using mailinabox on a vps server and all the major email tests say the mailbox is fine.
only gmail treats my emails as spam. others just work fine. i don't know what to do other than having to call receipients and ask them to unspam the mail. That doesnt seem to "train" their spam filters so don't know
I have literally never (to my knowledge) been rejected by one of the big boys (i.e. gmail or outlook). Was quite nervous about it in the beginning, but I haven't run into any issues.
I have had a number of bumps:
1. In exchanging emails with someone with a custom domain, I found there SPF record was broken and thus my server was rejecting their emails. I've weakened my policy and now their mail goes to my Junk, which I then manually move to my inbox because I'm lazy and don't want to set up a custom rule.
2. I wanted to subscribe to the Tarnsap mailing list, and had to decrease the minimum TLS level for outgoing mail to "none." Dr. Percival believes TLS on SMTP is "silly" (which, in the sense that all email is insecure, is true, but in the sense that email with modern security measures is better than nothing, is in itself a "silly" opinion).
3. I had some server downtime recently (https://figbert.com/posts/wrong-way-to-switch-server-os/) and couldn't receive emails, which sucked. But that was on me.
Just to defend Dr. Percival a little here(since I have the same stance, though we do also support TLS), the RFC's require you to support non-encrypted SMTP. Since you HAVE to support it(not only per RFC but because in the real world so many SMTP communicators are stupid, lazy, or ignorant), there is little point in trying to make email secure. Until such time as everyone decides TLS1.3+ is required for SMTP, there is no hope, so why bother.
Our external auditors get all upset about it every single year, and every single year, I show them the RFC's and they then shutup about it for a year. If you feel strongly enough about it, try to get a RFC passed where SMTP requires TLS now.
I don't run Maddy, but I do run email for an organization of a few thousand people. It happens on occasion from various providers, The larger organizations(MS,Google,etc) will spam your logs SMTP errors with a URL. You visit the URL and do whatever actions they want that particular day and life goes on. It's not hard, but it is a bit annoying sometimes.
Generally if you have a static IP and you don't go being all stupid with spam, it's not THAT difficult, but you do have to jump a few hoops and then occasionally play wackamole with their spam prevention junk for the month.
It seems to come in waves, like email will be fine for a few months and then 1 provider after another will be all upset about gosh knows what that day and you have to visit URL's and push a few buttons.
I've been to lazy to track it, and the various reasons for that particular day, but this has been my experience. A few times a year you have to go babysit SMTP so email can be delivered again.
Not just MS, they pretty much all dump SMTP errors with URL's telling you about the SMTP error they gave you. Some are really awesome when you visit the URL, they say oh, do X and then you are good. Others say we just don't like you at the moment, with basically no detail... and then you get the full burden of figuring out why they didn't like you and trying again.
We host and manage the SMTP server(s) ourselves(We currently run Postfix). If you outsource your email to Google, etc, then they have to babysit the email logs for URL's, not you.
To share one trick I found (after you've done all the DKIM/SPF/DMARC/PTR things others point out), if you still have deliverability issues to Microsoft 365 tenants, it is worth sending mail as HTML rather than plain text.
I have no idea why that helps (well, I could guess that some spam heuristic thinks plaintext email without an accompanying HTML envelope is more likely to be spam), but changing this took me from near-constant "your email went to spam" to no issues sending even things that actually look spammy (i.e. an email just containing a link that might be of interest to the recipient)
