Story time. I recently signed up for a newsletter powered by Ghost but the confirmation email ended up in my spam folder. I looked to see if there were any issues noted in the email headers.
Imagine my horror when I see the IP address of the vps the site is hosted on with an elevated risk score. Most cloud hosting IPs have been abused by everyone from script kiddies to folks in the major leagues. This means it's harder to end up with a clean IP address for your VPS or cloud server. It also means that folks who opt-in to multiyear hosting agreements, like I do for a discounted rate, it can be difficult or expensive to get a new IP allocated.
Luckily, there is a way to avoid this. To the forums!
quentin-binder
This recent forum post helped confirm my suspicion. You can avoid leaking your IP by exclusively using the Mailgun API transport. You'll need to change the Ghost mail transport option for transactional emails like registrations, from smtp to mailgun. Note that it is the SMTP transport option that exposes the host IP address when sending things like registration emails. This is often the first touch point with subscribers. So let's avoid doing that.
If you're using docker, here are the env vars to set:
mail__transport: mailgun
mail__options__auth__api_key: ${MAILGUN_API}
mail__options__auth__domain: ${MAILGUN_DOMAIN}
mail__from: ${MAILGUN_FROM}
# mail__host: api.mailgun.net # us based
# mail__host: api.eu.mailgun.net # eu basedHopefully this helps improve your subscriber confirmations.
Also worth noting is an easy to miss issue with your dmarc configuration. As you start sending your newsletter(s) to a larger audience, make sure your dmarc policy is set to something other than none. Read more about these sending requirements here:
RyanF
Last thing, this is my first post with a self-hosted ActivityPub service connected to my self-hosted Ghost site. Check out the feed over at https://mastodon.social/@[email protected] to see what this new integration looks like on the fediverse.
✌
