Think carefully about the addresses you send your email from. The “From” address will not only be visible to recipients in their email client (including in the preview pane), but will also collect reputation at some ISPs. This, along with the Subject line, will create the first impression a recipient will have of your email.
Think carefully about the domain of the address(es) from which you send your email. There are two reasons for this:
If you’re sending significant volumes of email, don’t send email from an ISP-based email address such as firstname.lastname@example.org. For example, if Yahoo! notices a significant volume of inbound messages coming from email@example.com, that email will be treated differently than if it were coming from a proper outbound email-sending domain (i.e., a domain that you own).
Include correct WHOIS information for your domain so that receivers can look up details about who owns your sending domain. Your domain registrar will provide instructions about how to set up your WHOIS record. Receivers trust more established and transparent domains that are fully listed with the Internet registry over domains that are not.
Make sure that your domain is authenticated with Sender Policy Framework (SPF) and SenderID. These authentication methods lend credibility to your sending domain by confirming to email recipients that an email is actually from the domain it claims to be from. For more information, see Authenticating Your Email Address in the Amazon Simple Email Service Developer Guide. Test your authentication settings by sending email to an ISP inbox that you own (e.g., a Gmail account), and viewing the headers in the source of the message. The headers will tell you whether your authentication attempts have succeeded.
You should also use DomainKeys or DomainKeys Identified Mail (DKIM) to sign your outbound email. This authentication step will lend credibility to your email by confirming to recipients that the content has not been changed in transit from sender to receiver. For a brief explanation of the difference between SPF and DKIM, go to the Wikipedia article, Email authentication. Test your authentication settings by sending email to an ISP inbox that you own (e.g., a Gmail account), and viewing the headers in the source of the message. The headers will tell you whether your authentication attempt succeeded.
确保给您的域名加上了SPF认证机制，SPF人证可以确保邮件是从被认证的域名发出的邮件，从而增加邮件的信用度。更详细的信息请查阅《amazon ses 开发指南》。您可以通过向一些邮件服务商的邮箱发送邮件(例如gmail),然后查看邮件消息头部分，这样就可以查看认证设置是否成功。
Be careful how you collect email addresses. Many times in online forms or other sign-ups, people will provide bogus email addresses that, when you send email to them, will generate hard bounces and appear to the ISP as irresponsible sending.
If your form continues to collect addresses that are hard bouncing on their first email attempt, ensure that the recipient confirms the address they’re entering. Present the address for confirmation, require duplicate fields for email address to ensure entries match, and disable client-side auto-fill if possible.
You can utilize double opt-in (only sending email to an address whose owner has clicked on a verification link) to ensure that you don’t repeatedly send email to a bad address.
You can use third-party vendors to check the viability of an email address before you send to it.
You can also check the syntax of an email address to ensure that the address is at least reasonably correct (e.g., is the address composed correctly with a local part and @ symbol? Does the address resolve to a domain with an MX record?).
You should be careful about allowing any user-defined input to be passed along to Amazon SES and the ISPs unchecked. Forums and form submissions can be especially tricky since the content can be completely user-generated (and spammers can fill out forms with their content), but email receivers don’t care – it’s your responsibility to ensure that you’re only sending email with high-quality content.
It is highly unlikely you’ll ever have a standard alias (such as postmaster@, abuse@, or noc@) sign up for your email intentionally. You should have control over how you acquire email addresses, and only send email to addresses that belong to a real person who wants your email. This applies especially with role accounts, which are usually reserved for email watchdogs. Role accounts can be maliciously added to your list as a form of Internet sabotage to get you blocked. Ensure that your list does not include any role account aliases. For a complete list of role accounts you should watch out for, see Mailbox Names for Common Services, Roles and Functions.
Don’t send email to third-party lists (purchased, rented, or otherwise collected outside of your purview). When you send email to a third-party list, you’re taking the risk of emailing addresses of an unknown origin. This could invite enforcement from ISPs if it turns out that the list contains spamtraps (special addresses set up by ISPs to monitor unsolicited email), bouncing addresses, or recipients who complain. Even if the email addresses on the third-party list are valid, you still don’t know whether the recipients will actually want your email and thus whether they will consider it spam. You should collect the email addresses yourself, directly from recipients.
在一些商业邮件系统，您不太可能能注册到一些重要的别名邮箱(如 postmaster@, abuse@, or noc@)，所以您在获取邮件地址列表的时候，也应该去掉这些不太可能注册到的邮箱地址，这些特别的邮箱地址一般是商业邮局内部的邮箱地址，一般是作为监测的邮件地址。有些人可能会恶意给您提交这些地址，当您发送到这些邮件地址的时候，就会被商业邮局屏蔽掉您的邮件列表。所以您要检测您的邮件列表，确认不包括这些公共的服务、角色、功能类的邮箱地址。