Evaluation of Some SMTP Testing, Email Verification, Header Analysis, SSL Checkers, Email Delivery, Email Forwarding and WordPress Email Tools E-Book

Evaluation of Some SMTP Testing, Email Verification, Header Analysis, SSL Checkers, Email Delivery, Email Forwarding and WordPress Email Tools

By

Dr. Hidaia Mahmood Alassouli

[email protected]

While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

Evaluation of Some SMTP Testing, Email Verification, Header Analysis, SSL Checkers, Email Delivery, Email Forwarding and WordPress Email Tools

Copyright © 2023 Dr. Hidaia Mahmood Alassouli

Written by Dr. Hidaia Mahmood Alassouli.

1) Introduction:

Simple Mail Transfer Protocol (SMTP) is a set of rules used while sending emails. Usually, this protocol is associated with IMAP or POP3. However, SMTP is utilized to deliver messages, while POP3 and IMAP are utilized to receive them.

The SMTP testing tool identifies issues with email security in your server that can hinder your email delivery. It checks the health status of your outgoing email server and notifies you about the detected problems, such as connectivity issues, and how to tackle them. An SMTP test tool can identify SMTP server issues and troubleshoot them to keep your email secure and safe.

SSL certificates are what enable websites to use HTTPS, which is more secure than HTTP. An SSL certificate is a data file hosted in a website's origin server. SSL certificates make SSL/TLS encryption possible, and they contain the website's public key and the website's identity, along with related information. Devices attempting to communicate with the origin server will reference this file to obtain the public key and verify the server's identity. The private key is kept secret and secure.

The SSL Checker tool can verify that the SSL Certificate on your web server is properly installed and trusted.

Email headers are present on every email you receive via the Internet. The email header is generated by the client mail program that first sends it and by all the mail servers on route to the destination. Each node adds more text, including from/to addresses, subject, content type, time stamp and identification data. You can trace the path of the message from source to destination by reviewing the email header text.

Header Analyzers can help you view and analyze message headers by displaying the information in a user-friendly manner and also by calling out various issues, such as suspected delivery delays that may require your attention.

Microsoft Remote Connectivity Analyzer provides many tests, including tests for Inbound and outbound SMTP emails. The Inbound SMTP Email test shows you the various steps taken by an email server to send your domain an inbound SMTP email. Similarly, an Outbound SMTP Email test finds out your outbound IPs for some requirements. It includes Reverse DNS, RBL checks, and Sender ID.

Cloudflare, Inc. is an American company that provides content delivery network services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited domain registration services.

Registration of international domains can be done through https://NIC.UA website.

Mailtrap.io is Email Delivery Platform for individuals and businesses to test, send and control email infrastructure in one place.

Windows PowerShell is mostly known as a command-line shell used to solve some administration tasks in Windows and apps running on this OS. At the same time, it is a scripting language that allows you to tailor cmdlets – lightweight commands to perform specific functions. You can use the built-in Send-MailMessage cmdlet to send SMTP e-mails from PowerShell.

Infinityfree.com provide free website hosting with PHP and MySQL and no Ads in your website.

WP Mail SMTP is the best WordPress SMTP plugin that allows you to easily send WordPress emails using a simple mail transfer protocol (SMTP). If you send an email via your WordPress form, you will then be able to keep track of it.

Improvmx.com is good Email Forwarding website to be used to receive and send emails with your domain name. You can setup business Email and Email forwarding through improvmx.com. . It is possible to add any ImprovMX alias as a sending email on Gmail.

The book consists from the following sections:

1. Types of DNS Records.

2. SSL and TLS Certificate.

3. Replacing the Default FortiMail Certificate.

4. Header Analysis.

5. Some Tools for Email Verification.

6. Evaluation of Some SMPT Testing Tools.

7. Microsoft Remote Connectivity Analyzer.

8. Creating Free Domain in https://nic.ua and Linking it to Cloudflare.com.

9. Mailtrap.io Email Delivery Platform.

10. Sending Emails Using Windows Power Shell.

11. Free Web Hosting from infinityfree.com.

12. Installing Different Types of Plugins Related to Mail on the WordPress Website.

13. Setting Up a Business Email and Email Forwarding Through Improvmx.com.

14. SSL Certificates Checkers.

15. References.

2) Types of DNS Records:

a) What is a DNS zone?

The DNS is broken up into many different zones. These zones differentiate between distinctly managed areas in the DNS namespace. A DNS zone is a portion of the DNS namespace that is managed by a specific organization or administrator. A DNS zone is an administrative space which allows for more granular control of DNS components, such as authoritative nameservers. The domain name space is a hierarchical tree, with the DNS root domain at the top. A DNS zone starts at a domain within the tree and can also extend down into subdomains so that multiple subdomains can be managed by one entity.

b) What is a DNS zone file?

A zone file is a plain text file stored in a DNS server that contains an actual representation of the zone and contains all the records for every domain within the zone. Zone files must always start with a Start of Authority (SOA) record, which contains important information including contact information for the zone administrator.

c) What is a zone serial number?

A zone serial number is a version number for the SOA record. In the example above, the serial number is listed next to 'SERIAL.' When the serial number changes in a zone file, this alerts secondary nameservers that they should update their copies of the zone file via a zone transfer.

d) What is a zone transfer?

A DNS zone transfer is the process of sending DNS record data from a primary nameserver to a secondary nameserver. The SOA record is transferred first. The serial number tells the secondary server if its version needs to be updated. Zone transfers take place over the TCP protocol.

e) What is a DNS record?

DNS records (aka zone files) are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain. These records consist of a series of text files written in what is known as DNS syntax. DNS syntax is just a string of characters used as commands that tell the DNS server what to do. All DNS records also have a ‘TTL’, which stands for time-to-live, and indicates how often a DNS server will refresh that record.

f) What are the most common types of DNS record?

A record

- The record that holds the IP address of a domain.

CNAME record

- Forwards one domain or subdomain to another domain, does NOT provide an IP address.

MX record

- Directs mail to an email server.

TXT record

- Lets an admin store text notes in the record. These records are often used for email security.

NS record

- Stores the name server for a DNS entry.

SOA record

- Stores admin information about a domain.

SRV record

- Specifies a port for specific services.

PTR record

- Provides a domain name in reverse-lookups.

g) What is a DNS A record?

The "A" stands for "address" and this is the most fundamental type of DNS record: it indicates the IP address of a given domain. For example, if you pull the DNS records of cloudflare.com, the A record currently returns an IP address of: 104.17.210.9. Records only hold IPv4 addresses. If a website has an IPv6 address, it will instead use an "AAAA" record.

Here is an example of an A record:

The "@" symbol in this example indicates that this is a record for the root domain, and the "14400" value is the TTL (time to live), listed in seconds. The default TTL for A records is 14,400 seconds. This means that if an A record gets updated, it takes 240 minutes (14,400 seconds) to take effect.

h) When are DNS A records used?

The most common usage of A records is IP address lookups: matching a domain name (like "cloudflare.com") to an IPv4 address. This enables a user's device to connect with and load a website, without the user memorizing and typing in the actual IP address. The user's web browser automatically carries this out by sending a query to a DNS resolver.

DNS A records are also used for operating a Domain Name System-based Blackhole List (DNSBL). DNSBLs can help mail servers identify and block email messages from known spammer domains.

If you want to learn more about DNS A records, you can see the original 1987 RFC where A records and several other DNS record types are defined here. To learn more about how the Domain Name System works, see

i) What is a Reverse Lookup Zone?

A reverse lookup zone contains mapping from an IP address to the host (the opposite function of most DNS zones). These zones are used for troubleshooting, spam filtering, and bot detection.

j) What is a DNS SOA record?

The DNS ‘start of authority’ (SOA) record stores important information about a domain or zone such as the email address of the administrator, when the domain was last updated, and how long the server should wait between refreshes.

All DNS zones need an SOA record in order to conform to IETF standards. SOA records are also important for zone transfers.

Example of an SOA record:

The 'RNAME' value here represents the administrator's email address, which can be confusing because it is missing the ‘@’ sign, but in an SOA record admin.example.com is the equivalent of [email protected].

k) What are the other parts of an SOA record?

•      MNAME: This is the name of the primary nameserver for the zone. Secondary servers that maintain duplicates of the zone's DNS records receive updates to the zone from this primary server.

•      REFRESH: The length of time (in seconds) secondary servers should wait before asking primary servers for the SOA record to see if it has been updated.

•      RETRY: The length of time a server should wait for asking an unresponsive primary nameserver for an update again.

•      EXPIRE: If a secondary server does not get a response from the primary server for this amount of time, it should stop responding to queries for the zone.

l) What is a DNS MX record?

A DNS 'mail exchange' (MX) record directs email to a mail server. The MX record indicates how email messages should be routed in accordance with the Simple Mail Transfer Protocol (SMTP, the standard protocol for all email). Like CNAME records, an MX record must always point to another domain.

Example of an MX record:

m) What is the process of querying an MX record?

Message transfer agent (MTA) software is responsible for querying MX records. When a user sends an email, the MTA sends a DNS query to identify the mail servers for the email recipients. The MTA establishes an SMTP connection with those mail servers, starting with the prioritized domains (in the first example above, mailhost1).

n) What is a DNS CNAME record?

The ‘canonical name’ (CNAME) record is used in lieu of an A record, when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address. Imagine a scavenger hunt where each clue points to another clue, and the final clue points to the treasure. A domain with a CNAME record is like a clue that can point you to another clue (another domain with a CNAME record) or to the treasure (a domain with an A record).

For example, suppose blog.example.com has a CNAME record with a value of ‘example.com’ (without the ‘blog’). This means when a DNS server hits the DNS records for blog.example.com, it actually triggers another DNS lookup to example.com, returning example.com’s IP address via its A record. In this case we would say that example.com is the canonical name (or true name) of blog.example.com.

Oftentimes, when sites have subdomains such as blog.example.com or shop.example.com, those subdomains will have CNAME records that point to a root domain (example.com). This way if the IP address of the host changes, only the DNS A record for the root domain needs to be updated and all the CNAME records will follow along with whatever changes are made to the root.

A frequent misconception is that a CNAME record must always resolve to the same website as the domain it points to, but this is not the case. The CNAME record only points the client to the same IP address as the root domain. Once the client hits that IP address, the web server will still handle the URL accordingly. So for instance, blog.example.com might have a CNAME that points to example.com, directing the client to example.com’s IP address. But when the client actually connects to that IP address, the web server will look at the URL, see that it is blog.example.com, and deliver the blog page rather than the home page.

Example of a CNAME record:

In this example you can see that blog.example.com points to example.com, and assuming it is used on our example A record we know that it will eventually resolve to the IP address 192.0.2.1.

o) What restrictions are there on using CNAME records?

MX and NS records cannot point to a CNAME record; they have to point to an A record (for IPv4) or an AAAA record (for IPv6). An MX record is a mail exchange record that directs email to a mail server. An NS record is a 'name server' record and indicates which DNS server is authoritative for that domain.

p) What is a nameserver?

nameserver is a type of DNS server. It is the server that stores all DNS records for a domain, including A records, MX records, or CNAME records.

Almost all domains rely on multiple nameservers to increase reliability: if one nameserver goes down or is A unavailable, DNS queries can go to another one. Typically there is one primary nameserver and several secondary nameservers, which store exact copies of the DNS records in the primary server. Updating the primary nameserver will trigger an update of the secondary nameservers as well.

When multiple nameservers are used (as in most cases), NS records should list more than one server.

q) What is a DNS NS record?

NS stands for ‘nameserver,’ and the nameserver record indicates which DNS server is authoritative for that domain (i.e. which server contains the actual DNS records). Basically, NS records tell the Internet where to go to find out a domain's IP address. A domain often has multiple NS records which can indicate primary and secondary nameservers for that domain. Without properly configured NS records, users will be unable to load a website or application.

Here is an example of an NS record:

r) When should NS records be updated or changed?

Domain administrators should update their NS records when they need to change their domain's nameservers. For instance, some cloud providers provide nameservers and require their customers

to point to them.

Admins may also wish to update their NS records if they want a subdomain to use different nameservers. In the example above, the nameserver for example.com is ns1.exampleserver.com. If the example.com admin wanted blog.example.com to resolve via a ns2.exampleserver.com instead, they could set this up by updating the NS record.

When NS records are updated, it may take several hours for the changes to be replicated throughout the DNS.

s) What is a DNS SPF record?

A sender policy framework (SPF) record is a type of DNS TXT record that lists all the servers authorized to send emails from a particular domain. A DNS TXT (“text”) record lets a domain administrator enter arbitrary text into the Domain Name System (DNS). TXT records were initially created for the purpose of including important notices regarding the domain, but have since evolved to serve other purposes.

SPF records were originally created because the standard protocol used for email — the Simple Mail Transfer Protocol (SMTP) — does not inherently authenticate the “from” address in an email. This means that without SPF or other authentication records, an attacker can easily impersonate a sender and trick the recipient into taking action or sharing information they otherwise would not.

Think of SPF records like a guest list that is managed by a door attendant. If someone is not on the list, the door attendant will not let them in. Similarly, if an SPF record does not have a sender’s IP address or domain on its list, the receiving server (door attendant) will either not deliver those emails or mark them as spam.

SPF records are just one of many DNS-based mechanisms that can help email servers confirm whether an email comes from a trusted source. Domain-based Message Authentication Reporting and Conformance (DMARC) and DomainKeys Identified Mail (DKIM) are two other mechanisms used for email authentication.

It is worth noting that, at one point, SPF records had a dedicated DNS record type. The dedicated record type has since been deprecated and only TXT records are to be used.

t) How does a mail server check an SPF record?

Mail servers go through a relatively simple process when checking an SPF record:

Server One sends an email. Its IP address is

192.0.2.0

and the return-path the email uses is [email protected]. (A return-path address is different from the “from” address and is used specifically for collecting and processing bounced messages.)

The mail server that is receiving the message (Server Two) takes the return-path domain and searches for its SPF record.

If Server Two finds an SPF record for the return-path’s

domain

, it searches the SPF record for Server One’s IP address in its list of authorized senders. If the IP address is listed in the SPF record, the SPF check passes and the email will go through. If the IP address is not listed in the SPF record, the SPF check fails. In this case, the email will be rejected or marked as spam.

u) What does an SPF record look like?

SPF records must follow certain standards in order for the server to understand how to interpret its contents. Here is an example of the core components of an SPF record:

v=spf1 ip4=192.0.2.0 ip4=192.0.2.1 include:examplesender.email -all

This example lets the server know what type of record this is, states the approved IP addresses and a third-party for this domain, and tells the server what to do with non-compliant emails. Let’s break down how the individual components accomplish this:

v=spf1 tells the server that this contains an SPF record. Every SPF record must begin with this string.

Then comes the “guest list” portion of the SPF record or the list of authorized IP addresses. In this example, the SPF record is telling the server that ip4=192.0.2.0 and ip4=192.0.2.1 are authorized to send emails on behalf of the domain.

include:examplesender.net is an example of the include tag, which tells the server what third-party organizations are authorized to send emails on behalf of the domain. This tag signals that the content of the SPF record for the included domain (examplesender.net) should be checked and the IP addresses it contains should also be considered authorized. Multiple domains can be included within an SPF record but this tag will only work for valid domains.

Finally, -all tells the server that addresses not listed in the SPF record are not authorized to send emails and should be rejected.

Alternative options here include ~all, which states that unlisted emails will be marked as insecure or spam but still accepted, and, less commonly, +all, which signifies that any server can send emails on behalf of your domain.

While the example used in this article is fairly straightforward, SPF records can certainly be more complex. Here are just a few things to keep in mind to ensure SPF records are valid:

There cannot be more than one SPF record associated with a domain.

The record must end with the all component or include a redirect: component (which indicates that the SPF record is hosted by another domain).

An SPF record cannot contain uppercase characters.

x) Why are SPF records used?

There are many reasons domain operators use SPF records:

Preventing attacks:

If emails are not authenticated, companies and email recipients are at risk for

phishing

attacks, spam emails, and email spoofing. With SPF records, it is harder for attackers to imitate a domain, reducing the likelihood of these attacks.

Improving email deliverability:

Domains without a published SPF record may have their emails bounce or be marked as spam. Over time, bounced emails or emails marked as spam can hurt a domain’s ability to reach their audience’s inboxes, compromising efforts to communicate with customers, employees, and other entities.

DMARC compliance:

DMARC is an email validation system that helps ensure that emails are sent only by authorized users. DMARC policies dictate what servers should do with emails that fail SPF and DKIM checks. Based on the DMARC policy instructions, those emails will either be marked as spam, rejected, or delivered as normal. Domain administrators receive reports about their email activity that help them make adjustments to their policy.

y) What is a DNS DKIM record?

DomainKeys Identified Mail (DKIM) is a method of email authentication that helps prevent spammers and other malicious parties from impersonating a legitimate domain.

All email addresses have a domain — the part of the address after the "@" symbol. Spammers and attackers may try to impersonate a domain when sending emails to carry out phishing attacks or other scams.

Suppose Chuck wants to trick Alice, who works for example.com, into sending him confidential company information. He could send her an email that seems to be coming from "[email protected]" to fool her into thinking he also works for example.com.