I run a social network on my web server, with about 15,000 members right now. My administration section let's me Mass Email all my users. Currently it uses the built in PHP mail function.
What is the best way to congfigure my server to bypass spam? Can I install anything on the server? Or should I just make the social network use SMTP? The admin panel lets me choose SMTP or built-in mail function.
I'm not to familiar with mailing from servers, as I usually use Aweber for my mailing, but I cannot use Aweber for this as they will not let me just import 15,000 emails.
Let me know, thanks.
If it were a simple matter of flipping some switches to keep from being classified as spam, spammers wouldn't have any trouble whatsoever getting through spam filters.
The biggest things you can do...
Make sure you are sending actual email. No fake headers, no CC's to dozens of people unrelated to the person you're sending to, etc.
Keep the message simple. No fancy formatting or turning out web pages as email. Anything that smacks of advertising will up your spam scores in most spam filters, and the more prettified the text the more likely it'll trip filter scores.
Configure SPF and make sure your mail server isn't obscured behind multiple routes or anything that can make it look dodgy when being reverse look-upped.
Have instructions for your users so they know what to look for; if they have their own filters this will help with white-listing.
Have an opt-in list so you're not sending emails to these users unless they want it.
Does your social site have its own built-in messaging? It might make sense to encourage people to use the in-system messaging rather than email. Email should at most be an adjunct to the goal of bringing people into the site and using the site.
There's nothing you can really do to prevent being classified for spam except make the messages legit and don't tick off your users; someone may forward it to the wrong places and you'll end up in an RBL. Only send messages to people who want it. Take a note from Facebook's page...their notifications that I opted into are a simple "hello! Here's a message from XYZ, click the link to view the thread!" I don't think there's anything fancy or hidden in the message (but then again I'm also known for forcing simple text and non-rendering html, etc. in my email to reduce the chances of getting more spam through or malicious links. I could just be blocking out extraneous crap. But regardless, my spam filters haven't blocked any notifications from them.)
I am not sure about the variants of mail transfer methods in your board software, and it will not make a difference in the spam problem (it is about how the mails got transferred to the first SMTP server).
To avoid being classified as spam you "just" have to configure your mail server very well and behave nicely.
Just some quick hints:
There are many questions in Server Fault already covering this topics. Search for them, you will find excellent advice.
Check if your DNS Configuration is right:
Does the host have a valid fully qualified domain name, thus is the helo name correct?
Is the reverse DNS of you server's IP this fqdn?
Many spamsending trojans/personal computers don't have correct dns settings, so spam can be easily determined by broken DNS settings. And it's easy and fast to check these DNS settings, as the mailserver can block mails before even accepting any bytes of the mail itself.
Have a look in to you maillog while sending mail with your server (/var/log/maillog probably), as most servers don't just drop mail, but block spam with a more or less sensible error message, e.g. "550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs;"
Oh yeah, DNSBL. Check if you're listed on any: http://www.dnsbl.info/ If you are - it means someone is using you're server to send out spam - fix this first (that's a topic on it's own).
That's what I would go for first. To get caught by a content scanner you must have f'ed up you're mail header and body really hard - so I don't think that's your problem.
SPF and DKIM are overrated, they don't play a big role for spam detection (but DKIM is promising, so in the long run you should set up DKIM nevertheless).