I'm reconfiguring some mail architecture and wondering about this...
For the purposes of avoiding blacklists and maintaining a good MX reputation, is it better to have:
- One public IP / SMTP server dedicated to outbound only e-mail
- Another public IP / SMTP server dedicated to inbound only e-mail
Or both incoming/outgoing on one IP?
It makes no difference, inbound routes won't be considered when assigning reputation.
Reputation used by email spam filtering providers (one of whom I work for) is based entirely on the messages that that IP address sends, not what it receives (we can't see that anyway).
Nor would using different IP addresses cause a problem for an MX filtering provider, we have the ability to configure them independently anyway.
I would recommend that you route mail from your "least-spammy" servers to originate from one external IP address, and the "more-spammy" ones from another.
For example, if you send bulk mail from any application servers internally, route those to originate from a different IP from your users' normal relay, which will mostly be used for sending clean-looking personal emails.
However the main problem will stem when you get some malware on your internal network that tries to send spam. If possible, try to mitigate that by only allowing relaying from authorised hosts or authenticated connections (to your relay)
It should make no difference. There is no requirement for the
MXhandler for a particular domain be the same host that relays messages for that domain.If there were such a restriction it would severely limit the effectiveness of any service that acts as a relay for your email (for example MailGuard, MX Logic or Postini) let alone internal relaying inside your network.