I manage various servers that send and receive email at various levels. Mostly I use Sendmail on FreeBSD machines.
I'm having problems in delivering to Hotmail users and apparently more in general anyone that makes use of microsoft based antispam filters (I could be wrong here... it's my feeling).
Here are the headers of an email that was delivered to the Junk mail folder of a hotmail user. It was sent from a server of mine.
Received: from BL2NAM02HT013.eop-nam02.prod.protection.outlook.com
(10.172.93.15) by MWHPR11MB1775.namprd11.prod.outlook.com with HTTPS via
MWHPR1601CA0005.NAMPRD16.PROD.OUTLOOK.COM; Thu, 8 Feb 2018 10:09:59 +0000
Received: from BL2NAM02FT033.eop-nam02.prod.protection.outlook.com
(10.152.76.55) by BL2NAM02HT013.eop-nam02.prod.protection.outlook.com
(10.152.77.51) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.444.13; Thu, 8
Feb 2018 10:09:59 +0000
Authentication-Results: spf=pass (sender IP is 148.251.12.94)
smtp.mailfrom=gmartandmusic.com; hotmail.com; dkim=pass (signature was
verified) header.d=gmartandmusic.com;hotmail.com; dmarc=pass action=none
header.from=gmartandmusic.com;
Received-SPF: Pass (protection.outlook.com: domain of gmartandmusic.com
designates 148.251.12.94 as permitted sender)
receiver=protection.outlook.com; client-ip=148.251.12.94;
helo=mail.europa.tuorlo.net;
Received: from mail.europa.tuorlo.net (148.251.12.94) by
BL2NAM02FT033.mail.protection.outlook.com (10.152.77.163) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.20.444.13 via Frontend Transport; Thu, 8 Feb 2018 10:09:57 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:3155FEC5C9D2530E959B4E07187F7D85EAB207E86B21DBD388EE2E71D188C39C;UpperCasedChecksum:68C64367B668FDE28564CAAC7801A9DF0B763468DCDE2B54A67FCFB40608C4EF;SizeAsReceived:1418;Count:12
Received: from auth (mail.europa.tuorlo.net [148.251.12.111]) by mail.europa.tuorlo.net (8.15.2/8.15.2) with ESMTPSA id w18A9qi2063516
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <yyyyyyyy#hotmail.com>; Thu, 8 Feb 2018 11:09:56 +0100 (CET)
(envelope-from xxxxxx#gmartandmusic.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmartandmusic.com;
s=europa; t=1518084596;
bh=Fw4LmErhAxOi/F7NxHoWyOX/LBhnx8rr2vjP9sF8wgs=;
h=From:Date:Subject:References:To;
b=smkwjTavx8NlQhBXyLGXWpLdYuPXc9qSqbkZ1DZJrnyLkNqUgfVkXmOtVGoC+Qzn9
Asn9V/Sb7EmPj6XJfnuXgTMtzz2pHb2J8oVY8t3A5ffO8k6V27k9yo/utNvmt8wuJX
Ozhyfn8CTmP6o1/Ak40QA5uwGuKSbEBWy/IyBYp+yPiyoWZ4r+LDTDGPwWUSVDrOD1
LjTCIwOtVvECw1OejxAe5aY+tluKjnEZIYEqawv8pSr3yznZJpdaDhuJF+3EtjtEBm
2iRsmG/tKzmZjQm5FQk66gZX4iwShAVgRPpxTmQ8bUR7qFR0sJ58F5iaOiXBi16bNc
ZU5m+VRtusqSQ==
From: AAAAAA BBBBBB <xxxxxx#gmartandmusic.com>
Content-Type: multipart/alternative;
boundary="Apple-Mail-89D34B6A-7702-4FBE-BCCD-41CBE90A98B6"
Content-Transfer-Encoding: 7bit
Date: Thu, 8 Feb 2018 04:09:52 -0600
Subject: Fwd: XXXXXX/XXXXXX/ MENORCA/ MAYO 2.021
Message-ID: <C8E45C6B-C6F6-43E9-A89F-511837A7ECFB#gmartandmusic.com>
References: <00A74997-678C-430C-89E0-F86081C7EF4D#infotelecom.es>
To: XXXX YYYY <yyyyyyyy#hotmail.com>
X-Mailer: iPhone Mail (15D60)
X-IncomingHeaderCount: 12
Return-Path: xxxxxx#gmartandmusic.com
X-MS-Exchange-Organization-Network-Message-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02FT033;1:hnTtkDvat2snlgurDQUVhYHckuMJhexw7rK/nMMILQql/P1hj3ZYszrvHlCTQ+cJV7wsMPwXfvp32kBc7HmUnj25fk1jbqqyJBW31tz9XQUHomlZtr7nZ+WhdGFNNRb8
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98901004);DIR:INB;SFP:;SCL:1;SRVR:BL2NAM02HT013;H:mail.europa.tuorlo.net;FPR:;SPF:None;LANG:;
X-MS-Exchange-Organization-AuthSource: BL2NAM02FT033.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(5000109)(4604075)(4605076)(610169)(650170)(651021)(8291501071);SRVR:BL2NAM02HT013;
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;3:HFLkOvxb6v1otyVU+/4qGCI+fmLt/Wqog/HK8GHBqXEB3WB2/axCWD1jjLiZlE296Z8SYck6EVAxyuGrHKGKu1B4EME0OZmUxUyS5U8ekffZJkZPm02+XFw8rfWUEuJPbIKflo2V4k+kWwO9/pzmcZDyrTjVFNWzB7iqTt8fu3MFWaW0RBm+6+7xyqJPHnPjtvmvUer4Xgxr+GRqSrKS5rFeO5IV9HSY2oWsRz6VinE2HszPcTQnbjb1/fjxhwzDuZiKL2NFVi87Dngdx0jXBHTGyXnpi0LePdGJ6fKBRMrdCdrLT1C+IpB1N1A9iOGQ;25:vJ1cwnGFHXqKn2cvh2C4FZrvStWj3EMpztnpfl/Tjx4Qsa1NTyDBv3qV32gAKugMv61j+otmiaBwBt0bmOfZ03rGRrX7UcQ+rc7XTnyxkAJc0i8RoyrGn8AR8JeQ1mjXyWP1HXokKfC7yox6CzMk3JBjwYZMIA2tCOFf2XWDJcUKZa6j0qFX3SFJ0TzOU0zwh2M6o0l654csfZeRuacFF13XhDQjqtAVjhfquxN9zPuC/sHjNB/lG58SAcaQnPVdAGxmSaACqMy1PwpWNHog9db2n5d7Im8god9zgt46Js3HHOs5tYTQgapWXGqMB9542DS5MXeROtL3nKDJ0lZUQg==;31:xL0KY+h7mitOtfy4JrR1Ev3FihJLs0zekK/ska3dJvgZ2hENcSzd2szV5kYYrxOL0dDfHoUtWLwMdXQkICx5/TyUts4vNo1ZjX19LJEehfZLrJNIZ/aCw4Ay2U2BkVNFiOYsFAlTUfFUdfMFFI/Z8/SSkG5lP0sKEfMBgTBN/uvJ6NDqogj+3Wj2rTVw0xE5v36Lt+BhqEp7elVOFAsIEL5XT6lDuPrOM96JNLL5Lu8=
X-MS-TrafficTypeDiagnostic: BL2NAM02HT013:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 148.251.12.94
X-SID-PRA: xxxxxx#GMARTANDMUSIC.COM
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444111557)(2400082)(82015058);SRVR:BL2NAM02HT013;BCL:0;PCL:0;RULEID:;SRVR:BL2NAM02HT013;
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;4:Bc5X2fSq55q6XMZsvCFLE4oHXKXL5AZAhAZGBUeXJfY75ES2dSXErxmc7xoNzyLA16U6a91wm46mrzllh+DwD6td0a7B+FqqTkZLMfw1UxZf35JsXmDdyLpU63rwjc/T0E/8hyY0Uinuu/zpC269Zae7IhV06dz4dMG1ZUdQmLVCwcJfsYsuF1ycgLsaeea9rfe5VJ0vzJRF5Kjwsp6/45sIzfAvjaM1NRWN28XIqgeC9KzjkrGCDHNBssMNPHEC6ARImdxUfWfPCa7TGhaxDA==;23:9ce9ZtosrYf8R0AWrHrwrH6nHRFGA0RUmqVTj/4SCDE5RgcC0sMp0bKixp8n2AgXIuRTV0ZTuKiqzKOA4i1mY4GkGMtuv0WAzOfbRDl5bkTbY5gp6dkZeqxu3/4xTP+zGc4GK5P1di8jaB231YLNUMBN9aUczu5IbOzyc6vBd8o=;6:+MLQPaxRIfraFLgoX3JjZbUA7ZFjMzePdr6IsDt9SCRZq2vdH/0bYZjMD5UEXCaw1+3fuJ8BQ/hFtJ69ZDoqmJc+4N7GWBYUN5sbbUg24PDa1W9hTzCAr1Av9O0LjBN1E/cvgX+9prrdUy1eD2HRtHNzkP+WIQrsIq+KjxZPhT9ysksd1ZuGHwwyFq3aK4RUsIDdhPr7LXiMsJJpmfxRgWxdXWu7adqzd72kPr09ldQ72iQ+fTWazynvogcTifDSElpLyysFQOMTGRKp4udakmsMOzpPp20YFMC0lTmHX0oScTk5OH4w0i7UdFJCAo/ehU4/re8J9GE5InXHWHsCoV0ZpJUg5jNDKFw0u30Gesg=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam-Message-Info: OuQazSvupgp80LHlw+czkqj2YXRxJ0QBIScl742vWOMdG2wzIGCcvnjwKv0mn6syMbpUBIwG+3E6FEILAAZOWcoHrSb+2pS/S97ZcRjDKt4=
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;5:1vihEbjfm4w0pm8T51O74gHVNQvaejj6rpVyRG4bmX78g6gAUqueSkb52YX+h4H2briNVccbLvBzptKLfqWtiYr1MZhMdfhigOtMyzM/76B73XZSirNN/wko+wf6Ba2iWqJVDIL10irMj1ege5KuK7y4jgPRa/6Nos1NBF3CWg8=;24:y257repAHT3J5K+9FAz+ju5GwAeDT9Dy7y1za4bcm8wV0fE1SQxow6DM6Sjt9r8iP68AD+/kbyR1Yc704J/7b5Ed3XTILDAseHK2XJu96JQ=;7:ua5Dt7PMVmi84xiS1h9BtzyLl7QLi6JC+r1rU5YjsN1Gw1plKnJMMYZ2V/xYZc9/rG34Dima4cYTl/BjfzSz73BlnAwL31YsfOPIAIiZPGP3Xb24QluF+Ev2B1dXWk8ytql7skz5beXvN237wl4qxzhaZ1hZJrnr33llGEfjl6PN0PIvoJhO2WSwMZze7j46rMHzB2qDCkzcieGNXhpnIr1r/WCNt35vKz6wJHfhi+cfOfSCnjoU7Wgzdwr8U6bp
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2018 10:09:57.5256 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT013
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.3696719
X-MS-Exchange-Processed-By-BccFoldering: 15.20.0485.002
X-Microsoft-Exchange-Diagnostics:
1;MWHPR11MB1775;27:44NdIk2HdVv/O8NpcZyQqTL8z9aaX2OM2n4+LxMT5Q/uFhT/kCDKFStN8D8BLF/slFIj5EQ4/+9TvCPMYrTSKknMgF0+VemHMyOmLboDCpjpHk+zI560m6NBXQT67cXm
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
qoGN4b5S4yqCYaZhtdu4NotjTtV6S6AUSGN/bf9Z/EfhTJpB27DEs1qs/hyLYqvd0CepaM1Ig9vcfI2L/B8Bai8XajbnHGTRD8TogVmsnOlWHhYWUSIS0wwn4Z3RT9HkA8e0vBCZIU8qxvJhm98JrVDf7Gkw7ed4IoPDieNlaxJfZDCjjhDFl5D+iKF+xXIqqcoCHVTkN+834BwEpSP77Q==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Microsoft-Antispam-Message-Info:
Gjr7XNMmetzm1UAGg1+Q9ehieT3vn0z2N0AU3dtWtm1mapC5BN5/JpGtYnXwraRTPJQMhcwfeGXo7c/siYVtn9Ad0UkyNK53c1ho1uodzSzNv1wbnO4Pkw2skBfmrL8EXmNeSUggm/xsOVszQBGzH9IJQN4NMiaU+TXIDhno4YfqPtWEwKEhN0KKPSuJO2CTQXzieUWvBISGYTraBBqu03Pn3HF8yJMbzCCsXWsNrQtiy7JVGQeImnie9ShGYtTn2dgp5H641SfGwEaB9WRCVQ==
MIME-Version: 1.0
--Apple-Mail-89D34B6A-7702-4FBE-BCCD-41CBE90A98B6
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Microsoft-Exchange-Diagnostics:
1;MWHPR11MB1775;27:44NdIk2HdVv/O8NpcZyQqTL8z9aaX2OM2n4+LxMT5Q/uFhT/kCDKFStN8D8BLF/slFIj5EQ4/+9TvCPMYrTSKknMgF0+VemHMyOmLboDCpjpHk+zI560m6NBXQT67cXm
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
qoGN4b5S4yqCYaZhtdu4NotjTtV6S6AUSGN/bf9Z/EfhTJpB27DEs1qs/hyLYqvd0CepaM1Ig9vcfI2L/B8Bai8XajbnHGTRD8TogVmsnOlWHhYWUSIS0wwn4Z3RT9HkA8e0vBCZIU8qxvJhm98JrVDf7Gkw7ed4IoPDieNlaxJfZDCjjhDFl5D+iKF+xXIqqcoCHVTkN+834BwEpSP77Q==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Microsoft-Antispam-Message-Info:
Gjr7XNMmetzm1UAGg1+Q9ehieT3vn0z2N0AU3dtWtm1mapC5BN5/JpGtYnXwraRTPJQMhcwfeGXo7c/siYVtn9Ad0UkyNK53c1ho1uodzSzNv1wbnO4Pkw2skBfmrL8EXmNeSUggm/xsOVszQBGzH9IJQN4NMiaU+TXIDhno4YfqPtWEwKEhN0KKPSuJO2CTQXzieUWvBISGYTraBBqu03Pn3HF8yJMbzCCsXWsNrQtiy7JVGQeImnie9ShGYtTn2dgp5H641SfGwEaB9WRCVQ==
The server is not blacklisted.
There are no reputation issues that I'm aware of.
The email just contained a simple threaded discussion between users.
We use SPF, DKIM and DMARC and they clearly all passed their respective checks from what I see in the headers.
Still it get's delivered in the Junk mail folder.
The email seems to be originated from an iphone and delivered to my sendmail based server. Then, on the hotmail side, it was apparently passed through an endless series of spam checks (judging by the redundancy of ms oriented antispam headers). They all agree it's not spam.
SFV:NSPM
SCL=1
BCL:0
PCL:0
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
The only one that seems to disagree is this last "X-Microsoft-Antispam-Mailbox-Delivery" that shows a cryptic:
RF:JunkEmail
OFR:SpamFilterAuthJ
I was not able to find any documentation pertaining these codes. OFR could be "Offending Rule"? I don't know but the simple lack of documentation and answers is very annoying. What am I supposed to do? Tell my corporate clients "I'm sorry you can't deliver to microsoft based users?".
Any clues? Any ideas?
Have you checked the current ip status with postmaster SNDS of hotmail ?
There you could see 3 colours for ur ip. Red/Yellow/Green. Try to see the current status and build your reputation.
Related
My ISP (Virgin Media) is introducing DKIM in their emails.
After sending and email I had a look at the source and found that they are placing the DKIM signature between the Subject: header and the body.
Return-Path: <xxxxxxxx#blueyonder.co.uk>
Delivered-To: xxxxxxxx#blueyonder.co.uk
Received: from md17.tb.ukmail.iss.local ([212.54.57.73])
by mc8.tb.ukmail.iss.local (Dovecot) with LMTP id 5cl8E7ZoJlmNQwAAVqD7fw
for <xxxxxxxx#blueyonder.co.uk>; Thu, 25 May 2017 07:17:29 +0200
Received: from mx6.tb.ukmail.iss.as9143.net ([212.54.57.73])
by md17.tb.ukmail.iss.local (Dovecot) with LMTP id
EstZLcTm/VjmbwAAeUlFJQ
; Thu, 25 May 2017 07:17:29 +0200
Received: from know-smtprelay-omc-3.server.virginmedia.net ([80.0.253.67])
by mx6.tb.ukmail.iss.as9143.net with bizsmtp
id QVHM1v00m1U0oNg01VHVUu; Thu, 25 May 2017 07:17:29 +0200
X-SourceIP: 80.0.253.67
X-CNFS-Analysis: v=2.2 cv=K/RSJ2eI c=1 sm=1 tr=0
a=NusZbS+MIKNGTdhVDzOOtg==:117 a=o+HFlgnLNhdkn43EnkHUFQ==:17
a=KXL61P45u2kA:10 a=tJ8p9aeEuA8A:10 a=MTPcje7z3XVcjakvMuAA:9
Received: from [192.168.0.19] ([80.193.xxxx.xxxx])
by know-smtprelay-3-imp with bizsmtp
id QVHU1v0051httJ801VHU5a; Thu, 25 May 2017 06:17:29 +0100
X-Originating-IP: [80.193.182.78]
X-Authenticated-User: xxxxxxxxn#blueyonder.co.uk
X-Spam: 0
X-Authority: v=2.1 cv=XNzNMlVE c=1 sm=1 tr=0 a=o+HFlgnLNhdkn43EnkHUFQ==:117
a=o+HFlgnLNhdkn43EnkHUFQ==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10
a=s5jvgZ67dGcA:10 a=MTPcje7z3XVcjakvMuAA:9
From: xxxxxxxx#blueyonder.co.uk
To: xxxxxxxx#timothydutton.co.uk, xxxxxxxx#blueyonder.co.uk
Subject: Sending via Python
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blueyonder.co.uk;
s=meg.feb2017; t=1495689449;
bh=8bjk8lFzQ2833A/RBLNeoi8C+tOykYEwquKHC+57mNw=; h=From:To:Subject;
b=ZuUwY74fd1AyxgXZ1LalJmb4fUFNqrQzOPall5FXrwTWoEYMBqR6u44HNJ1VOp1Jh
+ik/ip8stBs7SXM/3ViaL/Vj4cP9CPdxO1UY/kblhojNF2Jw31f69gCpGdDQVCx6eC
1KNdN0VadqQYVXd//wERGhXo+h2tkN2Ey0fZHxItXnN4ua90wwJfg3Iq2kM16m7OYw
W+JiISTy84jqYxS7TFpgtfSLdZUG5y5OyG9r9rP9JBXxqBUIaq/QlAfcuTVJ9HXhLf
h0d0CWLqSRoNrE2Dcqe/ES5cl12tL1HR3wHN4oU/kT0ilINEzRGSzkkeT0eHAUSjC6
zfRok7vuo+GQA==
Yo this is a mail sent via Python 3.6
According to Virgin Media, this is expected behaviour. But my understanding was that SMTP servers should add the headers to the start rather than the middle of the message?
Is this allowed in the SMTP or DKIM standard, or could it cause problems?
Yes, this is allowed by the DKIM standard. The only requirement I'm aware of is the following:
The DKIM-Signature header field MUST be inserted before any other
DKIM-Signature fields in the header block.
RFC 6376 section 5.6
It is however recommended to prepended it to the message:
The DKIM-Signature header field SHOULD be treated as though it were a
trace header field as defined in Section 3.6 of [RFC5322] and hence
SHOULD NOT be reordered and SHOULD be prepended to the message.
RFC 6376 section 3.5
I have a website with a web form that is hosted with a third party. I'm having trouble with their server config/architecture and wanted to confirm a few things and show the mail headers I am receiving.
I know that I must explicitly set my mail to send through an outgoing mail server and port which I have specified (this is in order for the mail to send, it will not be sent if not sent through the SMTP server).
Upon setting the SMTP server and port here is the mail header:
x-store-info:sbevkl2QZR7OXo7WID5ZcdV2tiiWGqTnhQzu7BHe69dd2ZvcRr0xBttv16txT0x/MHyyxbQQOWxD0k3WKrQDVl56gwTtl9T9YlQDKWZad3R7ZbliBL6BSfw52gpz37cwL/qGTahKP+U=
Authentication-Results: hotmail.com; spf=softfail (sender IP is 213.171.216.60) smtp.mailfrom=test#hotmail.co.uk; dkim=none header.d=hotmail.co.uk; x-hmca=fail header.id=test#hotmail.co.uk
X-SID-PRA: test#hotmail.co.uk
X-AUTH-Result: FAIL
X-SID-Result: FAIL
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0y
X-Message-Info: NhFq/7gR1vSyCjVJ7Q2iIHhF9oW5eW+g+jrtzv+TwMhHX16XKDSEsIIxc1qXk1NO+AwFoToprpXBtEMxyoOvMnJSYUEEN4JngTWWsUg0/J3120nOI8GDZ8sF8m5iNGKuZt7Ds7svv3bOfUNBVLmpGlsbHUCNwXFNgry/rw0sWtsI0nyKa01KIdnxHDoLHp7GPP/klJGbBhJE2FLEW70tX5XZujwdcC9+R5m/pk5uo4uPxfmnwQK9yQ==
Received: from cust-smtp-auth1.fasthosts.net.uk ([213.171.216.60]) by BLU004-MC1F22.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
Mon, 28 Dec 2015 05:59:03 -0800
Received: from fun-booths.co.uk (unknown [88.208.252.229])
by cust-smtp-auth1.fasthosts.net.uk (Postfix) with ESMTP id 923AF74021D
for <c_qatest#hotmail.co.uk>; Mon, 28 Dec 2015 13:59:02 +0000 (GMT)
Date: Mon, 28 Dec 2015 13:59:02 +0000
To: c_qatest#hotmail.co.uk
From: "test#hotmail.co.uk" <test#hotmail.co.uk>
Subject: Fun Booths - Booking form
Message-ID: <918f36d31bf876f19ea6d9563c1ad348#fun-booths.co.uk>
X-Priority: 3
X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/)
Reply-To: test#hotmail.co.uk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Return-Path: test#hotmail.co.uk
X-OriginalArrivalTime: 28 Dec 2015 13:59:03.0161 (UTC) FILETIME=[E8B5FE90:01D14177]
Focusing on the Authentication-Results the (sender IP is 213.171.216.60) which is definitely the correct outgoing SMTP server. However the the spf result is spf=softfail.
After doing some research it was suggested that
The Return-Path header is empty. This means that during the SMTP
conversation, the MAIL FROM command did not specify an email address
where bounces are sent. It is the domain from this email address that
SPF tests. If there is no email address, a softfail will result.
Is this referring to the smtp.mailfrom field in the Authentication-Results which is set to a value of test#hotmail.co.uk in the example above?
I believe I have done what is required to implement SPF:
(1) I have set the SPF record in the domain's DNS zone
v=spf1 a ip4:213.171.216.0/24 mx -all
Now the confusion arises here. When someone else's mail server receives a message claiming to come from that domain, then
(2) the receiving server can check whether the message complies with the domain's stated policy
How does hotmail's receiving mail server for example do this check? because if I set a Return-Path of hello#fun-booths.co.uk then this results in spf=pass. Just to be clear www.fun-booths.co.uk is the domain being used.
x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uens6FBov4shFUrwGsQPla5CZKHNFpj4XdT2wfaqUtXggI++7RpfQIpooWW0Sp2ynYP894LLfhswpqbr+Di/ao+0Ofc9Btl/xdHLsTQXTk39KBE=
Authentication-Results: hotmail.com; spf=pass (sender IP is 213.171.216.60) smtp.mailfrom=hello#fun-booths.co.uk; dkim=none header.d=fun-booths.co.uk; x-hmca=pass header.id=hello#fun-booths.co.uk
X-SID-PRA: hello#fun-booths.co.uk
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w
X-Message-Info: NhFq/7gR1vTQzco4wDfDIuNexRCLt7KFLQW7EkmNLn/2YehuSC93bNZTp87n+KmseY8TwxSqCjOondyBGOJR9CRbKyT/FU2B2nhMw3SU8HjmnNyAmDcRFqxvARiDy1lMz5O7U5B61WNdLZsDb1vLPQ93l4XO90mQcjMfCI4SWr50rtHEJwK9Y/c2zDWf8jdVXEgQOyBm4pQwu9z7isJFvrHl9HRMGMcWeNHQVVCsFOoqJ8mhQItxPg==
Received: from cust-smtp-auth2.fasthosts.net.uk ([213.171.216.60]) by SNT004-MC2F7.hotmail.com with Microsoft SMTPSVC(7.5.7601.23143);
Mon, 28 Dec 2015 06:05:27 -0800
Received: from fun-booths.co.uk (unknown [88.208.252.229])
by cust-smtp-auth2.fasthosts.net.uk (Postfix) with ESMTP id 66414740221
for <c_qatest#hotmail.co.uk>; Mon, 28 Dec 2015 14:05:26 +0000 (GMT)
Date: Mon, 28 Dec 2015 14:05:26 +0000
To: c_qatest#hotmail.co.uk
From: "hello#fun-booths.co.uk" <hello#fun-booths.co.uk>
Subject: Fun Booths - Booking form
Message-ID: <85119bedb602f9865290c2ea218315b4#fun-booths.co.uk>
X-Priority: 3
X-Mailer: PHPMailer 5.2.10 (https://github.com/PHPMailer/PHPMailer/)
Reply-To: test#hotmail.co.uk
X-Sender: hello#fun-booths.co.uk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Return-Path: hello#fun-booths.co.uk
X-OriginalArrivalTime: 28 Dec 2015 14:05:27.0582 (UTC) FILETIME=[CDD7FBE0:01D14178]
This leads me on to my final questions - Is it true that the Return-Path must be set to a real email address on the site domain (www.fun-booths.co.uk), or mail will not send?
Because I have set up the mailbox hello#fun-booths.co.uk, however it seems even when I delete the mailbox that this still results in an spf=pass. It seems that in other words that not having a real email address on the domain, and instead just setting the Return-Path to hello#fun-booths.co.uk without the mailbox existing will result in an spf=pass. Should this be the case?
Is the email #fun-booths.co.uk set in the Return-Path used to determine the domain for the SPF checks?
Finally in the quotation above that mentions the SMTP conversation, is the MAIL FROM command referencing the smtp.mailfrom field in the Authentication-Results?
SPF Checks are always done with the envelope sender (MAIL FROM:) - smtp.mailfrom in your case. In the first mail you have test#hotmail.co.uk as envelope sender, but your server is not listed in the SPF record for hotmail.co.uk, and since that record has ~all as the last mechanism you get a Softfail.
In the second mail the envelope sender is hello#fun-booths.co.uk, so it's the SPF record for fun-booths.co.uk that is being used in that check.
So you should use a fun-booths.co.uk address as your envelope sender.
Depending on how you send mail from the web form there are different ways to control the envelope sender, but it may be that value of Return-Path is used as the envelope sender.
There don't have to be a mail-box for the envelope sender for the SPF to work, since SPF normally only look at the domain part of the address, but if the mail bounces somewhere in the process, the bounce message will normally be sent the the envelope sender, so it's a good idea to keep the mailbox for that address.
Using PHPMailer with SMTP, the following email was sent from my VPS (mydomain.com hosted by phpwebhosting) as if it came from my Comcast account (jane.doe#comcast.net) to my Gmail email (john.doe#gmail.com), and Gmail flagged it as spam.
Looking at the email headers, how can I determine what might make a email client flag an email as spam?
Delivered-To: jane.doe
Received: by 10.28.7.197 with SMTP id 188csp518471wmh;
Fri, 8 May 2015 06:51:39 -0700 (PDT)
X-Received: by 10.43.17.135 with SMTP id qc7mr4244827icb.14.1431093098853;
Fri, 08 May 2015 06:51:38 -0700 (PDT)
Return-Path: <john.doe#comcast.net>
Received: from smtp1.phpwebhosting.com (smtp1.phpwebhosting.com. [145.242.148.75])
by mx.google.com with SMTP id ag10si4096698icc.25.2015.05.08.06.51.38
for <jane.doe>;
Fri, 08 May 2015 06:51:38 -0700 (PDT)
Received-SPF: neutral (google.com: 145.242.148.75 is neither permitted nor denied by domain of john.doe#comcast.net) client-ip=145.242.148.75;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 145.242.148.75 is neither permitted nor denied by domain of john.doe#comcast.net) smtp.mail=john.doe#comcast.net;
dmarc=fail (p=NONE dis=NONE) header.from=comcast.net
Received: (qmail 29774 invoked from network); 8 May 2015 13:51:37 -0000
Received: from unknown (HELO test.sites.mydomain.com) (outgoing#mydomain.com#145.242.134.91)
by smtp1.phpwebhosting.com with (DHE-RSA-AES256-SHA encrypted) SMTP; Fri, 08 May 2015 09:51:37 -0400
Date: Fri, 8 May 2015 06:51:36 -0700
To: Jane Doe <jane.doe>
From: John Doe <john.doe#comcast.net>
Reply-To: john.doe#comcast.net
Subject: Mydomain Password for Test Site
Message-ID: <fa1b444df47091d2ca100f40d93b14cc#test.sites.mydomain.com>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_fa1b444df47091d2ca100f40d93b14cc"
Content-Transfer-Encoding: 8bit
--b1_fa1b444df47091d2ca100f40d93b14cc
Content-Type: text/plain; charset=us-ascii
Hello Jane,
I have added you to our Mydomain sales tracking and bid solicitation tool.
Your username is: jane.doe.
Click the following link within 24 hours to set your password: https://test.sites.mydomain.com/index.php?cid=25&task=display_p&t=28dba87d5fb8062e40a69f0192660471
Thank you
--b1_fa1b444df47091d2ca100f40d93b14cc
Content-Type: text/html; charset=us-ascii
<p>Hello Alvin,</p>
<p>I have added you to our Mydomain sales tracking and bid solicitation tool.</p>
<p>Your username is: jane.doe.</p>
<p>Click the following link within 24 hours to set your password: https://test.sites.mydomain.com/index.php?cid=25&task=display_p&t=28dba87d5fb8062e40a69f0192660471</p>
<p>Thank you</p>
--b1_fa1b444df47091d2ca100f40d93b14cc--
There is no surefire way to tell why Gmail flags an email as spam. Spam filters in general are black boxes from the perspective of the sender, as only those who know the inner workings and have access to logs can tell for sure what happened to certain email. The reason for flagging can be virtually anything, like violating the sender domain's policies, poor IP reputation, poor reputation of links used, similarity to spam emails, bad standards compliance and so on. Sometimes there is no singular reason either.
It's not that you can't make an educated guess. In this particular case, you are sending an email in the name of a comcast.net user, but you are bypassing Comcast servers entirely. Comcast has SPF and DMARC policies in place and although Comcast's SPF policy evaluation doesn't assert smtp1.phpwebhosting.com either permitted or not (SPF "neutral" result), the DMARC result that Gmail is getting is "fail". The DMARC policy for Comcast is not to flag emails failing email authetication (but report them only), but I'd still guess it's a bad omen. Try sending the email via your authorized Comcast server or use your own domain name for both From: and Return-Path to see if you can avoid getting flagged as spam.
I configured an email address with google apps for my company. When I send messages from Gmail to address#hotmail.com the message is received correctly in the inbox folder.
When I moved to Amazon SES, I configured correctly SPF and DKIM so that it may work fine. The big problem is that when I send from SES emails go allways into the spam folder!!!
This is the hotmail header of a message that is falled into the spam folder:
x-store-info:CnuewmGKkJzNjuOw4Ko28wB3rXpWYbsxTq8bIGVpexou/aH5YlneZSXtbrTNbKJ4GoT+OaKU2vnoHLIPY7tpJ7yfD4ei7NGnJPMqwC1IOiYDYaHi7z9UqM7HFUFg9PvdD/GTLm1Joes=
Authentication-Results: hotmail.com; spf=pass (sender IP is 54.240.8.95) smtp.mailfrom=0000014191bce21d-5857cbb3-7185-4a04-a62d-02029457d42b-000000#amazonses.com; dkim=pass header.d=beaudience.com; x-hmca=pass header.id=support#beaudience.com
X-SID-PRA: support#beaudience.com
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MjtHRD0xO1NDTD00
X-Message-Info: 11chDOWqoTmYiARgB8x0CqssYC30R1hAxykCxY7lMqvPXk+fm44PmUeqp2eso9uKqBo8WFDhDk3rZsgJn8uSIHpUqpn7/N+/COouobxjVl2F7FiiDMh/AjlIDYLoKhZeWqATlTzu9cdwruznM5Eh3gOw+h4szTV5OcHunEoeFZeggqKm4r8Wd97fzBr3wpj6Xji14R+Xo8C7zTF5xkQAV15Ns/IGAE0R
Received: from a8-95.smtp-out.amazonses.com ([54.240.8.95]) by COL0-MC3-F51.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Mon, 7 Oct 2013 00:06:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=fzsj4xlkgrzw4njd7a4n5dv47w5dmrc5; d=beaudience.com; t=1381129577;
h=Date:To:From:Reply-To:Subject:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;
bh=d9cLexwYe6DbP7/N2SXpl7aOUi58tQ37WMdTDDTQtvA=;
b=rR0at2KyIFuhpI6HFSd56LbiVPS2uPzECnYlscb7UliQraxznWxjRKrDCF3HVNJj
1/s3xjXaOLoCLk0H0B8xa76KzWgMwtxDulEFn39G06yRd9/r/17xTYzQ/MpMMn9lUlv
VT75xxTBO7iwm8hZ4ntQtBsMnnvybLC89tAoVXNE=
Date: Mon, 7 Oct 2013 07:06:17 +0000
Return-Path: 0000014191bce21d-5857cbb3-7185-4a04-a62d-02029457d42b-000000#amazonses.com
To: luca.pennisi#live.com
From: support BeAudience <support#beaudience.com>
Reply-To: support#beaudience.com
Subject: We remember you!
Message-ID: <0000014191bce21d-5857cbb3-7185-4a04-a62d-02029457d42b-000000#email.amazonses.com>
X-Priority: 3
X-Mailer: PHPMailer 5.2.6 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-SES-Outgoing: 2013.10.07-54.240.8.95
X-OriginalArrivalTime: 07 Oct 2013 07:06:18.0240 (UTC) FILETIME=[B83DF000:01CEC32B]
<html><head></head><body><b>Account
details:</b><p>username: tryHard<br />password:
porcodio</p><hr /><a
href="http://www.beaudience.com/joinus.php">Click
here to log-in</a><br /><br /><p>BeAudience
staff.</p></body></html>
I'm desperate, don't know what to do! I have configured SPF and DKIM but is useless! It not depends on the email content, I tried with different contents, html/non html but nothing to do with ses!!
It's not a problem on Amazon SES side, Microsoft filters are flagging your message based on multiple variables, like headers, content, domain age, etc.
That seems to be a Welcome Message, so the best way to go about it is to instruct the user to check the spam folder and mark the message as "not junk". Eventually and hopefully, Microsoft will learn from multiple user decisions and will start delivering your messages to the inbox.
Another advice, you are sending the message using PHPMailer. That header (X-Mailer: PHPMailer 5.2.6) may be triggering a flag on Microsoft side before even getting to your content.
I had the same problem. But I've fixed it. My steps:
add text/html version for mail;
check your html in email, make sure that is correct;
verify your domain in SES dashboard;
This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 10 years ago.
I am working for my college website . I wrote a php script ,that sends email using php mail function. But the problem is ,all the emails that I send is going into the recipients spam /Junk Folder.
In order to resolve it :
I tried all the steps and answers for the similar issues in stackoverflow and serverfault website Like:
*Proper Header
*Accurate From Name,etc
But yet the problem is unresolved.
This is the php code for sending email:
<?php
$from_address="webmaster#".$_SERVER['SERVER_NAME'];
$from_name="webmaster";
$headers = "MIME-Version: 1.0\r\n"
."Content-Type: text/plain; charset=utf-8\r\n"
."Content-Transfer-Encoding: 8bit\r\n"
."From: =?UTF-8?B?". base64_encode($from_name) ."?= <$from_address>\r\n"
."X-Mailer: PHP/". phpversion();
$subject="Web Mail Testing";
$body="This is test Message";
$to="riteshkumargupta1990#gmail.com";
mail($to, $subject, $body, $headers, "-fwebmaster#{$_SERVER['SERVER_NAME']}");
echo "The Mail is SuccessFully Sent to :".$to;
?>
I am also attaching the original email (that i received in my gmail account "riteshkumargupta1990#gmail.com")
Delivered-To: riteshkumargupta1990#gmail.com
Received: by 10.204.8.210 with SMTP id i18csp146000bki;
Wed, 21 Nov 2012 20:58:12 -0800 (PST)
Received: by 10.68.219.164 with SMTP id pp4mr1119127pbc.72.1353560291776;
Wed, 21 Nov 2012 20:58:11 -0800 (PST)
Return-Path: <webmaster#nitw.ac.in>
Received: from www.nitw.ac.in (www.nitw.ac.in. [218.248.13.200])
by mx.google.com with ESMTPS id sh10si3456960pbb.293.2012.11.21.20.58.10
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 21 Nov 2012 20:58:11 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of webmaster#nitw.ac.in designates 218.248.13.200 as permitted sender) client-ip=218.248.13.200;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of webmaster#nitw.ac.in designates 218.248.13.200 as permitted sender) smtp.mail=webmaster#nitw.ac.in
Received: from www.nitw.ac.in (localhost.localdomain [127.0.0.1])
by www.nitw.ac.in (8.13.8/8.13.8) with ESMTP id qAM50M0h016190
for <riteshkumargupta1990#gmail.com>; Thu, 22 Nov 2012 10:30:23 +0530
Received: (from nobody#localhost)
by www.nitw.ac.in (8.13.8/8.13.8/Submit) id qAM50McG016189;
Thu, 22 Nov 2012 10:30:22 +0530
Date: Thu, 22 Nov 2012 10:30:22 +0530
Message-Id: <201211220500.qAM50McG016189#www.nitw.ac.in>
X-Authentication-Warning: www.nitw.ac.in: nobody set sender to webmaster#nitw.ac.in using -f
To: riteshkumargupta1990#gmail.com
Subject: Web Mail Testing
X-PHP-Originating-Script: 0:mailer.php
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
From: =?UTF-8?B?d2VibWFzdGVy?= <webmaster#nitw.ac.in>
X-Mailer: PHP/5.3.5
This is test Message
Also while googling I found the uncommon reason for this sort of problem is server Blacklisting .
Then I use the following Tool to test it : http://www.mxtoolbox.com/SuperTool.aspx?action=mx%3anitw.ac.in#
I got shocked when the above tool test found my server in the black-list. How is this true?Since the original mail that i attached above says ":Received-SPF: pass (google.com: best guess record for domain of webmaster#nitw.ac.in designates 218.248.13.200 as permitted sender)
Also if my server is blacklisted , then how can i find the reason for blacklist and how to resolve it?
UPD:
From Shadow Comment : Can "X-Authentication-Warning: www.nitw.ac.in: nobody set sender to webmaster#nitw.ac.in using -f" msg be the probable reason? If yes , How can I Fix it?
Thank You!
Setting up SMTP server is tricky and tedious task unless it is ur job do it day in and day out.., Check if your server SSL certificate are signed properly with an authorized CA certificate., some times it could be the problem of a self signed certificates .,
Or you can also try out Gmail As your SMTP server which solves many problems .., Link