I tried many ways, to solve the problem, that mails are throw to spam in gmail... I set the Received: from, before it shown in gmail the note "noreply#odsantu.sk via lvps83-169-17-110.dedicated.hosteurope.de"... Now I have no idea, what can be wrong...
Delivered-To: dobikos#gmail.com
Received: by 10.14.125.5 with SMTP id y5csp282730eeh;
Thu, 22 Nov 2012 16:08:08 -0800 (PST)
Received: by 10.14.0.198 with SMTP id 46mr6776443eeb.21.1353629288333;
Thu, 22 Nov 2012 16:08:08 -0800 (PST)
Return-Path: <anonymous#vipfp.eu>
Received: from vipfp.eu (lvps83-169-17-110.dedicated.hosteurope.de. [83.169.17.110])
by mx.google.com with ESMTPS id a9si9044494eeo.114.2012.11.22.16.08.08
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 22 Nov 2012 16:08:08 -0800 (PST)
Received-SPF: neutral (google.com: 83.169.17.110 is neither permitted nor denied by best guess record for domain of anonymous#vipfp.eu) client-ip=83.169.17.110;
Authentication-Results: mx.google.com; spf=neutral (google.com: 83.169.17.110 is neither permitted nor denied by best guess record for domain of anonymous#vipfp.eu) smtp.mail=anonymous#vipfp.eu
Received: (qmail 13333 invoked by uid 33); 23 Nov 2012 01:08:07 +0100
To: dobikos#gmail.com
Subject: =?UTF-8?B?UG90dnJkZW5pZSBvYmplZG7DoXZreSBsaXN0dSBvZCBTYW4=?= =?UTF-8?B?dHU=?=
X-PHP-Originating-Script: 0:SendmailMailer.php
MIME-Version: 1.0
X-Mailer: Nette Framework
Date: Fri, 23 Nov 2012 01:08:07 +0100
From: "OdSantu.sk" <noreply#odsantu.sk>
Message-ID: <hyzaah4290#odsantu.sk>
Content-Type: multipart/alternative;
boundary="--------6p2unvd5n4"
----------6p2unvd5n4
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
.
.
.
contents
.
.
.
----------6p2unvd5n4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
.
.
.
contents
.
.
.
----------6p2unvd5n4--
Thanks
Staying out of spam filters is a bit like search engine optimization: it's a moving target.
But some basics:
send from a known hostname not some random IP
include user details (eg username, firstname, etc) in the content
make sure the From and Reply-to match
include actual text (empty or image emails often show as spam)
don't include links that look like spoofs
There are sites out there that track the latest trends you should be able to find them on Google.
Received: from vipfp.eu (lvps83-169-17-110.dedicated.hosteurope.de.
your system has a generic rDNS pointer which does not match the HELO, this can trigger spam filters. set your PTR to vipfp.eu as well in your vps control panel (or tell your vps hoster to do it for you if there is no reverse dns option in the control panel)
Received-SPF: neutral
consider adding SPF
Related
We've configured SPF, DKIM and DMARC records for our domain and they're working fine. Our DMARC reports from Gmail, Hotmail, Yahoo also confirm the same.
However, just last week, one of our (Gmail) users brought to our attention a fraudulent email sent from a spoofed email address on our domain.
After looking at the email headers, we realised Gmail didn't initiate a DMARC check at all and the email landed in user's inbox. Gmail had only performed an SPF check which had passed because the check was performed on the envelop FROM header domain.
The email header (with identifying details redacted) looked like the following:
Delivered-To: redacted#gmail.com
Received: by 10.28.167.23 with SMTP id q23csp326872wme;
Mon, 20 Feb 2017 23:53:04 -0800 (PST)
X-Received: by 10.36.147.1 with SMTP id y1mr22192213itd.34.1487663583976;
Mon, 20 Feb 2017 23:53:03 -0800 (PST)
Return-Path: <redacted#fraudulentdomain.net>
Received: from server2.fraudulentdomain.net (server2.fraudulentdomain.net. [144.X.Y.Z])
by mx.google.com with ESMTP id i196si19658513ioi.78.2017.02.20.23.53.03
for <redacted#gmail.com>;
Mon, 20 Feb 2017 23:53:03 -0800 (PST)
Received-SPF: pass (google.com: domain of redacted#fraudulentdomain.net designates 144.X.Y.Z as permitted sender) client-ip=144.X.Y.Z;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of redacted#fraudulentdomain.net designates 144.X.Y.Z as permitted sender) smtp.mailfrom=redacted#fraudulentdomain.net
Received: by server2.fraudulentdomain.net (Postfix, from userid 330)
id 385716C165; Tue, 21 Feb 2017 08:53:03 +0100 (CET)
To: redacted#gmail.com
Subject: Some Subject
From: My Service <spoofed#mydomain.com>,
"MIME-Version:1.0"#server2.fraudulentdomain.net
Content-type: text/html; charset=iso-8859-1
Message-Id: <20170221075303.385716C165#server2.fraudulentdomain.net>
Date: Tue, 21 Feb 2017 08:53:03 +0100 (CET)
Why did Gmail not initiate a DMARC check and just performed an SPF check? Is it got to do something with the Display FROM header having 2 values?
That's a bug, I reported it to Google, they have fixed it now.
Recently decided to move away from google mail services and to establish private mail server. What I came up to was that email sent from one me#example.com to inbox#gmail.com and spam#gmail.com was put in Inbox and Spam folders accordingly.
Problem
Why is the mail distributed to different folders? Does the mail destination folder (*#gmail.com) depends on
account settings - I was able to receive mail to Inbox from me#example.com when marked as non-spam in my gmail account ?
service settings - some specific requisites for gmail, for example, headers like Received-SPF, DKIM-Signature ?
global settings - superclass, other services (yahoo, hotmail, outlook), more/less headers ?
Message
Checked the pass'es in some header fields. That IMHO seems to be fine as well. The respective IP's are hidden.
Delivered-To: spam#gmail.com
Received: by [example.com] with SMTP id s194csp2015594wmd;
Tue, 16 Jun 2015 03:43:40 -0700 (PDT)
X-Received: by 10.66.154.233 with SMTP id vr9mr57332135pab.124.1434451419946;
Tue, 16 Jun 2015 03:43:39 -0700 (PDT)
Return-Path: <me#example.com>
Received: from mail.example.com (example.com. [[example.com]])
by mx.google.com with ESMTP id hf2si854902pbb.140.2015.06.16.03.43.38
for <spam#gmail.com>;
Tue, 16 Jun 2015 03:43:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of me#example.com designates [example.com] as permitted sender) client-ip=[example.com];
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of me#example.com designates [example.com] as permitted sender) smtp.mail=me#example.com;
dkim=pass header.i=#mail.example.com;
dmarc=pass (p=QUARANTINE dis=NONE) header.from=example.com
Received: from [spam#gmail.com] (unknown [[gmail.com]])
by mail.example.com (Postfix) with ESMTPSA id 7D2CB12164B
for <spam#gmail.com>; Tue, 16 Jun 2015 06:43:36 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.example.com;
s=default; t=1434451416;
bh=EmposAsl9Yoxe9cb6dijtNnJsjZ0DuYCuwTZhRF2GXU=;
h=Date:From:To:Subject:From;
b=cjR7tpLvJ1JFVPf/ddLM4rpooeo95kFlu3ybHSHW8IK6oOTA1QfKy/Q14U9CojrDL
IDf9s2fqNIBBAhH81ivwdNQQFo64hw4/rstljealG1lNQRiIl0zUvD3bm8WbC1CfWb
i3/d8CgiAYkixStNSYEYQhNaUEixWMmznk/bUJJg=
Message-ID: <557FFDD8.2070201#example.com>
Date: Tue, 16 Jun 2015 13:43:36 +0300
From: =?UTF-8?B?TcSBcnRpxYbFoSBFZ2zEq3Rpcw==?= <me#example.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: spam#gmail.com
Subject: Some test subject
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
This is some message, however the mail is put to Spam folder...
DNS
MX 50 mail.example.com.
TXT # "v=spf1 a mx ip4:[example.com] -all"
TXT _dmarc "v=DMARC1; p=quarantine; rua=mailto:postmaster#example.com"
TXT default._domainkey.mail "v=DKIM1; k=rsa; p=[some_long_string]"
Outro
Was following an quite nice tutorial and related posts here and here. Also checked DNS setup with public tools - everything was fine.
Update
The same email sent to yahoo was put into Inbox folder...
The answer to the problem is this line:
TXT _dmarc "v=DMARC1; p=quarantine; rua=mailto:postmaster#example.com"
As stated here the policy can be one of
none - the so-called monitor mode
quarantine - to treat the message with suspicion according to the receiver capabilities
reject - to reject the message outright
My website, all written in PHP, has an automatic system to notify users via email. Everything worked perfectly until i moved everything on a new less expensive dedicated server (new IP, also). Now, from the new server, all the emails are sent to the spam folder. Why? What happened? Gmail says it's marked as spam because it violates these guidelines about the sender. Here is the message header of one of the emails
Delivered-To: fontanavideostudios#gmail.com
Received: by 10.64.224.200 with SMTP id re8csp1701580iec;
Sun, 1 Feb 2015 07:30:19 -0800 (PST)
X-Received: by 10.140.22.5 with SMTP id 5mr1380826qgm.72.1422804619177;
Sun, 01 Feb 2015 07:30:19 -0800 (PST)
Return-Path: <noreply#racebooking.net>
Received: from ns362512.ip-91-121-174.eu ([2001:41d0:1:ef28::1])
by mx.google.com with ESMTP id e3si21772874qaf.113.2015.02.01.07.30.18
for <fontanavideostudios#gmail.com>;
Sun, 01 Feb 2015 07:30:19 -0800 (PST)
Received-SPF: none (google.com: noreply#racebooking.net does not designate permitted sender hosts) client-ip=2001:41d0:1:ef28::1;
Authentication-Results: mx.google.com;
spf=none (google.com: noreply#racebooking.net does not designate permitted sender hosts) smtp.mail=noreply#racebooking.net
Received: by ns362512.ip-91-121-174.eu (Postfix, from userid 504)
id DFE0916074; Sun, 1 Feb 2015 16:28:52 +0100 (CET)
To: fontanavideostudios#gmail.com
Subject: Qualcuno ha commentato il tuo post
X-PHP-Originating-Script: 504:new_notification.php
From: Racebooking <noreply#racebooking.net>
Reply-To: no-reply
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Message-Id: <20150201152852.DFE0916074#ns362512.ip-91-121-174.eu>
Date: Sun, 1 Feb 2015 16:28:52 +0100 (CET)
The domain, racebooking.net, has a good reputation and MX, mail, smtp point to the same ip: 91.121.174.40 which is the same IP of racebooking.net (here is a test)
Any idea?
Check this line in the header:
Received-SPF: none (google.com: noreply#racebooking.net does not designate permitted sender hosts) client-ip=2001:41d0:1:ef28::1;
Authentication-Results: mx.google.com;
spf=none (google.com: noreply#racebooking.net does not designate permitted sender hosts) smtp.mail=noreply#racebooking.net
I think you have not correctly configured the SPF entries in your DNS.
See this Google Products thread about this: https://productforums.google.com/forum/#!topic/apps/nvGcYDjONfc
I can see that you have no SPF entries defined for "racebooking.net":
$ dig +short racebooking.net txt
"1|www.racebooking.net"
You need to define an SPF entry like:
"v=spf1 mx a:mail0.racebooking.net -all"
You also need to include any other host from which you might be sending email (ie web applications sending email from #racebooking.net).
More info about what SPF is: http://en.wikipedia.org/wiki/Sender_Policy_Framework
Everyone knows changing mail address in address bar and pretending to send mail from someone else's accout is easy..
so i looked up on google "find out where email came from"
some of the links suggest-- 1. Log into your account and open the email in question.
Click on the down arrow that’s to the right of the Reply link. Choose Show Original from the list.
Now here’s the technical part that I was telling you about earlier! You need to look for the lines of text that start with “Received: from“.
I did all above steps but found out that gmail uses mail client ip as sender ip and not the ip of that particular PC(For security purpose they say...) It has sender's IP as mr. google.com and some private netwk IP(10.43.103.195)
so now my problem is -- is there any damn way in the world to trace where the hell did this mail come from??!!(at least IP of sender)?
This is the header i got when i followed above 3 steps which is of no use...--
Delivered-To: xxxxxxxx#gmail.com
Received: by 10.204.40.79 with SMTP id j15csp110512bke;
Fri, 22 Mar 2013 01:55:20 -0700 (PDT)
Return-Path: <xxxxxxxxxxx#gmail.com>
Received-SPF: pass (google.com: domain of xxxxxxxxxxx#gmail.com designates 10.43.103.195 as permitted sender) client-ip=10.43.103.195
Authentication-Results: mr.google.com;
spf=pass (google.com: domain of xxxxxxxxxxxx#gmail.com designates 10.43.103.195 as permitted sender) smtp.mail=xxxxxxxxxxxx#gmail.com;
dkim=pass header.i=#gmail.com
X-Received: from mr.google.com ([10.43.103.195])
by 10.43.103.195 with SMTP id dj3mr548753icc.3.1363942518977 (num_hops = 1);
Fri, 22 Mar 2013 01:55:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=x-received:mime-version:from:date:message-id:subject:to
:content-type;
bh=Vi/MI39WKoec07maKoVjz5/ZzUxhO1k+BoeRUkBbWOc=;
b=kZ/EniFvV15mZ9iBeKNiKsJsQvWHL5N8zqrazVxeKmAARQLotyAAIDU7Or9Xc1OBwY
cwuPqSKmVX1RV7tX5wwcdYyzEA/gmskzgGteimv0BInTzVO7dwgi4gU5cZYdm6Qj/GMo
rJfGs5ty6VjidYMFwyn0K5Z0frh2NX2e7RXP0R6da6U5WMU2bQ9epOD4ZhKF+bSdUvb9
WGu3/HWJNTgwrFivspsA6q0M6JkQWYFM6J83h62kIgU897gsXkRlwPacn63tHySC6CNm
DJZGzRJryQZEJTI4owOImP6XDrK+uxPDFAiTnIG5xFR8PBXsQp+FP+XcsqIHqXSjCtl1
xXdQ==
X-Received: by 10.43.103.195 with SMTP id dj3mr548753icc.3.1363942518971; Fri,
22 Mar 2013 01:55:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.134.164 with HTTP; Fri, 22 Mar 2013 01:54:58 -0700 (PDT)
From: xxxxxxxxxxxx#gmail.com
Date: Fri, 22 Mar 2013 14:24:58 +0530
Message-ID: <CACD4ahHmkbNCj9G5taUkXYC=K=n4qVvxY75SSSv3hUG00r6dkQ#mail.gmail.com>
Subject:
To: xxxxxxxx#gmail.com
Content-Type: multipart/alternative; boundary=bcaec5171a235666e504d87f9dd8
--bcaec5171a235666e504d87f9dd8
Content-Type: text/plain; charset=ISO-8859-1
If the sender uses gmail/yahoo/hotmail etc. to send an email (ie. if they don't use a third-party software like Outlook or Thunderbird), there is no way to find out the "PC IP address" because it's hidden for 'privacy reasons.' Probably the only legitimate way (other than through legal means) is to ask the sender to reveal their IP address (using such tools like https://verifyyourip.com).
I'm using sendmail to send a bunch of e-mails (I really have to send this e-mails, unfortunately) through php. The e-mail began to get into gmail and yahoo's SPAM boxes as soon as I stopped using my domain SMTP server, and started using the server's sendmail facility (I separated my domain name provider from my host, which is now Amazon).
After studying a little, I realized that I could solve this problem just by sending the e-mail authenticatedly (i.e. through my domain's SMTP server). Can I do that through configuration in sendmail? That way, I wouldn't need any changes on my application, only on my server infrastructure.
The headers I'm receiving (from an email at gmail)
Delivered-To: ***********#gmail.com
Received: by 10.227.152.2 with SMTP id e2cs188839wbw;
Fri, 29 Oct 2010 03:39:45 -0700 (PDT)
Received: by 10.100.13.16 with SMTP id 16mr263366anm.209.1288348783979;
Fri, 29 Oct 2010 03:39:43 -0700 (PDT)
Return-Path: <apache#ip-10-194-150-64.ec2.internal>
Received: from ip-10-194-150-64.ec2.internal (ec2-75-101-144-206.compute-1.amazonaws.com [75.101.144.206])
by mx.google.com with ESMTP id x32si2412082vcr.72.2010.10.29.03.39.43;
Fri, 29 Oct 2010 03:39:43 -0700 (PDT)
Received-SPF: neutral (google.com: 75.101.144.206 is neither permitted nor denied by best guess record for domain of apache#ip-10-194-150-64.ec2.internal) client-ip=75.101.144.206;
Authentication-Results: mx.google.com; spf=neutral (google.com: 75.101.144.206 is neither permitted nor denied by best guess record for domain of apache#ip-10-194-150-64.ec2.internal) smtp.mail=apache#ip-10-194-150-64.ec2.internal
Received: from ip-10-194-150-64.ec2.internal (localhost [127.0.0.1] (may be forged))
by ip-10-194-150-64.ec2.internal (8.13.8/8.13.8) with ESMTP id o9TAdhxQ017836
for <*************e#gmail.com>; Fri, 29 Oct 2010 06:39:43 -0400
Received: (from apache#localhost)
by ip-10-194-150-64.ec2.internal (8.13.8/8.13.8/Submit) id o9TAdhHk017833;
Fri, 29 Oct 2010 06:39:43 -0400
Date: Fri, 29 Oct 2010 06:39:43 -0400
Message-Id: <201010291039.o9TAdhHk017833#ip-10-194-150-64.ec2.internal>
To: ***********#gmail.com
Subject: Esqueci minha senha
From: Cidade dos Bicos <*****************#cidadedosbicos.com.br>
X-Mailer: Cidade dos Bicos
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Thanks
no that's not the real issue here, it's all about headers, if you send the correct heeaders attached to the mail you won't end up getting into the spam box if you don't actually spam them ;)
edit:
here is a site going through what headers and how they should be set
http://www.transio.com/content/how-pass-spam-filters-php-mail
The following code has worked for me in the past. Give it a try and let me know.
$to = "someguy#gmail.com";
$subject ="Howdy Pardner?";
$message="I'm riding west, join me";
$headers = 'From: me#philar.com' . "\n" .
'Reply-To: me#philar.com' . "\n" .
'Content-Type: text/html; charset="utf-8"' . "\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message,$headers);
For further referral: all my problems were because of bad configured DNS entries. Terms like MX, mx CNAME, PTR, DKIM should be in your veins when you decide to send e-mail.
This is a good reference: http://www.codinghorror.com/blog/2010/04/so-youd-like-to-send-some-email-through-code.html