This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 10 years ago.
I am working for my college website . I wrote a php script ,that sends email using php mail function. But the problem is ,all the emails that I send is going into the recipients spam /Junk Folder.
In order to resolve it :
I tried all the steps and answers for the similar issues in stackoverflow and serverfault website Like:
*Proper Header
*Accurate From Name,etc
But yet the problem is unresolved.
This is the php code for sending email:
<?php
$from_address="webmaster#".$_SERVER['SERVER_NAME'];
$from_name="webmaster";
$headers = "MIME-Version: 1.0\r\n"
."Content-Type: text/plain; charset=utf-8\r\n"
."Content-Transfer-Encoding: 8bit\r\n"
."From: =?UTF-8?B?". base64_encode($from_name) ."?= <$from_address>\r\n"
."X-Mailer: PHP/". phpversion();
$subject="Web Mail Testing";
$body="This is test Message";
$to="riteshkumargupta1990#gmail.com";
mail($to, $subject, $body, $headers, "-fwebmaster#{$_SERVER['SERVER_NAME']}");
echo "The Mail is SuccessFully Sent to :".$to;
?>
I am also attaching the original email (that i received in my gmail account "riteshkumargupta1990#gmail.com")
Delivered-To: riteshkumargupta1990#gmail.com
Received: by 10.204.8.210 with SMTP id i18csp146000bki;
Wed, 21 Nov 2012 20:58:12 -0800 (PST)
Received: by 10.68.219.164 with SMTP id pp4mr1119127pbc.72.1353560291776;
Wed, 21 Nov 2012 20:58:11 -0800 (PST)
Return-Path: <webmaster#nitw.ac.in>
Received: from www.nitw.ac.in (www.nitw.ac.in. [218.248.13.200])
by mx.google.com with ESMTPS id sh10si3456960pbb.293.2012.11.21.20.58.10
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 21 Nov 2012 20:58:11 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of webmaster#nitw.ac.in designates 218.248.13.200 as permitted sender) client-ip=218.248.13.200;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of webmaster#nitw.ac.in designates 218.248.13.200 as permitted sender) smtp.mail=webmaster#nitw.ac.in
Received: from www.nitw.ac.in (localhost.localdomain [127.0.0.1])
by www.nitw.ac.in (8.13.8/8.13.8) with ESMTP id qAM50M0h016190
for <riteshkumargupta1990#gmail.com>; Thu, 22 Nov 2012 10:30:23 +0530
Received: (from nobody#localhost)
by www.nitw.ac.in (8.13.8/8.13.8/Submit) id qAM50McG016189;
Thu, 22 Nov 2012 10:30:22 +0530
Date: Thu, 22 Nov 2012 10:30:22 +0530
Message-Id: <201211220500.qAM50McG016189#www.nitw.ac.in>
X-Authentication-Warning: www.nitw.ac.in: nobody set sender to webmaster#nitw.ac.in using -f
To: riteshkumargupta1990#gmail.com
Subject: Web Mail Testing
X-PHP-Originating-Script: 0:mailer.php
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
From: =?UTF-8?B?d2VibWFzdGVy?= <webmaster#nitw.ac.in>
X-Mailer: PHP/5.3.5
This is test Message
Also while googling I found the uncommon reason for this sort of problem is server Blacklisting .
Then I use the following Tool to test it : http://www.mxtoolbox.com/SuperTool.aspx?action=mx%3anitw.ac.in#
I got shocked when the above tool test found my server in the black-list. How is this true?Since the original mail that i attached above says ":Received-SPF: pass (google.com: best guess record for domain of webmaster#nitw.ac.in designates 218.248.13.200 as permitted sender)
Also if my server is blacklisted , then how can i find the reason for blacklist and how to resolve it?
UPD:
From Shadow Comment : Can "X-Authentication-Warning: www.nitw.ac.in: nobody set sender to webmaster#nitw.ac.in using -f" msg be the probable reason? If yes , How can I Fix it?
Thank You!
Setting up SMTP server is tricky and tedious task unless it is ur job do it day in and day out.., Check if your server SSL certificate are signed properly with an authorized CA certificate., some times it could be the problem of a self signed certificates .,
Or you can also try out Gmail As your SMTP server which solves many problems .., Link
Related
Trying to send out emails yet they end up in spam folders for some reason. So we tweaked and adjusted Dkim and Dmarc, now all records show passed within Gmail, yet still flags as spam.
Also tested via dkimvalidator , this results in all records pass and showing
SpamAssassin Score: -0.1
Message is NOT marked as spam
Now the breakdown of an email is shown below.
Sending IP has been changed for this post to 123.456.789.12
Sending domain has been changed to somedomain.net
sending email address has been changed to support#somedomain.net
Receiver email address has been changed to someuser#gmail.com
Original Message
Message ID <3164f55daebbc258d0a4846eda47142b#somedomain.net>
Created at: Fri, Mar 15, 2019 at 3:06 PM (Delivered after 1 second)
From: support#somedomain.net
To: someuser#gmail.com
Subject: Are you getting our emails?
SPF: PASS with IP 123.456.789.12Learn more
DKIM: 'PASS' with domain somedomain.netLearn more
DMARC: 'PASS' Learn more
Delivered-To: someuser#gmail.com
Received: by 2002:a05:6504:1158:0:0:0:0 with SMTP id r24csp952466ltn;
Fri, 15 Mar 2019 12:06:09 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwbxqRfiq2UKjVTB57wP4g1MW2NvFWKdyYY9P4PITERpXVsMmcdriTP6Fp9rsf+DU2Ky1nQ
X-Received: by 2002:a1c:230e:: with SMTP id j14mr3316801wmj.9.1552676769338;
Fri, 15 Mar 2019 12:06:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1552676769; cv=none;
d=google.com; s=arc-20160816;
b=kI1D5Zd50f7UIVNtLYscVA3w9dhrAzg3YfuSMJWIIag6Le+YNqzYUpTxlQ11pK0Jvd
9bQ8KztlKnEwTWvC90bUrX7FvNTdKTEeatTQao5I5z77QxBG8q96cYYnbmzHVzsKxcS6
eBJYwO7gabkTsJzdGHYeYR9pYHPANr5vhtkpGYn4OSEAvrTokXHnI7Lma5MlI+QcJFhO
eGb6omkWY05TGfZZYMJ9ny/8WBhG6W3mpuT+x3Z0mv9IWnuxhhnDWgYGb+qEK/cUkCjl
CLHaxq+uRh8MXnjzoChWHXc4elm8yKo9CS3qqAppMThxQ3X/2kp9SVg+EPKut9R3OtG0
D+ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=message-id:user-agent:subject:to:from:date
:content-transfer-encoding:mime-version:dkim-signature;
bh=GrxIPJ9zPlbqzf38J/MOr7Lt7eP6CUv0wQxJqM2McmE=;
b=QgXB7YGir4NdgYnbt+2pORQCK5bMsOT+mHtSghj+CrTIORIqW04ie/3v8iWpMop2uc
ZYby4O/YD5TohP7VnYT1/lHGcQO8BCK+BCqXJaJb1JyzoRFyAM2aVMfJonRphm3VSfzH
JCGAAQjW3hTRsANmiU4Toh5IgXVgLvz2ZFSbOjY+xEopHJar1XXg9kN9N+A8kZMJWIIk
dVXrhwSDV/1Z0/8ObepuXI+KZNRpyKItMjMMDDyh1Py7cQl1MJXnoTzr53aCeDw3nWWg
yUDRjq3kDUK2Rm0X/O43DGHQvAHvk7gge4UaE5rDFjtBphLVYO0Zadto3bQAFwAMouR9
H9Qg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=#esomedomain.net header.s=mail header.b="cLQsKmq/";
spf=pass (google.com: domain of support#somedomain.net designates 123.456.789.12 as permitted sender) smtp.mailfrom=support#somedomain.net;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=somedomain.net
Return-Path: <support#somedomain.net>
Received: from ms101.somedomain.net (vmi247326.someotherotherdomain.net. [123.456.789.12])
by mx.google.com with ESMTPS id k4si945224wmi.131.2019.03.15.12.06.09
for <someuser#gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 15 Mar 2019 12:06:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of support#somedomain.net designates 123.456.789.12 as permitted sender) client-ip=123.456.789.12;
Authentication-Results: mx.google.com;
dkim=pass header.i=#somedomain.net header.s=mail header.b="cLQsKmq/";
spf=pass (google.com: domain of support#somedomain.net designates 123.456.789.12 as permitted sender) smtp.mailfrom=support#somedomain.net;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=somedomain.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=somedomain.net; s=mail; h=Message-ID:Subject:To:From:Date: Content-Transfer-Encoding:Content-Type:MIME-Version:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
bh=GrxIPJ9zPlbqzf38J/MOr7Lt7eP6CUv0wQxJqM2McmE=; b=cLQsKmq/CfXyv0nzG9Fwi6cs4 Ei3zkeoZTgWBvLZfF303+EVPnwUdqgKKlXfLntlfW+8lp54rm3S/dI9p640dC6IIoGJrdkYwWUw+0 J0K6U9rSTs1yUJ8mM6kWdYURmUQ7eAMvbqFtCIXhcXPBBlKDgvFGCpwz5GnSark8zkU7c=;
Received: from localhost ([127.0.0.1] helo=ms101.somedomain.net) by vmi247326.someotherdomain.net with esmtp (Exim 4.91) (envelope-from <support#somedomain.net>) id 1h4s9g-0001pt-Nb for someuser#gmail.com; Fri, 15 Mar 2019 15:06:08 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 15 Mar 2019 15:06:08 -0400
From: suppor#somedomain.net
To: someuser#gmail.com
Subject: Are you getting our emails?
User-Agent: Roundcube Webmail/1.4-rc1
Message-ID: <3164f55daebbc258d0a4846eda47142b#somedomain.net>
X-Sender: support#somedomain.net
Currently running centos 7 --> VestaCP
Roundcube using postfix, yet don't mind switching to horde or 3rd party ESP if needed.
The only thing that I can think is the sending domain is a sub domain of the root yet we've added MX record with priority 1 within DNS on cloudflare to accept mail for root domain, yet the sub domain is hosted on same server and same IP.
The Message ID is being generated from somewhere, I am not sure. This may be the reason for spam flag as well.
Any help is greatly appreciated.
I worked in G Suite support a while back, spent a lot of time working with Gmail.
Some things to keep in mind,
1) Try to have your SPF with ~all instead of ?all (I can still see your domain in the return path, you may want to edit that out).
2) Your DKIM needs to be added into the domain listed in the return path. If the return-path is domaina.com, the DKIM needs to be from domaina.com
3) DMARC doesn't really help that much when sending email, is mostly used to prevent inbound spoofing against your domain, it's still good to have it nonetheless.
4) Try sending emails from a different server, sometimes specific servers have pretty bad rep, causing emails to be marked as spam (mail-tester.com tool helps get an idea of how spammy your emails are).
5) Try not to send marketing emails to people who have never heard from you. In case you're actually doing that, use a dedicated service (like Mailchimp) that maay help the delivery (also, avoid bccs).
Other than that, the tough answer, you can do everything good, but there is 0 guarantee that your email will never be marked as spam, sadly, it's half in your control, the other half is what others have reported from your domain, your server, your content, your actual username, links included, etc. Keep in mind that your reputaion varies per server, so if emails land in spam in Gmail, it doesn't necesarily mean that it'll land in spam in hotmail. Sometimes using a completely different domain/server/service helps, but if the reputation is already tainted, only marking emails as 'not spam' would eventually help the delivery (I know, it sucks when that happens).
Cheers!
I manage various servers that send and receive email at various levels. Mostly I use Sendmail on FreeBSD machines.
I'm having problems in delivering to Hotmail users and apparently more in general anyone that makes use of microsoft based antispam filters (I could be wrong here... it's my feeling).
Here are the headers of an email that was delivered to the Junk mail folder of a hotmail user. It was sent from a server of mine.
Received: from BL2NAM02HT013.eop-nam02.prod.protection.outlook.com
(10.172.93.15) by MWHPR11MB1775.namprd11.prod.outlook.com with HTTPS via
MWHPR1601CA0005.NAMPRD16.PROD.OUTLOOK.COM; Thu, 8 Feb 2018 10:09:59 +0000
Received: from BL2NAM02FT033.eop-nam02.prod.protection.outlook.com
(10.152.76.55) by BL2NAM02HT013.eop-nam02.prod.protection.outlook.com
(10.152.77.51) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.444.13; Thu, 8
Feb 2018 10:09:59 +0000
Authentication-Results: spf=pass (sender IP is 148.251.12.94)
smtp.mailfrom=gmartandmusic.com; hotmail.com; dkim=pass (signature was
verified) header.d=gmartandmusic.com;hotmail.com; dmarc=pass action=none
header.from=gmartandmusic.com;
Received-SPF: Pass (protection.outlook.com: domain of gmartandmusic.com
designates 148.251.12.94 as permitted sender)
receiver=protection.outlook.com; client-ip=148.251.12.94;
helo=mail.europa.tuorlo.net;
Received: from mail.europa.tuorlo.net (148.251.12.94) by
BL2NAM02FT033.mail.protection.outlook.com (10.152.77.163) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.20.444.13 via Frontend Transport; Thu, 8 Feb 2018 10:09:57 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:3155FEC5C9D2530E959B4E07187F7D85EAB207E86B21DBD388EE2E71D188C39C;UpperCasedChecksum:68C64367B668FDE28564CAAC7801A9DF0B763468DCDE2B54A67FCFB40608C4EF;SizeAsReceived:1418;Count:12
Received: from auth (mail.europa.tuorlo.net [148.251.12.111]) by mail.europa.tuorlo.net (8.15.2/8.15.2) with ESMTPSA id w18A9qi2063516
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <yyyyyyyy#hotmail.com>; Thu, 8 Feb 2018 11:09:56 +0100 (CET)
(envelope-from xxxxxx#gmartandmusic.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmartandmusic.com;
s=europa; t=1518084596;
bh=Fw4LmErhAxOi/F7NxHoWyOX/LBhnx8rr2vjP9sF8wgs=;
h=From:Date:Subject:References:To;
b=smkwjTavx8NlQhBXyLGXWpLdYuPXc9qSqbkZ1DZJrnyLkNqUgfVkXmOtVGoC+Qzn9
Asn9V/Sb7EmPj6XJfnuXgTMtzz2pHb2J8oVY8t3A5ffO8k6V27k9yo/utNvmt8wuJX
Ozhyfn8CTmP6o1/Ak40QA5uwGuKSbEBWy/IyBYp+yPiyoWZ4r+LDTDGPwWUSVDrOD1
LjTCIwOtVvECw1OejxAe5aY+tluKjnEZIYEqawv8pSr3yznZJpdaDhuJF+3EtjtEBm
2iRsmG/tKzmZjQm5FQk66gZX4iwShAVgRPpxTmQ8bUR7qFR0sJ58F5iaOiXBi16bNc
ZU5m+VRtusqSQ==
From: AAAAAA BBBBBB <xxxxxx#gmartandmusic.com>
Content-Type: multipart/alternative;
boundary="Apple-Mail-89D34B6A-7702-4FBE-BCCD-41CBE90A98B6"
Content-Transfer-Encoding: 7bit
Date: Thu, 8 Feb 2018 04:09:52 -0600
Subject: Fwd: XXXXXX/XXXXXX/ MENORCA/ MAYO 2.021
Message-ID: <C8E45C6B-C6F6-43E9-A89F-511837A7ECFB#gmartandmusic.com>
References: <00A74997-678C-430C-89E0-F86081C7EF4D#infotelecom.es>
To: XXXX YYYY <yyyyyyyy#hotmail.com>
X-Mailer: iPhone Mail (15D60)
X-IncomingHeaderCount: 12
Return-Path: xxxxxx#gmartandmusic.com
X-MS-Exchange-Organization-Network-Message-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02FT033;1:hnTtkDvat2snlgurDQUVhYHckuMJhexw7rK/nMMILQql/P1hj3ZYszrvHlCTQ+cJV7wsMPwXfvp32kBc7HmUnj25fk1jbqqyJBW31tz9XQUHomlZtr7nZ+WhdGFNNRb8
X-Forefront-Antispam-Report: EFV:NLI;SFV:NSPM;SFS:(98901004);DIR:INB;SFP:;SCL:1;SRVR:BL2NAM02HT013;H:mail.europa.tuorlo.net;FPR:;SPF:None;LANG:;
X-MS-Exchange-Organization-AuthSource: BL2NAM02FT033.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(5000109)(4604075)(4605076)(610169)(650170)(651021)(8291501071);SRVR:BL2NAM02HT013;
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;3:HFLkOvxb6v1otyVU+/4qGCI+fmLt/Wqog/HK8GHBqXEB3WB2/axCWD1jjLiZlE296Z8SYck6EVAxyuGrHKGKu1B4EME0OZmUxUyS5U8ekffZJkZPm02+XFw8rfWUEuJPbIKflo2V4k+kWwO9/pzmcZDyrTjVFNWzB7iqTt8fu3MFWaW0RBm+6+7xyqJPHnPjtvmvUer4Xgxr+GRqSrKS5rFeO5IV9HSY2oWsRz6VinE2HszPcTQnbjb1/fjxhwzDuZiKL2NFVi87Dngdx0jXBHTGyXnpi0LePdGJ6fKBRMrdCdrLT1C+IpB1N1A9iOGQ;25:vJ1cwnGFHXqKn2cvh2C4FZrvStWj3EMpztnpfl/Tjx4Qsa1NTyDBv3qV32gAKugMv61j+otmiaBwBt0bmOfZ03rGRrX7UcQ+rc7XTnyxkAJc0i8RoyrGn8AR8JeQ1mjXyWP1HXokKfC7yox6CzMk3JBjwYZMIA2tCOFf2XWDJcUKZa6j0qFX3SFJ0TzOU0zwh2M6o0l654csfZeRuacFF13XhDQjqtAVjhfquxN9zPuC/sHjNB/lG58SAcaQnPVdAGxmSaACqMy1PwpWNHog9db2n5d7Im8god9zgt46Js3HHOs5tYTQgapWXGqMB9542DS5MXeROtL3nKDJ0lZUQg==;31:xL0KY+h7mitOtfy4JrR1Ev3FihJLs0zekK/ska3dJvgZ2hENcSzd2szV5kYYrxOL0dDfHoUtWLwMdXQkICx5/TyUts4vNo1ZjX19LJEehfZLrJNIZ/aCw4Ay2U2BkVNFiOYsFAlTUfFUdfMFFI/Z8/SSkG5lP0sKEfMBgTBN/uvJ6NDqogj+3Wj2rTVw0xE5v36Lt+BhqEp7elVOFAsIEL5XT6lDuPrOM96JNLL5Lu8=
X-MS-TrafficTypeDiagnostic: BL2NAM02HT013:
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 148.251.12.94
X-SID-PRA: xxxxxx#GMARTANDMUSIC.COM
X-SID-Result: PASS
X-MS-Exchange-Organization-PCL: 2
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(444111557)(2400082)(82015058);SRVR:BL2NAM02HT013;BCL:0;PCL:0;RULEID:;SRVR:BL2NAM02HT013;
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;4:Bc5X2fSq55q6XMZsvCFLE4oHXKXL5AZAhAZGBUeXJfY75ES2dSXErxmc7xoNzyLA16U6a91wm46mrzllh+DwD6td0a7B+FqqTkZLMfw1UxZf35JsXmDdyLpU63rwjc/T0E/8hyY0Uinuu/zpC269Zae7IhV06dz4dMG1ZUdQmLVCwcJfsYsuF1ycgLsaeea9rfe5VJ0vzJRF5Kjwsp6/45sIzfAvjaM1NRWN28XIqgeC9KzjkrGCDHNBssMNPHEC6ARImdxUfWfPCa7TGhaxDA==;23:9ce9ZtosrYf8R0AWrHrwrH6nHRFGA0RUmqVTj/4SCDE5RgcC0sMp0bKixp8n2AgXIuRTV0ZTuKiqzKOA4i1mY4GkGMtuv0WAzOfbRDl5bkTbY5gp6dkZeqxu3/4xTP+zGc4GK5P1di8jaB231YLNUMBN9aUczu5IbOzyc6vBd8o=;6:+MLQPaxRIfraFLgoX3JjZbUA7ZFjMzePdr6IsDt9SCRZq2vdH/0bYZjMD5UEXCaw1+3fuJ8BQ/hFtJ69ZDoqmJc+4N7GWBYUN5sbbUg24PDa1W9hTzCAr1Av9O0LjBN1E/cvgX+9prrdUy1eD2HRtHNzkP+WIQrsIq+KjxZPhT9ysksd1ZuGHwwyFq3aK4RUsIDdhPr7LXiMsJJpmfxRgWxdXWu7adqzd72kPr09ldQ72iQ+fTWazynvogcTifDSElpLyysFQOMTGRKp4udakmsMOzpPp20YFMC0lTmHX0oScTk5OH4w0i7UdFJCAo/ehU4/re8J9GE5InXHWHsCoV0ZpJUg5jNDKFw0u30Gesg=
X-MS-Exchange-Organization-SCL: 1
X-Microsoft-Antispam-Message-Info: OuQazSvupgp80LHlw+czkqj2YXRxJ0QBIScl742vWOMdG2wzIGCcvnjwKv0mn6syMbpUBIwG+3E6FEILAAZOWcoHrSb+2pS/S97ZcRjDKt4=
X-Microsoft-Exchange-Diagnostics: 1;BL2NAM02HT013;5:1vihEbjfm4w0pm8T51O74gHVNQvaejj6rpVyRG4bmX78g6gAUqueSkb52YX+h4H2briNVccbLvBzptKLfqWtiYr1MZhMdfhigOtMyzM/76B73XZSirNN/wko+wf6Ba2iWqJVDIL10irMj1ege5KuK7y4jgPRa/6Nos1NBF3CWg8=;24:y257repAHT3J5K+9FAz+ju5GwAeDT9Dy7y1za4bcm8wV0fE1SQxow6DM6Sjt9r8iP68AD+/kbyR1Yc704J/7b5Ed3XTILDAseHK2XJu96JQ=;7:ua5Dt7PMVmi84xiS1h9BtzyLl7QLi6JC+r1rU5YjsN1Gw1plKnJMMYZ2V/xYZc9/rG34Dima4cYTl/BjfzSz73BlnAwL31YsfOPIAIiZPGP3Xb24QluF+Ev2B1dXWk8ytql7skz5beXvN237wl4qxzhaZ1hZJrnr33llGEfjl6PN0PIvoJhO2WSwMZze7j46rMHzB2qDCkzcieGNXhpnIr1r/WCNt35vKz6wJHfhi+cfOfSCnjoU7Wgzdwr8U6bp
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2018 10:09:57.5256 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 35b1621c-5d7f-40d4-4ff6-08d56edc1ba6
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT013
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.3696719
X-MS-Exchange-Processed-By-BccFoldering: 15.20.0485.002
X-Microsoft-Exchange-Diagnostics:
1;MWHPR11MB1775;27:44NdIk2HdVv/O8NpcZyQqTL8z9aaX2OM2n4+LxMT5Q/uFhT/kCDKFStN8D8BLF/slFIj5EQ4/+9TvCPMYrTSKknMgF0+VemHMyOmLboDCpjpHk+zI560m6NBXQT67cXm
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
qoGN4b5S4yqCYaZhtdu4NotjTtV6S6AUSGN/bf9Z/EfhTJpB27DEs1qs/hyLYqvd0CepaM1Ig9vcfI2L/B8Bai8XajbnHGTRD8TogVmsnOlWHhYWUSIS0wwn4Z3RT9HkA8e0vBCZIU8qxvJhm98JrVDf7Gkw7ed4IoPDieNlaxJfZDCjjhDFl5D+iKF+xXIqqcoCHVTkN+834BwEpSP77Q==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Microsoft-Antispam-Message-Info:
Gjr7XNMmetzm1UAGg1+Q9ehieT3vn0z2N0AU3dtWtm1mapC5BN5/JpGtYnXwraRTPJQMhcwfeGXo7c/siYVtn9Ad0UkyNK53c1ho1uodzSzNv1wbnO4Pkw2skBfmrL8EXmNeSUggm/xsOVszQBGzH9IJQN4NMiaU+TXIDhno4YfqPtWEwKEhN0KKPSuJO2CTQXzieUWvBISGYTraBBqu03Pn3HF8yJMbzCCsXWsNrQtiy7JVGQeImnie9ShGYtTn2dgp5H641SfGwEaB9WRCVQ==
MIME-Version: 1.0
--Apple-Mail-89D34B6A-7702-4FBE-BCCD-41CBE90A98B6
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Microsoft-Exchange-Diagnostics:
1;MWHPR11MB1775;27:44NdIk2HdVv/O8NpcZyQqTL8z9aaX2OM2n4+LxMT5Q/uFhT/kCDKFStN8D8BLF/slFIj5EQ4/+9TvCPMYrTSKknMgF0+VemHMyOmLboDCpjpHk+zI560m6NBXQT67cXm
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ex:0;auth:1;dest:J;ENG:(400001000128)(400125000095)(5062000261)(5061607266)(5061608174)(4900095)(4920089)(6375004)(4950112)(4990090)(9140004);RF:JunkEmail;OFR:SpamFilterAuthJ;
X-Message-Info:
qoGN4b5S4yqCYaZhtdu4NotjTtV6S6AUSGN/bf9Z/EfhTJpB27DEs1qs/hyLYqvd0CepaM1Ig9vcfI2L/B8Bai8XajbnHGTRD8TogVmsnOlWHhYWUSIS0wwn4Z3RT9HkA8e0vBCZIU8qxvJhm98JrVDf7Gkw7ed4IoPDieNlaxJfZDCjjhDFl5D+iKF+xXIqqcoCHVTkN+834BwEpSP77Q==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Microsoft-Antispam-Message-Info:
Gjr7XNMmetzm1UAGg1+Q9ehieT3vn0z2N0AU3dtWtm1mapC5BN5/JpGtYnXwraRTPJQMhcwfeGXo7c/siYVtn9Ad0UkyNK53c1ho1uodzSzNv1wbnO4Pkw2skBfmrL8EXmNeSUggm/xsOVszQBGzH9IJQN4NMiaU+TXIDhno4YfqPtWEwKEhN0KKPSuJO2CTQXzieUWvBISGYTraBBqu03Pn3HF8yJMbzCCsXWsNrQtiy7JVGQeImnie9ShGYtTn2dgp5H641SfGwEaB9WRCVQ==
The server is not blacklisted.
There are no reputation issues that I'm aware of.
The email just contained a simple threaded discussion between users.
We use SPF, DKIM and DMARC and they clearly all passed their respective checks from what I see in the headers.
Still it get's delivered in the Junk mail folder.
The email seems to be originated from an iphone and delivered to my sendmail based server. Then, on the hotmail side, it was apparently passed through an endless series of spam checks (judging by the redundancy of ms oriented antispam headers). They all agree it's not spam.
SFV:NSPM
SCL=1
BCL:0
PCL:0
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
The only one that seems to disagree is this last "X-Microsoft-Antispam-Mailbox-Delivery" that shows a cryptic:
RF:JunkEmail
OFR:SpamFilterAuthJ
I was not able to find any documentation pertaining these codes. OFR could be "Offending Rule"? I don't know but the simple lack of documentation and answers is very annoying. What am I supposed to do? Tell my corporate clients "I'm sorry you can't deliver to microsoft based users?".
Any clues? Any ideas?
Have you checked the current ip status with postmaster SNDS of hotmail ?
There you could see 3 colours for ur ip. Red/Yellow/Green. Try to see the current status and build your reputation.
We recently implemented a DMARC record for our domain:
"v=DMARC1; p=quarantine; pct=100; rua=mailto:me#mydomain.com"
(quarantine 100% of non-authenticated emails and send aggregate report to "me")
We use a third-party vendor to issue invites. The vendor sends email from invites#invites.vendordomain.com which is then sent through a mail relay "smtp3.mailrelaydomain.it". I also know that the mail relay uses a single ip address.
That address is included in our SPF record:
"v=spf1 ...[SNIP reference for other mail servers SNIP]... ip4:[ip address for the mail relay] ~all"
When I send an invite using the vendor's service, the message is quarantined.
When I view the aggregate DMARC report I see that the invite:
is recognized as being from an SPF-Authorized Server
passes raw SPF authentication for the sender's domain (invites#invites.vendordomain.com")
passes raw DKIM authentication for the mail relay domain (smtp3.mailrelaydomain.it)
Fails DMARC authentication for both DKIM and SPF for mydomain
Here is a sample headers from an invite.
BEGIN SAMPLE EMAIL HEADER
Delivered-To: someone#mydomain.com
Received: by 10.64.252.9 with SMTP id zo9csp100581iec;
Wed, 21 Oct 2015 11:40:13 -0700 (PDT)
X-Received: by 10.55.195.147 with SMTP id r19mr12995508qkl.12.1445452813709;
Wed, 21 Oct 2015 11:40:13 -0700 (PDT)
Return-Path: <invites#invites.vendordomain.com>
Received: from smtp3.mailrelaydomain.it (smtp3.mailrelaydomain.it. [ip for mail relay])
by mx.google.com with ESMTP id w15si9297939qha.131.2015.10.21.11.40.13
for <someone#mydomain.com>;
Wed, 21 Oct 2015 11:40:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of invites#invites.vendordomain.com designates [mail relay ip] as permitted sender) client-ip=[mail relay ip];
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of invites#invites.vendordomain.com designates [mail relay ip] as permitted sender) smtp.mailfrom=invites#invites.vendordomain.com;
dkim=pass header.i=#mailrelaydomain.it;
dmarc=fail (p=QUARANTINE dis=QUARANTINE) header.from=mydomain.com
Received: from FS-S05.vendorparentdomain.com (unknown [vendor parent ip])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp3.mailrelaydomain.it (Postfix) with ESMTPSA id 23387A0CBC
for <someone#mydomain.com>; Wed, 21 Oct 2015 15:07:35 -0400 (EDT)
DKIM-Signature: [DKIM Content]
Content-Type: multipart/alternative;
boundary="===============2166944298367943586=="
MIME-Version: 1.0
Subject: Please take our survey
From: Me <me#mydomain.com>
To: Someone Else <someone#mydomain.com>
Cc:
Date: Wed, 21 Oct 2015 18:39:48 -0000
Message-ID: <20151021183948.27448.90706#FS-S05.vendorparentdomain.com>
List-Unsubscribe: [unsubscribe link],
<mailto:invites#invites.vendordomain.com>
Reply-To: Me <me#mydomain.com>
X-Sender: invites#invites.vendordomain.com
I believe the issue is related to the from domain in the message not matching the domain for the message envelope; however, the vendor is unable to change their settings (i.e., envelope will always be from the vendor domain) so any chance of this working with DMARC will have to come from my end.
Knowing that the SPF record can (and does) identify the invite as being from an SPF-Authorized Server, are there any other settings or records I can add to also ensure DMARC authentication for invites from the vendor?
Having read several online articles and "DMARC -spf and DKIM record queries" I suspect I am out of luck, but need to ask the question plainly/specific to my situation just to be sure.
Thanks
You are correct, you are out of luck unless the vendor can change something. What is failing is Identifier Alignment - https://www.rfc-editor.org/rfc/rfc7489#section-3.1 - because what is being authenticated (invites.vendordomain.com via SPF) does not align to the domain the user sees (me#mydomain.com) and the message then, correctly, fails DMARC.
There are three options:
Stop sending with a From: header of your domain at the vendor; you can still use a Reply-To: header with your own address.
Have the vendor align the mail from to your domain. If they don't do this they can't pass DMARC, and at some point they will want to pass DMARC or people will find other solutions. You can have them send with an envelope from of vendorname.mydomain.com and you can set up an MX for that subdomain that points to them to support bounce processing. This has been BCP for a while.
Have the vendor sign with DKIM and us an aligned DKIM signature. This is also best common practice. You only need SPF or DKIM to pass, and DKIM passes are more valuable (because they survive forwarding in many cases) than SPF, so this is the option I would personally prioritize if I were you.
Back in like 2012 and 2013 a lot of vendors pushed back against both of these options, but I honestly haven't seen a vendor in a long time (I spend 100% of my day job on DMARC) that won't support at least aligned DKIM.
Using PHPMailer with SMTP, the following email was sent from my VPS (mydomain.com hosted by phpwebhosting) as if it came from my Comcast account (jane.doe#comcast.net) to my Gmail email (john.doe#gmail.com), and Gmail flagged it as spam.
Looking at the email headers, how can I determine what might make a email client flag an email as spam?
Delivered-To: jane.doe
Received: by 10.28.7.197 with SMTP id 188csp518471wmh;
Fri, 8 May 2015 06:51:39 -0700 (PDT)
X-Received: by 10.43.17.135 with SMTP id qc7mr4244827icb.14.1431093098853;
Fri, 08 May 2015 06:51:38 -0700 (PDT)
Return-Path: <john.doe#comcast.net>
Received: from smtp1.phpwebhosting.com (smtp1.phpwebhosting.com. [145.242.148.75])
by mx.google.com with SMTP id ag10si4096698icc.25.2015.05.08.06.51.38
for <jane.doe>;
Fri, 08 May 2015 06:51:38 -0700 (PDT)
Received-SPF: neutral (google.com: 145.242.148.75 is neither permitted nor denied by domain of john.doe#comcast.net) client-ip=145.242.148.75;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 145.242.148.75 is neither permitted nor denied by domain of john.doe#comcast.net) smtp.mail=john.doe#comcast.net;
dmarc=fail (p=NONE dis=NONE) header.from=comcast.net
Received: (qmail 29774 invoked from network); 8 May 2015 13:51:37 -0000
Received: from unknown (HELO test.sites.mydomain.com) (outgoing#mydomain.com#145.242.134.91)
by smtp1.phpwebhosting.com with (DHE-RSA-AES256-SHA encrypted) SMTP; Fri, 08 May 2015 09:51:37 -0400
Date: Fri, 8 May 2015 06:51:36 -0700
To: Jane Doe <jane.doe>
From: John Doe <john.doe#comcast.net>
Reply-To: john.doe#comcast.net
Subject: Mydomain Password for Test Site
Message-ID: <fa1b444df47091d2ca100f40d93b14cc#test.sites.mydomain.com>
X-Priority: 3
X-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_fa1b444df47091d2ca100f40d93b14cc"
Content-Transfer-Encoding: 8bit
--b1_fa1b444df47091d2ca100f40d93b14cc
Content-Type: text/plain; charset=us-ascii
Hello Jane,
I have added you to our Mydomain sales tracking and bid solicitation tool.
Your username is: jane.doe.
Click the following link within 24 hours to set your password: https://test.sites.mydomain.com/index.php?cid=25&task=display_p&t=28dba87d5fb8062e40a69f0192660471
Thank you
--b1_fa1b444df47091d2ca100f40d93b14cc
Content-Type: text/html; charset=us-ascii
<p>Hello Alvin,</p>
<p>I have added you to our Mydomain sales tracking and bid solicitation tool.</p>
<p>Your username is: jane.doe.</p>
<p>Click the following link within 24 hours to set your password: https://test.sites.mydomain.com/index.php?cid=25&task=display_p&t=28dba87d5fb8062e40a69f0192660471</p>
<p>Thank you</p>
--b1_fa1b444df47091d2ca100f40d93b14cc--
There is no surefire way to tell why Gmail flags an email as spam. Spam filters in general are black boxes from the perspective of the sender, as only those who know the inner workings and have access to logs can tell for sure what happened to certain email. The reason for flagging can be virtually anything, like violating the sender domain's policies, poor IP reputation, poor reputation of links used, similarity to spam emails, bad standards compliance and so on. Sometimes there is no singular reason either.
It's not that you can't make an educated guess. In this particular case, you are sending an email in the name of a comcast.net user, but you are bypassing Comcast servers entirely. Comcast has SPF and DMARC policies in place and although Comcast's SPF policy evaluation doesn't assert smtp1.phpwebhosting.com either permitted or not (SPF "neutral" result), the DMARC result that Gmail is getting is "fail". The DMARC policy for Comcast is not to flag emails failing email authetication (but report them only), but I'd still guess it's a bad omen. Try sending the email via your authorized Comcast server or use your own domain name for both From: and Return-Path to see if you can avoid getting flagged as spam.
I'm sending out emails via my PHP application. However, they're getting marked as spam by Gmail. Here's how I'm sending the email (PHP):
$headers = "From: test#bookmytakeout.com\r\nReply-To: test#bookmytakeout.com";
$mail_sent = mail( 'munged#gmail.com', 'test mail', $message, $headers, '-ftest#bookmytakeout.com' );
Gmail spams this message. So I went and clicked that handy "show original message" option. Here's what I get:
Delivered-To: munged#gmail.com
Received: by 10.68.71.200 with SMTP id x8cs325812pbu;
Thu, 21 Jul 2011 01:34:52 -0700 (PDT)
Received: by 10.236.114.234 with SMTP id c70mr12483739yhh.163.1311237292052;
Thu, 21 Jul 2011 01:34:52 -0700 (PDT)
Return-Path: <test#bookmytakeout.com>
Received: from vps.bookmytakeout.com ([8.22.200.47])
by mx.google.com with ESMTPS id u61si3662037yhm.119.2011.07.21.01.34.50
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 21 Jul 2011 01:34:51 -0700 (PDT)
Received-SPF: neutral (google.com: 8.22.200.47 is neither permitted nor denied by best guess record for domain of test#bookmytakeout.com) client-ip=8.22.200.47;
DomainKey-Status: bad format
Authentication-Results: mx.google.com; spf=neutral (google.com: 8.22.200.47 is neither permitted nor denied by best guess record for domain of test#bookmytakeout.com) smtp.mail=test#bookmytakeout.com; domainkeys=neutral (bad format) header.From=test#bookmytakeout.com
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bookmytakeout.com;
h=Received:To:Subject:From:Reply-To:Message-Id:Date;
b=WYWQ+/9+wOAvq+OUSM5KLDAueciIoNiByXaVV29HYa0XbSwm2f+89TCj8pW24G7k1vTGCvR8n64iSwgPQuoEitz6ehbszd0+75Px0WlGsvyeZGrW3PaYEpkRFmkDoaGe;
Received: from munged by vps.bookmytakeout.com with local (Exim 4.69)
(envelope-from <test#bookmytakeout.com>)
id 1QjolW-0001Vn-Us
for munged#gmail.com; Thu, 21 Jul 2011 14:07:31 +0530
To: munged#gmail.com
Subject: test mail
From: test#bookmytakeout.com
Reply-To: test#bookmytakeout.com
Message-Id: <E1QjolW-0001Vn-Us#vps.bookmytakeout.com>
Date: Thu, 21 Jul 2011 14:07:30 +0530
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.bookmytakeout.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1005 1000] / [47 12]
X-AntiAbuse: Sender Address Domain - bookmytakeout.com
test
Now, I have no idea how to diagnose what could be setting off gmail's spam filters. Can someone please point out what part of this email is setting off the spam filter?
If possible, please post a solution as well. I'm more interested in learning what's wrong with the headers than in how to fix this for now.
PS: I have a few suspicions of my own:
the Received header says "vps.bookmytakeout.com" but the From header says "bookmytakeout.com" - but I tried sending it with From as test#vps.bookmytakeout.com - same problem, still spammed.
The headers "Received-SPF", "DomainKey-Status" and "Authentication-Results" seem to indicate some problem. I distinctly remember NOT setting up any MX records for this domain name. Could that be the issue?
I guess you didn't publish any SPF / DKIM authentication record
Received-SPF: neutral (google.com: 8.22.200.47 is neither permitted nor denied by best guess record for domain of test#bookmytakeout.com) client-ip=8.22.200.47;
DomainKey-Status: bad format
Most of the time, Gmail (as well as the other major ISPs) will place the non-authenticated messages in the junk folder.
An SPF record or a DKIM guarantees that you are allowed to use a certain domain as a sender. For example, if you don't own "paypal.com", you can't send an email from "contact#paypal.com". If you've published the right SPF / DKIM, the ISP will consider you as a trusted sender.
SPF & DKIM were first designed to fight against phishing.
DIY SOLUTION: Publish some records by following these instructions:
http://dkim.org/specs/rfc5585.html
http://www.openspf.org/FAQ
EASY SOLUTION: Use a service that will do everything for you. A good ESP will usually sign your emails with DKIM / SPF by default. The problem is that you will sometimes get a "sent via ESP_NAME" mention (in Gmail).
So the best thing to do is to choose an ESP which will provide you personalized DKIM & SPF. This way, it will be 100% transparent.
I work for Mailjet and we offer this service for free. Most of our competitors offer this as an option.
Here's a useful post about this "via-mention" you get when your ESP signs "by default" and how to get rid of it.
http://blog.mailjet.com/post/16922561593/personalized-spf-dkim