Emails sent from my domain always end up in Gmail spam
I've spent the past weeks fiddling with setting up Postfix as a SMTP server on my Linode server. Everything works great in theory:
- SPF passes
- DKIM works
- DMARC works
- the mail gets sent via TLS
- the PTR record returns my domain name
And even testing on mail-tester.com returns me a 10/10 score, confirming that my setup is good.
And yet all my emails still end up in the spam filter on Gmail, and don't even get delivered to @icloud.com emails.
I'm at a complete loss now - I've tried pretty much everything I could find on Google/StackOverflow, but to no avail.
The content of the emails is a sample order confirmation, which I've verified via SpamAssassin to be of no spammy nature whatsoever. I'm sending the mails through NodeMailer via the SMTP transport on my own server
Any pointers or ideas about where to go from here?
I've attached the headers of the received mail here just in case it might be of any help. Thanks for reading.
Delivered-To: [email protected] Received: by 2002:a9d:7851:0:0:0:0:0 with SMTP id c17csp673538otm; Wed, 8 Jan 2020 05:03:27 -0800 (PST) X-Google-Smtp-Source: APXvYqyN4S1Zbe7mpTCrxQ6mgGkN7R9SHA1CG26DA38B8hZzbRHhWFU4B8LTZ9JDp/Kav+DqWys4 X-Received: by 2002:a05:6000:367:: with SMTP id f7mr4364238wrf.174.1578488606743; Wed, 08 Jan 2020 05:03:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578488606; cv=none; d=google.com; s=arc-20160816; b=U6rdcoG6YRQnQedzef2CROZ1hKJPPtizsH/Emz+cdDYgyzgkHrc2XRIT375bkGKBOy zPERipPNL/AlB1q2pEr+UtUItJS7+atKEV+lpOVn7KUTM6sUlT4euuPfvxtxpE/5LhdM o4vOKHXutRziJqs+zjmXv77f9R/25MVOBLByIgdghnIwzIB5lPD7DYBbz4/1N0yUeAlF Jmvfet1YIviyLWQi2xPYlN71eZphnLgpfOcpJCcN94brcRm+Si9JaBrS2kX29NtwsANr 7iNQUNzXaWCYxu3uajBMqF9gyxfqcyQw+j2qhEUXBYYdwAKpBe9H+6/QX7CZiS06Xk+w CTlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:date:message-id:subject:to:from:dkim-signature; bh=TP62kbO/MTI6/iw2BDbZ4C5M5A1QeXdh8op92UqJhZQ=; b=Q+fMAkC3O5cvTadQdRaa3yjFtxUMEKcByQ52oHDZkHx5hW7ggQKIVIKz8OnuzUyA84 WUTEy6JVWBqbTfkbh4n721hddcRC9cyODZ5Xj0CzgJPAZmFIxTvbD+N3l1Ss26Vn7Ueu tPJJHJN2L9rjYwQAjszKIyo7MTnJ07NUCM4eSJu7ZakPEMeysVIyxSWYveY82GxmIxMV ACNW83taOWsNqL9kgpa7C2hrqhktluRWONGr99tksJihexmyolZJgExl6iZezMbu04bR vEoyEKLTOqLI8UXGN3cD+YFx5V2tzgzMZ3KM1lrfMhldkPpsCUfnadl+yJ7bRTtA8TVE 7wxg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass [email protected] header.s=dec2019 header.b=MFsedXzA; spf=pass (google.com: domain of [email protected] designates IP.TO.MY.LINODE as permitted sender) [email protected]; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=example1.com Return-Path: <[email protected]> Received: from example2.com (example2.com. [IP.TO.MY.LINODE]) by mx.google.com with ESMTPS id p11si2386458wrj.178.2020.01.08.05.03.26 for <[email protected]> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Jan 2020 05:03:26 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates IP.TO.MY.LINODE as permitted sender) client-ip=IP.TO.MY.LINODE; Authentication-Results: mx.google.com; dkim=pass [email protected] header.s=dec2019 header.b=MFsedXzA; spf=pass (google.com: domain of [email protected] designates IP.TO.MY.LINODE as permitted sender) [email protected]; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=example1.com Received: from example2.com (example2.com [IP.TO.MY.LINODE]) by example2.com (Postfix) with ESMTPS id 1EEC05A168 for <[email protected]>; Wed, 8 Jan 2020 14:03:26 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=example1.com; s=dec2019; t=1578488606; bh=TP62kbO/MTI6/iw2BDbZ4C5M5A1QeXdh8op92UqJhZQ=; h=From:To:Subject:Date:From; b=MFsedXzASlP8nk3LTOY78bvOd35IcPqDD7cJXiS3Wq+s/bCbagEtgn2YeOpoHp4H2 DPVf/DtVH8hoGfa27CJNinNUI+GMkLJRp/tXtUssWeApuZlSW5WjClcXz0BlpzEkij kxwBfKTC25FBLcPAJyGe5iAZ8yEQob/jf3MAmlzBwY7OwjA2iZil2LF/7XlojDkf2f XrpDA+693oCf66ZkpXU/SfCZqa5hvG6wFgutshGmXLL1QWkiRLPyfNjfePtME3/Cgp JYx2MUqvTBuiwvDH3R5EkvjbsJZ4OTFvhQ6p/83IMzpOYh/yHtAIWdSDrhJsangL7G gke8D6uZdsryg== Content-Type: multipart/alternative; boundary="--_NmP-6eeaba46452e7a53-Part_1" From: My Shop <[email protected]> To: [email protected] Subject: Order Confirmation #NT-00000018 Message-ID: <[email protected]> Date: Wed, 08 Jan 2020 13:03:25 +0000 MIME-Version: 1.0
Sometimes the only thing you can do is contact the email provider and ask them why things are going to spam and if there is anything they or you can do.
Running your own mail server is always going to be a pain in the backside when it comes to spam issues.
If you use a service like Amazon SES as a smarthost to send mail, it will not get rejected based on the originating IP address.
Unless your mail volume is particularly high, sending from your own IP is not worth the hassle.
You can check blacklist inclusion (either by IP address or domain name) here:
This site works for BOTH IPv4 and IPv6 addresses…easy and pretty comprehensive.
You need to do this periodically. I try to do it at least once/month for all of IPv4, IPv6 and domain names.
@bjarkebech It does appear that your records are set up correctly. If you've received any bounce back error messages, I would see if the mail provider has and specific explanation for them. Below are some Gmail and iCloud links that may offer additional information during your investigation.
Wow, wasn't expecting such a quick response. Thank you guys so much.
I've now looked into it a bit more, and it appears my IP is on the iCloud blacklist (despite being all-OK in the MXToolbox SuperTool linked by @stevewi - thanks!). I've sent them a dispute claim, but am not going to bother hosting my own mail server anymore - this has proven to be a much bigger hassle than I expected. I can only assume this is the reason my mails won't reach Gmail either.
For anyone experiencing the same issues, I checked
/var/log/mail.log on my server and found messages about the mails not reaching the iCloud servers - can't believe I didn't think to check there.
@dubidub, thank you for introducing me to Amazon SES. Only wish I'd heard of it before spending so much time messing with this. I just tried it out and already got my first mail working and through the spam filter. With something that reasonably priced there is really no reason to roll your own anymore.
Thanks a lot for your help everyone!
Email servers aren't hard…just complex. One of my main reason for signing up with Linode was to get out of shared-hosting hell with respect to how my mail was handled.
I have a whole set of custom infrastructure built around postfix(1) -- greylisting, custom spam filtering, tagging based on regexes/senders/recipients, dovecot(1) sieve, DKIM, SPF, etc. Since I'm retired and have the time & experience to work on this stuff, it's a hobby project for me.
I'm currently working on DMARC…however the installation packages from Debian/Ubuntu drag in MySQL…something I would never use. I'm experimenting with building it myself to use SQLite instead.
I've got the same problem as bjarkebech. Since moving my mailserver to linode, all mail going to gmail is flagged as spam. The same server (hostname and software) running previously at another provider worked without any issues.
I've added spf and dkim since, still no improvement…
Could it be that all of linode's ip range is greylisted at gmail?
Is the only solution to change to a new cloud provider? (hope not, I love linode!)
There's not much insight into Google's algorithms for sorting mail, as they don't share any info on them. In my experience, I've seen many cases of mail being sent from Linode IP addresses to Gmail without going into the spam folder.
One of the things that can influence whether or not a mail goes to 'spam' is how long a given IP address has been a source of mail. Generally, newer mail sources have a higher likelihood of their mail being sent to 'spam'. There's no 100% guarantee either way, since Google doesn't ever confirm what factors they use to sort mail, but it may be that over time mails will be sent without winding up in the 'spam' folder.
If you haven't yet, be sure to set up rDNS for your Linode's IP address as well. Sending mail without rDNS and an SPF record set up can get it flagged as spam, and may continue to flag emails sent from the same IP address for some time. Google's blocks and flags appear to be automatically removed over time, with the average at 72 hours.
Thanks for the reply. I'm happy to hear that some linode mail servers are not ending up in spam at gmail. Rules out the ip range greylisted theory.
rDNS, SPF and DKIM all configured on mine.
I'll give it a bit more time. There's also the chance that recipients clicking the "Report not spam" button in gmail may help boost my server's reputation at gmail.