I am trying to create a newsletter for our business.
The last few days have been spent testing, and one of things I have noticed is that MSN seemingly randomly filters out some of my test messages.
This is super-frustrating.
I like the PEAR Mail MIME-package, and have been using that. I may send one email from one of our servers, resulting in the message getting through, and in the next minute, the same message sent from our other server ends up in the junk folder. Then if I add an attachment to the email, and the same message passes though the filter from the server that was previously blocked. I think. What the ####? Is this like throwing a dice, without me having any control over what is trash, and what isn't?
I have sent email from several servers, all of which are shared. But I am unsure this is the problem. The problem is that it is seemingly random how MSN filters email. Some emails get through, and some other don't for seemingly irrational reasons.
I am running out of ideas, but I am not giving up. Therefore I am writing to you for HARDCORE technical info on how MSN filters spam.
First of all, this is probably better suited for ServerFault. The problem is more infrastructure related than application related.
This is a common problem and isn't completely solvable especially if you are using shared mail servers. But there are things you can do to increase the likelihood that your mail will be accepted by mail services.
Run your own mail server, do not use a shared server. This way you will have better control over the mail server's reputation. Mail server reputation is important, as others using the server can cause its reputation to drop, which makes your mail to be less likely to be accepted. The important thing is to have your own dedicated IP number.
Make sure you have reverse DNS set up for your mail server. Not having reverse DNS properly configured is a great way to have your mail rejected.
Use SPF, SenderId, DomainKeys, and DKIM. I believe MSN uses SenderId. These provide you with a way to tell the other mail server that the sending mail server is an approved server for sending mail from your domain name. If these pass, then the mail is much less likely to be spam. Here is an article on these things:
http://www.digitalsanctuary.com/tech-blog/debian/setting-up-spf-senderid-domain-keys-and-dkim.html
Don't send spam! If you do all these things and still send spam, you'll still have troubles.
Monitor for bounces, possibly using VERP.
Make sure to provide a means to opt-out of your list.
Additional advice can be found here:
https://serverfault.com/questions/48428/how-to-send-emails-and-avoid-them-being-classified-as-spam
Here's an example of the SPF configuration I use:
https://serverfault.com/questions/122121/dns-zone-file-spf-configuration-to-support-sending-mail-from-multiple-servers-and
Newsletters especially can easily look like spam. You might consider using a service like MailChimp or similar that specializes in email marketing and mass emailing. They will make sure to tend to all the technical details, remove their servers from blocklists if they get blocked, and so forth. They also provide you with opt-out features, CAN-SPAM compliance, and more.
I've found the Spamtacular blog to have good information as well (it looks like they are having some technical issue right now - hopefully it will be online when you view this).
Related
Emails get stuck in spam.
Spamfilter
Blocking lists
Mails from my domain get stuck in spam sometimes, but it's unpredictable when so I can't really recreate the issue. I checked isnotspam.com and blacklists, but those results are positive. Please help me
Thanks in advance
Oli
Spam filters are always changing, but there are some things you can do to avoid your emails getting flagged. Since you said you've checked the blacklists already, verify your content. If your emails have spammy content, like using telemarketer-esque language, all caps, lots of exclamation points, etc., they may be getting flagged as spam.
There's more info here: https://www.emailonacid.com/blog/article/email-marketing/how-email-spam-tests-work-and-what-you-can-do-to-pass-them
You can also look into your DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), and DMARC (Domain-based Message Authentication).
I recently noticed my gmail spam folder had some bounced messages to my business email address (which is configured to forward to my gmail). After some investigation it appears as though someone is using my domain name and randomly generated usernames as return address on their spam emails.
Mail.log shows these messages coming in, but not being sent. Is it possible that my server (Postfix or sendmail) is allowing a user to push out emails without generating log entries? What is the likelihood that somebody is spoofing my domain (not a very popular one at all) and not actually sending from my server?
Most importantly, what can I do to prevent spam emails from being sent out with my name on them, if anything? I'm concerned that gmail at least will mark me as a spammer since all the bounced spam messages are going to my gmail as though they were sent from my domain.
You can install the spamassassin in your server and connect it to the postfix. SpamAssassin uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around.
It is very easy to config,SpamAssassin requires very little configuration; you do not need to continually update it with details of your mail accounts, mailing list memberships, etc. Once classified, site and user-specific policies can then be applied against spam. Policies can be applied on both mail servers and later using the user's own mail user-agent application.
You can refer the link to know more about the spamassassin
I have 2 Windows 2008 R2 boxes running in Microsoft Azure. My ASP.NET 4.0 site (let's imagine it's running at "example.com") has a standard Contact Us form.
When a user sends a Contact Us message, I use System.Net.Mail and SmtpDeliveryMethod.Network to deliver mail to an IIS6 SMTP server running on each box, which sends the mail to a Google Apps "enquiries#example.com" account, using the email address the user entered into the Contact Us form as the "From" address.
This was working beautifully for a year until I checked it today, and found this error in a .BDP file in the \Badmail folder:
550-5.7.1 Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been blocked. Please visit http://www.google.com/mail/help/bulk_mail.html to review our Bulk Email Senders Guidelines.
Obviously Google upped their anti-spam strategies in the last 6 months - last time it worked was Feb 2013 (yeah, we don't get much mail luckily... yet).
I've read the Bulk Senders Guidelines linked above, but they're not really suited to my use case. My case is not sending emails from our server to users of our site (I simply use the Gmail API and send from our enquiries#example.com for that), but rather to collect users' enquiries so that we can easily respond by clicking Reply in that inbox.
I am looking for the easiest solution here. In response to the ones in Google's Bulk Senders Guidelines:
Use a consistent IP address to send bulk mail: I already do, doesn't seem to help
Reverse DNS: Godaddy, my domain and DNS provider doesn't seem to support them: http://support.godaddy.com/groups/domains-management-and-services/forum/topic/how-do-i-setup-reverse-dns/ Anyone know if there's a way?
Use the same address in the 'From:' header on every bulk mail you send: This is totally not my use case. I'll have different From headers in every email
SPF record: I think this only works if I am sending From ...#example.com every time. Is that right? My feeling is SPF doesn't help me here. Would love someone to enlighten me.
DKIM: This looks hellishly complicated, but I'll pursue it if someone thinks it can work in this case. Specifically is it OK that the From address doesn't match the "signing domain"? Anyone got any good "how to" links? And will this be sufficient for Google to un-blacklist me?
Sendgrid: Azure's preferred mail sending app. This means signing up, code changes, testing, and unknowns like "does Sendgrid allow any From address? It's non-trivial, and I'd like to avoid this, but again, will go there if it's what people think is the sanest option.
As a general answer to your questions, sending email on behalf of many different domains from one IP (e.g. example.net, example.org, and ex.co from 10.0.0.1) is generally seen as spammy behavior (and therefor not recommended).
Your points 1-5 only apply if you're sending from one domain. rDNS, SPF, and DKIM only improve delivery for one IP to one domain (in a generally 1:1) relationship.
Generally, the best way to avoid getting marked as spam in a situation like this is to set the From email as a consistent one that you actually control (e.g. enquery-sender#example.com), and then setting the Reply-To as the entered address (e.g. enquirer#someprovider.com). This way you consistently send from one domain, while still getting the benefit of replies going to the message originator (for example LinkedIn does it this way). Doing this will allow you to setup rDNS, SPF, and DKIM with benefit.
That said, if you decide that you don't want to use the recommended Reply-To method, you can use SendGrid to send from any arbitrary domain. It should not require any significant code change (just switching your current SMTP credentials to SendGrid's).
Disclaimer: I am a SendGrid employee.
I was thinking about creating a service similar to posterous where users can post to a fixed address like post#domain.com and then authentication of the posts would be based on some combination of the from address and header signature. Posterous seems to be doing something clever so that they can detect if a message is being spoofed or sent from an unknown source.
Anyone know what they might be doing?
There are some basic heuristics you could use, to try to detect it.
The most basic thing would be to look at the originating host and headers of the previous emails and see if they match previous ones. If the poster's email domain uses SPF you can verify the IP address has permission to send on behalf of that domain. It's easy to spoof an email - it's harder to spoof an email and actually have it originate from a subnet that matches where your previous mail has come from. But that can be subverted, as well.
First off, the email you post to should be random and unrelated to any display name. This keeps random strangers on the net from knowing where to post in the first place.
You could also go far more sophisticated and implement some sorts of machine-learning-ish things (or even more straightforward heuristics) to pick up on style, but that would be much tougher to get right.
Or just be lame, and upon receipt of a post, fire back an email to the poster with a link to verify and/or a special token to send back as a subject (if they're posting from a phone, etc. with no browser).
In my website (under development), the members can send messages to each other which are sent directly to their email, now I'm worried that some members can send spam to other members (I have a spam filter but it doesn't give 100% protection as you know), I'm worried that my domain might get blacklisted on Yahoo, Gmail, Hotmail or AOL which will cause any messages sent from my domain to end up in the spam folder, this is why I want to add the domain of my website to their whitelists (if they exist).
P.S. I don't want to use private messages that members check on the site and I have my reason for this.
Thanks
Your email might not be considered "bulk" because it sounds like it's one->one as opposed to one->many, but these bulk mail help resources might still be helpful:
Yahoo! Mail Postmaster Help
GMail Bulk Sender Guidelines
Windows Live Hotmail Postmaster Services
AOL Postmaster Website
As Bevan mentioned, your task will be an ongoing one to keep your site clean on various services.
Not sure if you're already considering this, but you can send the email "on behalf of" the requesting user (i.e., set the from and reply-to fields to the user who is sending the message).
While there may be whitelists used by those sites, I suspect that they only contribute to whatever scoring system is in use - being on the list won't be sufficient in itself.
The overall controlling factor will be the "reputation" of your site - you need to work to ensure that reputation stays sound.
Unfortunately for your workload, I think this will be an ongoing task, not a one-off.