Server emails end up in spam: DKIM / SPF / DMARC = pass
- Thread starter peps03
- Start date
Active8
Verified User
- Joined
- Jul 13, 2013
- Messages
- 1,771
1. did you check your ip adres for blacklist ?
2. test your mail here: https://www.mx-relay.com/mailscan
3. is your dmarc strict ?
4. wich provider put you on the spamlist ?
2. test your mail here: https://www.mx-relay.com/mailscan
3. is your dmarc strict ?
4. wich provider put you on the spamlist ?
ikkeben
Verified User
toml
Verified User
Who is putting it into the spam folder? If it is Microsoft owned, that is not surprising at all. I think they only whitelist email coming from major email providers (i.e. O365, Gmail, AWS, etc) and if you are an SMB running a server out of some random data center ALL your email will go to the spam folder and they will refuse to whitelist you no matter how hard you prove to them it shouldn't be spam and you meet all the criteria. Their only suggestion is to make sure ALL your customers that use O365 for email mark your email as not-spam and to have your customer whitelist you. Of course that is ridiculous, most (if not all) of the people I know that use O365 NEVER look in their spam folders so the email silently disappear over time and most are not willing to go through the steps to whitelist. As you can tell, I am really not a fan of Microsoft and how they handle emails.
ikkeben
Verified User
I do a full copy reply
While YUP.
Also they do some scans on mails where this is done often on USA or other Servers then Privacy Rules for example in EU allowed, and yes some are even stored on those location.
Dutch Government made a statement that it is not Complaint at all that O365 cloud mail.
And yes spanners scammers and so on are even abusing / using that large MAILPlatforms while then often Whitelisted UHUM.
Richard G
Verified User
Well that most certainly is not true generally speaking. I managed several times to get our servers from their blacklist or greylist and they have not been on now for a several years. And I'm not the only one.
Yes mostly they put VPS systems and small things on a grey list or "new" ip's which start sending mail, because in most cases they do send spam, so it's not that hard a thought.
However, there is that dynamic filter. Which is indeed managed by users. I encountered complaints even of forum users who reported a birthday message to them as spam. The aso's.
So hence I advised all forums to disable automatic birthday messages. That helped a lot to begin with.
However, maybe the statement you gave applied to you, but most certainly not to everybody. It does however can take some effort and some time and if you have lots of customers with for example forums, where users of them can report their mails as spam, yes then you have a problem as hosting provider.
However, we did not get an answer from peps03, so it isn't said that in this case it's MS or MS owned.
Might even be something small like forgot to put an rDNS or something like that.
ikkeben
Verified User
Uh or i am wrong but whitelisting that they and Larger email company's do or have are for lot or most DA servers a problem to get on those.
That is something else then get off grey or blacklist.
So both of you are out my point of view right ? ( BUT not all of mail is going to spam folder that part i didn't read well! )
Where my problem as i see is that a lot of spammers scam using mailservices from such Large mail providers because general they are on ( kind off) white lists in their (own) enviroment and so on.
The grey listing is problem for a lot, while using partly without options the ip's sending from are from ISP providers and yes no dynamic, wen dynamic the SPF record include ..... but even then you start at grey list mostly, and when moving server . domains then again if you have no luck.
If having webshops or other services on such a box that have to send mails as you have buy ... pay .... then it is even harder seen as "money mails" in spam scanners using normal mail templates for sending such.
Another general problem i see lot of users using their work email account ( O365) for things they shouldn't do ( private should stay private / work work for mostly if working at a company) then that spam filters or server admin / BOSS do mark/tag a lot as spam that aren't real spam.
BIT offtopic:
The scan / filters MS is using and others are difficult for YUP privacy related reasons , you better don't use most large email service providers or services if you want to keep the info's real private in private mails generally, even if annomyzed then.. , as free (gmail) and co is used / scanning by .. to target you with advertising.
So if your company have sold to a user with gmail and mails about that buy, they are after that targeted by your compatition marketing google adds and shopping for example, and if they have 365 day's return right then ... hihi.
That is something else then get off grey or blacklist.
So both of you are out my point of view right ? ( BUT not all of mail is going to spam folder that part i didn't read well! )
Where my problem as i see is that a lot of spammers scam using mailservices from such Large mail providers because general they are on ( kind off) white lists in their (own) enviroment and so on.
The grey listing is problem for a lot, while using partly without options the ip's sending from are from ISP providers and yes no dynamic, wen dynamic the SPF record include .....
but even then you start at grey list mostly, and when moving server . domains then again if you have no luck.If having webshops or other services on such a box that have to send mails as you have buy ... pay .... then it is even harder seen as "money mails" in spam scanners using normal mail templates for sending such.
Another general problem i see lot of users using their work email account ( O365) for things they shouldn't do ( private should stay private / work work for mostly if working at a company) then that spam filters or server admin / BOSS do mark/tag a lot as spam that aren't real spam.
BIT offtopic:
The scan / filters MS is using and others are difficult for YUP privacy related reasons , you better don't use most large email service providers or services if you want to keep the info's real private in private mails generally, even if annomyzed then.. , as free (gmail) and co is used / scanning by .. to target you with advertising.
So if your company have sold to a user with gmail and mails about that buy, they are after that targeted by your compatition marketing google adds and shopping for example, and if they have 365 day's return right then ... hihi.
Last edited:
1. Yep, IP6, not on a list (IP4 neither).
2. Tested using that tool this morning, they had 2 suggestions:
2.0. Got a score of 5.8 initially, after adding MX record 8.8
2.1. Add an MX record for the hostname. This VPS is not supposed to receive emails, so pointed it to Google, that was accepted by the tool. (+3 points)
2.2. -1.274 POINTS>> RDNS_NONE Delivered to internal network by a host with no rDNS
This may indicate you do not have a rDNS configured for your hostname or the rDNS does not match your sending IP
Google also complained about this:
Our system has detected that this message does
550-5.7.1 not meet IPv6 sending guidelines regarding PTR records and
550-5.7.1 authentication. Please review
But, rDNS is set for both the IP4 and IP6 at the VPS hosting comp and resolves properly for both:
3. v=DMARC1; p=reject; pct=100; adkim=r; aspf=r; sp=reject;
4. IP4/6 are not on a spam list. Gmail + hotmail put the messages in spam folder.
Further info:
- The VPS only accepts Cloudflare IPs, but the rDNS resolves properly.
- As of this, the hostname would not resolve to the server IP, but to Cloudflare's IPs, but nothing is complaining about this.
Useful tool! Thanks
It was complaining about:
So i fixed this pointing a MX-record to the VPS. Which exposes the IP and allows it to receive emails, which I both don't want. But it did fix the problems:
And still the emails go to the spam at Gmail + Hotmail with everything passing:
Attachments
Active8
Verified User
- Joined
- Jul 13, 2013
- Messages
- 1,771
Take part of the postmaster tools for Google and Hotmail to determine other problems and monitor your ip's:
Google: postmaster.google.com/
Hotmail/Outlook : https://sendersupport.olc.protection.outlook.com/snds/index.aspx
Its always wise to take part of these projects
Google: postmaster.google.com/
Hotmail/Outlook : https://sendersupport.olc.protection.outlook.com/snds/index.aspx
Its always wise to take part of these projects
Last edited:
Thanks! Yeah, use it for some IPs.
I thought of an alternative way to solve it. The VPS hosting company offers a way to send emails via their systems by updating the exim.conf. This had the side effect that all client accounts on the VPS would send via their systems, thus that our clients would need to add the DNS records (5 in this case) of our VPS hosting comp to their DNS. Not desirable.
I also had contact with the comp today. The solution i came up with: only send the hostname (system) emails via the hosting comps systems and not those of the clients by adding a condition to their exim.conf code.
Will be setting it up this way probably tomorrow. Will report if this solution satisfies. At least i already know the emails don't end up in spam using their systems.
Ok, I've done some more digging and testing and things are getting a bit weirder.
I've now set it up following these instructions.
Each user now gets its own IPv6 and own Reverse DNS with their domain name at the VPS company.
I set the domains and IPs in these files as suggested, following the manual control explanation (add_domain_to_domainips=0):
/etc/virtual/domainips
/etc/virtual/helo_data
domain1.com:3b01:7c9:bb06:54::2
domain2.com:3b01:7c9:bb06:54::3
3b01:7c9:bb06:54::2:domain1.com
3b01:7c9:bb06:54::3:domain2.com
When testing to www.mail-tester.com AND hotmail / outlook, still, the IPv4 address is used when viewing the message source. And it only has the server hostname as reverse DNS (as we only have 1 IPv4).
When testing to gmail, the user's dedicated IPv6 address is used, with the user's domain name set as Reverse DNS. But the emails also STILL ends up in the gmail spam. DKIM / DMARC / SPF all PASS. The reverse DNS == the user's hostname, the IPv6 is owned by the user.
So these 2 problems remain:
1. Why is the server IPv4 address used when sending to mail-tester.com AND hotmail?
2. Why do the emails sent to gmail still end up in spam?
ikkeben
Verified User
Tested with roundcube from domain itself?
Look at header and communication
Look also at banner and mx record and outbound record all those using same or different so hostname or domainname. or?
We have some problems to GMAIL on box that was before ok so don't understand this. Only the letsencrypt changed
Look at header and communication
Look also at banner and mx record and outbound record all those using same or different so hostname or domainname. or?
We have some problems to GMAIL on box that was before ok so don't understand this. Only the letsencrypt changed
Richard G
Verified User
Do I understand this wrong? Or do you mean to say that you set this to 0? Because when using the domainips and helo_data files, this has to be set to 1 to work.
Seems it has the option to use either for some reason.
Maybe it has to do with these lines?
Yeah, add_domain_to_domainips=0, following the docs:
How do i only allow IPv6 or disable IPv4?
"so the IP added should be what they resolve to"
> The whole IPv6 range (/64) + the IPv4 is in the SPF record, of both the server as the domain.
"If you have multiple owned IPs assigned to a domain, the first value added will have priority, "
> Yeah a shared IPv4 and a owned IPv6.
> Removed the IPv4 address from the user level and re-added it.
All the above does not help. Still the same.
Richard G
Verified User
Ah oke, I was looking at the automatic system on top of the docs and in that case it needs to be 1.
I didn't know you were doing things manually.
Is that because that didn't work at first either?
I presume you have already seen this too:
This one I don't understand. If a user gets a dedicated ip, why do you still add the shared server ip?
Because normally with owned ip's, everything is on the owned ip, shared server ip is not necessary anymore. If I'm not mistaken.
Or is the ipv4 also dedicated to this user?
Maybe you can try a test at mailgenius.com mailtester which gives more extended information.
1. The domains with their owned IPs were not added.
2. When i got 1 domain added automatically, mail.domain.com was added. But the emails which are sent are from website form (domain root) only.
Hadn't seen it yet. But i don't want the IPv4 to be used, as the reverse DNS can be of the hostname only and not of the user's domain.
All users are on the shared IPv4 and have a dedicated IPv6, which i mainly added with the intention to send their emails from.
Thanks! It doesn't get any better:
I see it did use the IPv4 in the mailgenius.com test..
Richard G
Verified User
Where did you get that idea? You can use the reverse DNS for either the hostname or the helo name. If it's the helo name it should work correctly.
I don't even know if it's possible to work this way, don't have experience with this. But theoretically it might.
Anyway, if the emails are send via the ipv6, you have to create an rDNS/PTR record for every ipv6 name sending mail. Which is the helo name being used for that domain, probably mail.domain.com (if FQDN's are needed) and ofcourse no ipv4 A record should exist for those domains either.
I now tried it with a domain solely on IPv6 (rDNS set to the domain), app.mailgenius.com sees only the server IPv4 (how can this happen? Followed all these steps: https://www.directadmin.com/features.php?id=1692)
Gmail on the other hand shows the correct IPv6 but it still ends up in the spam.