Why are emails sent from my applications being marked as spam?

email spam gmail filter

Solution 1:

Jeff recently had a post on his blog titled So You'd Like to Send Some Email (Through Code) which details a number of techniques you should use to ensure that your email gets delivered. In short:

  • check your reverse PTR DNS record
  • configure DomainKeys to sign your outgoing email
  • set up SenderID
  • test what you've done

Solution 2:

Ensure your system is not on a blacklist: http://www.mxtoolbox.com/blacklists.aspx

Publish SPF records for your domain name, as well as DomainKeys if you can (these likely won't help in most cases, but why not).

Solution 3:

SPF and domainkeys don't actually work for making your messages look less like spam - spammers quite often have them too.

The main things to ensure are:

  • You have a correctly configured reverse DNS for your mail relay
  • Your message IS NOT SPAM
  • You are not sharing a mail relay with anyone who is really sending spam (this is a key point)
  • You do not forge or invent unroutable sender (especially envelope sender) address(es). This sounds obvious but it's surprising how many people try to send mail from webserver@localhost and wonder why it never arrives. Set the envelope sender to a domain you control; ensure that if you happen to have SPF set up, it is allowed to send. Don't send messages generated by one of your users with their address as an envelope sender (by all means set reply-to if you like)

Normally the reason your messages don't arrive is that you're on blacklists or are considered to have a bad reputation. This mostly happens because you share a relay with a spammer, or are one yourself.

If you have a reputation problem, but cannot shake it off, it may be easier to allocate a new IP address (but make sure in future you don't send spam from it - not even accidentally)

We have also seen problems where some misguided sys admins decide that IP blocks allocated by certain IP registries aren't "good enough" to send mail to them. These misguided individuals often work for major US corporations, and decide that all non-ARIN IP addresses are used by spammers. Sadly, there is no way to work around this except for using ARIN-registered IP space for your relays to relay messages to these losers.

Disclaimer: I work for a security company who filter spam.

Related

NGINX Dynamic Port proxy_pass
Traffic shaping: tc filter catch all filter
IPv6 Address in SSL Certificate
List directories not containing a file
Is the IIS SMTP Server good enough for a production server?
Problem running MVC3 app in IIS 7
PHP5-FPM does not create unix socket directory within /var/run
How to enable mod_spdy on Apache 2.4
echo based on grep result
Reconnect ssh session when disconnected without screen
Rsync huge dataset of small files 5TB, +M small files
How can I use Duplicity with a symmetric key?