Why are emails sent from my applications being marked as spam?
Solution 1:
Jeff recently had a post on his blog titled So You'd Like to Send Some Email (Through Code) which details a number of techniques you should use to ensure that your email gets delivered. In short:
- check your reverse PTR DNS record
- configure DomainKeys to sign your outgoing email
- set up SenderID
- test what you've done
Solution 2:
Ensure your system is not on a blacklist: http://www.mxtoolbox.com/blacklists.aspx
Publish SPF records for your domain name, as well as DomainKeys if you can (these likely won't help in most cases, but why not).
Solution 3:
SPF and domainkeys don't actually work for making your messages look less like spam - spammers quite often have them too.
The main things to ensure are:
- You have a correctly configured reverse DNS for your mail relay
- Your message IS NOT SPAM
- You are not sharing a mail relay with anyone who is really sending spam (this is a key point)
- You do not forge or invent unroutable sender (especially envelope sender) address(es). This sounds obvious but it's surprising how many people try to send mail from webserver@localhost and wonder why it never arrives. Set the envelope sender to a domain you control; ensure that if you happen to have SPF set up, it is allowed to send. Don't send messages generated by one of your users with their address as an envelope sender (by all means set reply-to if you like)
Normally the reason your messages don't arrive is that you're on blacklists or are considered to have a bad reputation. This mostly happens because you share a relay with a spammer, or are one yourself.
If you have a reputation problem, but cannot shake it off, it may be easier to allocate a new IP address (but make sure in future you don't send spam from it - not even accidentally)
We have also seen problems where some misguided sys admins decide that IP blocks allocated by certain IP registries aren't "good enough" to send mail to them. These misguided individuals often work for major US corporations, and decide that all non-ARIN IP addresses are used by spammers. Sadly, there is no way to work around this except for using ARIN-registered IP space for your relays to relay messages to these losers.
Disclaimer: I work for a security company who filter spam.