Bluehost Emails Getting Blocked

A site for my client has the run-of-the-mill "website with users" email pattern. Create an account, get an activation email. Get an email when a subscription is expiring, etc.

The site is hosted on Bluehost and currently it uses php's mail() function. There isn't much configuration that is allowed (as far as I know).

The trouble is, about a third of these emails disappear into the void. They aren't in spam or junk folders, there's no bounce message, they just cease to exist. I've read about Bluehost email troubles but I can't figure out what my options are for fixing it. These aren't marketing emails, ie they have user-specific information contained within them. I suppose if a solution offers a good templating system that would be fine.

What are my options?

Excerpt of headers when delivered to a Gmail address:

Received-SPF: neutral (google.com: 00.000.000.000 is neither permitted nor denied by best guess record for domain of domain@box###.bluehost.com) client-ip=00.000.000.000;
DomainKey-Status: good
Authentication-Results: mx.google.com; spf=neutral (google.com: 00.000.000.000 is neither permitted nor denied by best guess record for domain of domain@box###.bluehost.com) smtp.mail=domain@box###.bluehost.com; domainkeys=pass [email protected]

You are probably hitting a common problem with shared hosting: a fairly bad user (or a number of mildly bad users) or insecure script on your server that is sending (or allows other to send) out junk will result in all mail from that IP address getting suspected of being junk. Even if you have dedicated IP addresses for your websites and other services to respond to you will probably find your outgoing mail will appear to come from the same address as every other account on the server.

Likewise many problems in the host's range of addresses can get mail from anywhere in their range being considered suspect (though this affects all hosting arrangements, not just shared hosting).

It would be worth seeing if you can see the headers of the mails that are getting marked as spam and going into people's junk folders as some spam detectors will add notes to the mail headers to indicate which measures it used to make the judgement. This will save you trying to solve a problem that doesn't exist. Most anti-spam setups will just throw away mail that really really looks like junk by its measures. That is probably what is happening to those mails that are "vanishing into the void" - it is unlikely that they are getting lost at your end. For example, the headers added to an obvious junk mail to me when SpamAssassin picked it up were:

X-Spam-Flag: YES
X-Spam-Score: 9.959
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.959 tagged_above=-10 required=5.4
        tests=[BAYES_99=3.5, DYN_RDNS_SHORT_HELO_HTML=0.499,
        HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RDNS_DYNAMIC=0.1,
        URIBL_BLACK=1.955, URIBL_SBL=1.499, URIBL_WS_SURBL=1.5]

You can help the situation by setting up the relevant DNS entries for DomainKeys, Sender ID, Sender Policy Framework, ..., ..., ... for your domains, but if the host's IP addresses are in blacklists this can be of relatively limited utility.

If the hosts's IP addresses are on black lists you could ask the host to follow what-ever procedures are present to try rectify that. If they do not do this, switching hosts may be the best option.

You could also setup your own outgoing mail relay on a cheap VPS (even the "silly small" 1-or-2-$/month VPSs would run a simple mail relay for you) to separate your mail from that of other accounts on the server(s) you app runs on, but while you are probably the only person sending from the address you are assigned in that case you could still run into the problem of that host having all its range blacklisted because of other users.

To cut a long story short: there may not be an awful lot you can do in the end. Mail never was a truly reliable transport and it is getting increasingly less so due to the spam/anti-spam arms race, so you will never be able to guarantee all your mail gets through.