Why are email messages sent from my PHP application being treated as spam?

At a guess, the mail servers calculate a spam score for each of your messages based on text analysis and a whole raft of other things that they won't tell anyone about - +3 for having non-words in the title, +2 for embedded links, etc etc. Chances are, the regular score for one of your generated emails (link free) is fairly high, but still low enough for the mail to get through.

Some anti-spam solutions are nice enough to stick the spam score in the message headers - look for something like "X-Spam-Score" in there. If you can find out what the score of a message that got through is, that'll tell you how close it was to being flagged as spam (spam threshold is usually about 12 or so, but they've all got their own systems). I suspect that the score for a clean message will be quite high, and adding the link is just the final straw.

The other thing to watch out for is that if you're generating the mail from a script, make sure that it's filling in all the appropriate headers, as missing ones will bump your spam score up by a fair bit. Logs from the SMTP conversation between the server sending the mail and whatever it's relaying to would also be helpful.


You need to make sure that your mail server (most likely the same machine as your php code is running from) is correctly configured to send mail legitimately. You need ensure of a few things are correct to avoid any mail being relayed from that machine being marked as spam off the bat.

Firstly, your mail server MUST say HELO with it's canonical host name, that is the same value as the hostname command returns when run on the command line. Under postfix this is the value of the myhostname variable in /etc/postfix/main.cf.

Secondly, the forward and reverse pointers for your server in DNS must match, and must match the hostname value above. For example

[dave@odessa ~]$ host odessa.cheney.net
odessa.cheney.net has address 64.85.168.249
[dave@odessa ~]$ host 64.85.168.249
249.168.85.64.in-addr.arpa domain name pointer odessa.cheney.net.

Thirdly, check that your mail server is not acting as a open relay. If your mail server is configured to relay mail from other hosts, you should be very careful to ensure that those hosts themselves are not open relays, or are properly protected from accepting messages from unauthenticated hosts There are plenty of sites out there that will make a check for you, http://www.checkor.com/ for example.

Fourthly, look at the content of your message. From the sample you posted above it looks like you are send a small piece of HTML, which will most likely set of alarms with spam filters (take a look at the composition of your average piece of spam). You should always use an email library to compose your mail, and if you send HTML mail, you should include a text/plain variant.

Lastly, with the large sites, some of our mail will marked as spam, it's just the law of averages. It's your responsibility to make sure you comply with the appropriate regulations for send automated or bulk email, like CAN-SPAM. The most important part of this is a straight forward way for people to unsubscribe from your mailing lists. If you make this hard for people then you're users are more likely to hit the large spam button in their mail client which will be fed back to the mail host and will work against your server.


Every email site will apply its own rules for spam detection. You will not find a perfect method for not being classified as spam. At a first glance, the ! in the subject and the content entirely in HTML are good indicators of spam...

Send an email to [email protected] and you will receive back an automatic report with an analysis of how it looks like and what its spamicity is. It can give you some ideas.