GMail suspects confirmation email in stealing personal information

When user registers on my web site, web site sends user email confirmation link.

Subject: Please confirm your email address

Body:

Please open this link in your browser to confirm your email address:
http://www.postjobfree.com/a/c301718062444f96ba0e358ea833c9b3
This link will expire on: 6/9/2012 8:04:07 PM EST.

If my web site sends that email to GMaill (either @gmail.com or another domain that's handled by Google Apps) and that user never emailed to email -- then GMail not only puts the email to spam folder, but also adds prominent red warning:

Be careful with this message. Similar messages were used to steal people's personal information. Unless you trust the sender, don't click links or reply with personal information. Learn more

That warning really scares many of my users, so they are afraid to open that link and confirm their email.

What can I do about it?

Ideally I would like that message end up in user's inbox, not spam folder. But at least how do I prevent that scary message?

IP address of my mailing server is not blacklisted: http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a208.43.198.72

I use SPF and DKIM signature.

Below is the email that ended up in spam folder with that scary red message.

Delivered-To: [email protected]
Received: by 10.112.84.98 with SMTP id x2csp36568lby;
        Fri, 8 Jun 2012 17:04:15 -0700 (PDT)
Received: by 10.60.25.6 with SMTP id y6mr9110318oef.42.1339200255375;
        Fri, 08 Jun 2012 17:04:15 -0700 (PDT)
Return-Path: 
Received: from smtp.postjobfree.com (smtp.postjobfree.com. [208.43.198.72])
        by mx.google.com with ESMTP id v8si6058193oev.44.2012.06.08.17.04.14;
        Fri, 08 Jun 2012 17:04:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 208.43.198.72 as permitted sender) client-ip=208.43.198.72;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 208.43.198.72 as permitted sender) [email protected]; dkim=pass [email protected]
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns;
        d=postjobfree.com; s=postjobfree.com;
        h=          received:message-id:mime-version:from:to:date:subject:content-type;
        b=TCip/3hP1WWViWB1cdAzMFPjyi/aUKXQbuSTVpEO7qr8x3WdMFhJCqZciA69S0HB4
          Koatk2cQQ3fOilr4ledCgZYemLSJgwa/ZRhObnqgPHAglkBy8/RAwkrwaE0GjLKup
          0XI6G2wPlh+ReR+inkMwhCPHFInmvrh4evlBx/VlA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=postjobfree.com; s=postjobfree.com;
        h=content-type:subject:date:to:from:mime-version:message-id;
        bh=N59EIgRECIlAnd41LY4HY/OFI+v1p7t5M9yP+3FsKXY=;
        b=J3/BdZmpjzP4I6GA4ntmi4REu5PpOcmyzEL+6i7y7LaTR8tuc2h7fdW4HaMPlB7za
          Lj4NJPed61ErumO66eG4urd1UfyaRDtszWeuIbcIUqzwYpnMZ8ytaj8DPcWPE3JYj
          oKhcYyiVbgiFjLujib3/2k2PqDIrNutRH9Ln7puz4=
Received: from sv3035 (sv3035 [208.43.198.72]) by smtp.postjobfree.com with SMTP;
   Fri, 8 Jun 2012 20:04:07 -0400
Message-ID: 
MIME-Version: 1.0
From: "PostJobFree Notification"
 
To: [email protected]
Date: 8 Jun 2012 20:04:07 -0400
Subject: Please confirm your email address
Content-Type: multipart/alternative;
 boundary=--boundary_107_ffa6a9ea-01dc-40f5-a50c-4c3b3d113f08


----boundary_107_ffa6a9ea-01dc-40f5-a50c-4c3b3d113f08
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Please open this link in your browser to confirm your email addre=
ss: =0D=0Ahttp://www.postjobfree.com/a/c301718062444f96ba0e358ea8=
33c9b3 =0D=0AThis link will expire on: 6/9/2012 8:04:07 PM EST. =0D=0A
----boundary_107_ffa6a9ea-01dc-40f5-a50c-4c3b3d113f08
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij48L2hlYWQ+DQo8Ym9keT48ZGl2
Pg0KUGxlYXNlIG9wZW4gdGhpcyBsaW5rIGluIHlvdXIgYnJvd3NlciB0byBjb25m
aXJtIHlvdXIgZW1haWwgYWRkcmVzczo8YnIgLz48YSBocmVmPSJodHRwOi8vd3d3
LnBvc3Rqb2JmcmVlLmNvbS9hL2MzMDE3MTgwNjI0NDRmOTZiYTBlMzU4ZWE4MzNj
OWIzIj5odHRwOi8vd3d3LnBvc3Rqb2JmcmVlLmNvbS9hL2MzMDE3MTgwNjI0NDRm
OTZiYTBlMzU4ZWE4MzNjOWIzPC9hPjxiciAvPlRoaXMgbGluayB3aWxsIGV4cGly
ZSBvbjogNi85LzIwMTIgODowNDowNyBQTSBFU1QuPGJyIC8+DQo8L2Rpdj48L2Jv
ZHk+PC9odG1sPg==
----boundary_107_ffa6a9ea-01dc-40f5-a50c-4c3b3d113f08--

Update 1: Here's HTML that is encoded into base64:

<html><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"></head>
<body><div>
Please open this link in your browser to confirm your email address:<br /><a href="http://www.postjobfree.com/a/c301718062444f96ba0e358ea833c9b3">http://www.postjobfree.com/a/c301718062444f96ba0e358ea833c9b3</a><br />This link will expire on: 6/9/2012 8:04:07 PM EST.<br />
</div></body></html>

Update 2: The reason why HTML is base64 encoded is because I use C# MailMessage to AlternateView to add both plain text and HTML versions of email:

https://stackoverflow.com/questions/44777/sending-a-mail-as-both-html-and-plain-text-in-net

http://msdn.microsoft.com/en-us/library/system.net.mail.mailmessage.alternateviews.aspx

Update 3: Changing from base64 encoding (default in MailMessage C# class) to SevenBit encoding did not help. At least not in development environment, when I'm sending links with "localhost" in them. Here's the email rejected as phishing suspect:

Delivered-To: [email protected]
Received: by 10.112.84.98 with SMTP id x2csp72117lby;
        Sat, 9 Jun 2012 15:16:37 -0700 (PDT)
Received: by 10.60.28.37 with SMTP id y5mr11589839oeg.35.1339280196971;
        Sat, 09 Jun 2012 15:16:36 -0700 (PDT)
Return-Path: <[email protected]>
Received: from smtp.postjobfree.com (smtp.postjobfree.com. [208.43.198.72])
        by mx.google.com with ESMTP id qk9si7300498obc.155.2012.06.09.15.16.36;
        Sat, 09 Jun 2012 15:16:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 208.43.198.72 as     permitted sender) client-ip=208.43.198.72;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 208.43.198.72 as permitted sender) [email protected]; dkim=pass [email protected]
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns;
        d=postjobfree.com; s=postjobfree.com;
        h=          received:message-id:mime-version:from:to:date:subject:content-type;
        b=MT47O2t6ibFcQKArmtx1vWeppQk1noTpazu2I8cQtT9k8aBgSgG0eCTfgMIBm4Hhw
          ienz58tHV8t2IbftHPY2NdD8uaWMm7vsPmZC4MYECfHeMkgz/H5/SqpPIcbodnGtp
          0kvyijSuB3ZRf81+mZUid9zzIcGVAZy+UdTlBQ9zA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=postjobfree.com; s=postjobfree.com;
        h=content-type:subject:date:to:from:mime-version:message-id;
        bh=iEOndDXrxsEIf7PWPR7Mg8nS7FdoL0hyooPO8HHf7ms=;
        b=sPF/JTndeASFWWRuFh+gGLmLOwPApdN7fQJm0Uz39EtY6C+y0dXqQmYlLOryZszgO
          qyKBzOLCMMdrSdmVERS+ui7gegparxw3TwTXa37YHcHO8Zwr/0lfjE0ho9ofITfqV
          V59H1v0mVLdBAwvVTN6Rl0qNUwmZRc9jHkQOPDtZE=
Received: from quad (c-67-191-103-186.hsd1.fl.comcast.net [67.191.103.186]) by smtp.postjobfree.com with SMTP;
   Sat, 9 Jun 2012 18:16:29 -0400
Message-ID: <20120609221620c0254cdabdf44680bb2217bfab121481@smtp.postjobfree.com>
MIME-Version: 1.0
From: "PostJobFree Notification"
 <[email protected]>
To: [email protected]
Date: 9 Jun 2012 18:16:24 -0400
Subject: Please confirm your email address
Content-Type: multipart/alternative;
 boundary=--boundary_0_421e5237-be5a-40a2-ba77-32fcb2856bdf


----boundary_0_421e5237-be5a-40a2-ba77-32fcb2856bdf
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Please open this link in your browser to confirm your email addre=
ss: =0D=0Ahttp://localhost/PostJobFree/a/054a67e4284a4976bc44e864=
a85f767a =0D=0AThis link will expire on: 6/10/2012 6:16:13 PM EST=
. =0D=0A
----boundary_0_421e5237-be5a-40a2-ba77-32fcb2856bdf
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"></head>
<body><div>
Please open this link in your browser to confirm your email address:<br /><a     href="http://localhost/PostJobFree/a/054a67e4284a4976bc44e864a85f767a">http://localhost/PostJobFree/a/054a67e4284a4976bc44e864a85f767a</a><br />This link will expire on: 6/10/2012 6:16:13 PM EST.<br />
</div></body></html>
----boundary_0_421e5237-be5a-40a2-ba77-32fcb2856bdf--

Update 4: After we redid our email formatting similar to CopyHacker Letter designed by MailChimp (see that answer below) - it significantly improved email deliverability (+ improved readability). I guess deliverability improved because we now avoid some potentially spammy words such as "link".


Mailchimp have an excellent article on How To Avoid Spam Filters

Update: Ok, seeing as I got slammed for just giving this link (to be fair its contents probably wouldn't solve your problem here), I've added more specific to what you're sending.

  1. I suspect its the text you're using. 'Please confirm your email address by clicking the link' - I think you should replace the text with 'Subscribe to this list:'. It may even be as simple as switching from 'please confirm your email' to 'please confirm your subscription' - to indicate you're not trying to get any personal information.
  2. I've no idea why you're adding the HTML as an attachment - if you send a client a normal email from your email client you wouldn't attach it as HTML you just send it as normal HTML (or text) - so why would you do things differently when you're trying not to appear like a spammer?
  3. Given how short your email is you could probably just send it as text - in fact you are sending it as text and as base64 encoded - either send the message as html or as text you don't need both.
  4. When trying to send an email to Gmail they will strip off all the html headers (I found Gmail to be the biggest pain for accepting HTML emails in a correct format)
  5. If you're still getting problems I'd recommend you start sending emails through something like MailChimp - they'll end up looking nicer and you'll have happier customers
  6. What you're being accused of is phishing style emails. Here's an example of one from my junk filter:

Dear online service customer,

Access to your account logged in successfully.

To ensure your protection, we've now blocked access to your accounts. You now need to restore your security details. You won't be able to gain access to your accounts until you've done this.

To restore Please click the link below to restore your account access.

RESTORE YOUR ACCOUNT ACCESS (in the email this is a link to a dodgy site)

© Shop Direct Limited. All Rights Reserved.

Here's an example of a nice please confirm your email from CopyHackers:

Subject: CopyHackers Newsletter: Please Confirm Subscription

Body:

enter image description here


Your email looks spammy to me. Even if I had registered, I likely wouldn't open your link. You need a lot more detail in your message.

  • What do I do if I didn't register?
  • Who am I confirming my address with and why?
  • How do I contact you for more details?
  • What is your web site?

I didn't decode your base64 encoded data (why encode your html), but does it match your text version?

EDIT: Why is the html an attachement? It can be a second format. Neither part needs fancy encoding. Try two parts with headers like:

Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Try examining the source of similar messages you have recieved.

Spammers don't worry about extra keystrokes, but include include non-spam text to try to avoid being seen as spam.

I would expect Google and other volume mailers do parse the structure to see how standard it is. Email clients like Outlook, Thuderbird, and others tend to have good standard structure. Spam often is created with tools which produce poor code with non-standard structure.