Why does my mail get marked as spam?

I Have the server "afspraakmanager.be". It matches everything not to be a spam server.(it isn't by the way): it has reverse dns, spf,dkim,... . But hotmail marks it as spam.

I think the problem is the SPF/DKIM records. when i sent an email to my gmail it says:

"Received-SPF: neutral (google.com: 2a02:348:8e:6048::1 is neither permitted nor denied       
by best guess record for domain of [email protected]) client-ip=2a02:348:8e:6048::1;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 2a02:348:8e:6048::1 is neither permitted nor denied by best
guess record for domain of [email protected]) [email protected];
dkim=neutral (bad format) [email protected]"

So i guess my SPF and DKIM records aren't set up right. But I also don't have a clue what is wrong with them.

this is the zone file:

 ; zone file for afspraakmanager.be

 $ORIGIN afspraakmanager.be.
 $TTL 3600

@    86400    IN SOA ns1.eurodns.com. hostmaster.eurodns.com. (
      2013102003 ; serial
      86400 ; refresh
      7200 ; retry
      604800 ; expire
      86400 ; minimum
      )

@    86400    IN NS    ns1.eurodns.com.
@    86400    IN NS    ns2.eurodns.com.
@    86400    IN NS    ns3.eurodns.com.
@    86400    IN NS    ns4.eurodns.com.

; Mail Exchanger definition
@    600    IN MX    10 smtp

; IPv4 Address definition
@        IN A    37.230.96.72
afspraakmanager.be    600    IN A    37.230.96.72
localhost    86400    IN A    127.0.0.1
smtp    600    IN A    37.230.96.72
www    600    IN A    37.230.96.72

; Text definition
default._domainkey    600    IN TXT    "v=DKIM1\\; k=rsa\\;      p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6pvlZKnbSVXg1Bf3MF2l8xRrKPmqIw2i9Rn1yZ3HEny9qH1vyGXUjdv2O0aQbd5YShSGjtg5H/GedRMLpB0Qb+hBj1yGofOQTdcVtZZfj8qBY5Z7vEkhvtdaogQ0vLjgcwhg0BBuTewEkLxrl9IIzkPMZ1SCtM2Y0RtiUhg2cjQIDAQAB"

; Sender Policy Framework definition
afspraakmanager.be    600    IN SPF    "v=spf1 a mx ptr +all"

The DKIM signature in the header:

    DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=afspraakmanager.be;
s=mail; t=1382361029;
bh=4pDpXBY8rCbX8+MfrklZzpQxaUsa3vSPUYjcDR3KAnU=;
h=Date:From:To:Subject:From;
b=SoBBaAlrueD8qID8txl2SBSqnZgN2lkPCdSPI/m7/YLezIcBedkgIX1NswYiZFl6Z
 AmF8dES73WUaaJjItVHSrdCJK2mJ/Az+vrgNsyk+GqZZ1YPiIlH3gqRrsguhoofXUX
 /gqLlqsLxqxkKKd9EbSzKRHuDGlJCLm5SlL8wnL0=

In your DKIM header, s=mail means that receivers will look up TXT records from mail._domainkeys.afspraakmanager.be to find your public key.

In your DNS config, the RR that contains your public key is default._domainkey.afspraakmanager.be.

You should either change your MTA to use s=default or add a TXT record at mail._domainkeys.afspraakmanager.be with your DKIM record.


I can't speak for you DKIM key, but your SPF record is set up wrong.

You're specifying that the A record, MX record and PTR record are all permitted, and then the +all is saying that any address is valid. If you want to exclude other ip addresses then it needs to be a -all.

You'll also want to declare the SPF record as a text record too, as not all mail servers support the SPF dns type.

Have a look at some of the tools found here for some help in diagnosing.


Your problem is that you're using an IPv6 address to send mail to google.

In itself, that's not a problem except that:

  • You didn't specific the IPv6 address of your MX in your SPF record, thus it will not work
  • Google implements additional requirement for SMTP senders that uses IPv6:

Additional guidelines for IPv6

  • The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected.
  • The sending domain should pass either SPF check or DKIM check. Otherwise, mail might be marked as spam.

The simplest solution is to force your SMTP sender to use IPv4. Otherwise, you will need to add the IPv6 version of your MX to your SPF and make sure it has a valid PTR record.


All of these problems (SPF, IPv6 and DKIM) may not be why your emails are being marked as spam.

If other people are spoofing your domain to send spam, your domain can end up on blacklists or with a poor reputation at reputation services such as SenderBase. SPF and DKIM both work to prevent this kind of spoofing, meaning that your domain's reputation is only caused by you.

But spammers can publish their own SPF and DKIM records so mail providers won't use the presence of these features as a whitelist. The large mail providers all either maintain IP address and domain reputation services or use commercial ones. Hotmail uses SenderScore. Your IP and your domain have neutral reputation with them however you may notice that they still list your domain as not having SPF records. This may be due to DNS caching but it could also be because your SPF record is published using the SPF record type but is not also published using the more common TXT record type.

DMARC is useful for getting feedback on what IP addresses are sending mail claiming to be from you. Even in small environments it can be common for mail to come out of two or three IP addresses. Once you are sure your SPF records are covering all of the IP addresses that send legitimate mail, you can switch the policy to -all. DMARC is simple to set up and, when I did so, I got my first reports within a few hours.

FBLs give you feedback on how well your recipients are liking your email. When they click their "Spam" button, the provider sends you a copy of the email to let you know to unsubscribe that user. It can also work as an early-warning system that someone has compromised your server and is using it to send out spam. Hotmail have an FBL program (which they call JMRP) however I have never managed to successfully sign up for it. Hotmail also have the SNDS program which is very similar but purely for IP addresses. AOL and Yahoo and many other places have FBL programs. Failing to have a working unsubscribe link or even having one that's confusing and difficult to use can cause your recipients to use the spam button.

Hotmail provide a troubleshooting guide and support for senders.

Bounces are important. Failing to unsubscribe bounces is one of the primary reasons for low IP address reputation. Different kinds of bounces require different actions. "No such user" should be treated differently from "Inbox is full" but even "Inbox is full" should result in an unsubscribe eventually. When accounts expire at Hotmail, they go dormant for around 6 months and are then brought back to life as spam traps. Anyone who ignores bounces will end up blacklisted by Hotmail when those bounces becomes spam traps.

Lastly, the best thing you can do to improve your IP address reputation is to send lots of email that people want. Greater volumes of email with low incidents (such as a spam report or triggering content-based spam detection) will improve your reputation faster than the same ratio with a lower volume.