Hey there As the title says, mail from any domain on my server is being flagged as spam by gmail, when it wasn't the case before. Currently on Debian 9 using postfix. mail-tester.com, port25.com, mxtoolbox.com, isnotspam.com all report green; and my mail server does not appear in the blacklists that i've checked. I'm at a loss as to what to try next. Only gmail flags my mails as spam, even after i tell gmail that the messages are not spam, the same message will still go to spam. I'm at a loss as to what else to check, any help would be much appreciated.
have you got verified correct SPF, DKIM and DMARC records set up for the domain that you're sending from? have you got a gmail account you can access? send an email to from the domain that keeps getting marked to spam and then look at it in gmail, you might need to open it in a new window, or select show original, so that you can see the full header details for the email. if you check those headers it should indicate if it's failing any SPF or DKIM checks.
Checked the header details from the gmail web portal, reports my SPF and DKIM have passed. Code: Delivered-To: [email protected] Received: by 2002:ac2:5459:0:0:0:0:0 with SMTP id d25csp5420274lfn; Tue, 14 Jan 2020 02:34:14 -0800 (PST) X-Google-Smtp-Source: APXvYqzXDveFq9NTvbQC2NA6YnlCoEEr6nQZLC44My7UzAGHvVLEWO07LWZbCBJqEzxSPhqKRqP6 X-Received: by 2002:a05:6638:21a:: with SMTP id e26mr14739110jaq.53.1578998054283; Tue, 14 Jan 2020 02:34:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578998054; cv=none; d=google.com; s=arc-20160816; b=RkaQMFsDvAIeASpd9DrWOhoMqMpXnl8gA7gUi+ZpfPiSwcYhOWY3yhtbnlNGQOD4IB 2I2krOHk7HOlsYxmmcxo/DQBJyg7+tOFdovJznaQDpt4VUX/jK5FdHfruwINt1VlETwq yuVIBfN12oDr6yiFFN35dCHV37WlBZP6tnlLFT9m14PRxbWmEJ9kiGfPEqgT4POfSV64 9MTrDQwa41jdwcfqKq5uui/sZq5Fgloi4b0IYPpJcRXwkyCJjISV/lg4SBYWX62iySHG 2MuzbqsY9FyYMLDaVvIXjVahws6pRA896iX89zibTnjWHZe/RH2SNBTyfZdpeqQ5gbC8 Bdiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:message-id:subject:to:from:date :content-transfer-encoding:mime-version:dkim-signature; bh=QujJjZ9HQcnQ1rWAjZi11UmMlDHpRNp5D4ktFS5FBd8=; b=wNQUHfUgaXXXbE4tsHiXNUW+RV6s1foAdslwNR2zIiG44AsAiKwXvdKl8LtPkJrULz QQfe3mbVT1GDSfvIYs0vX3QLsxrTaVh/ZKVrVn31Iyr69dp5hbBkgi0kby/xPfv2X8Uf tGcRf4ocVRNzHjwZzr5InN1N0oD0NVAjxJaovdRUqsFbn7y4SKvYyt/Vq5WJu77p37F3 3Pf03tvWGaPTREUfLNMfeiDAlyl4WkTgz+iqnI/rcsGDHsDR5qf0HiosskLcmETHngjg YaJn/xTaxUpi/4a4OWm1P/RLviLsbazUWqjPr8wrWK8/NC+th4MVOLI+s2nqNI8XXhZY E5Cw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass [email protected] header.s=default header.b=ubVGhxjL; spf=pass (google.com: domain of [email protected] designates IP.AD.DR.ESS as permitted sender) [email protected]; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=anarkware.org Return-Path: <[email protected]> Received: from hostname.domain.tld (hostname.domain.tld. [IP.AD.DR.ESS]) by mx.google.com with ESMTPS id j9si13858460iof.146.2020.01.14.02.34.14 for <[email protected]> (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 14 Jan 2020 02:34:14 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates IP.AD.DR.ESS as permitted sender) client-ip=IP.AD.DR.ESS; Authentication-Results: mx.google.com; dkim=pass [email protected] header.s=default header.b=ubVGhxjL; spf=pass (google.com: domain of [email protected] designates IP.AD.DR.ESS as permitted sender) [email protected]; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=anarkware.org Received: from localhost (localhost.localdomain [127.0.0.1]) by hostname.domain.tld (Postfix) with ESMTP id 3318F41D8D for <[email protected]>; Tue, 14 Jan 2020 10:33:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=anarkware.org; h= user-agent:message-id:subject:subject:from:from:date:date :content-transfer-encoding:content-type:content-type :mime-version; s=default; t=1578998034; x=1580812435; bh=QujJjZ9 HQcnQ1rWAjZi11UmMlDHpRNp5D4ktFS5FBd8=; b=ubVGhxjLSCRE42JEmVbW06A eHEP9YUx7HzQAiiFM53XQHRn14hqAYKB/mhc0KzKI5X3pZwo6RIkksexjHwGyNBb UTES+pRrcFeiJ5CX1rX4UKYqxz9sjlr45UJkmk7aJ4Nw2HAoju0A9C1c8SoP644D 7tsTEwchSnu8W9LjnoXE= X-Virus-Scanned: Debian amavisd-new at hostname.domain.tld Received: from hostname.domain.tld ([127.0.0.1]) by localhost (hostname.domain.tld [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id leqY55Mbvn1k for <[email protected]>; Tue, 14 Jan 2020 10:33:54 +0000 (UTC) Received: from domain.tld (localhost [IPv6:::1]) by hostname.domain.tld (Postfix) with ESMTP id B1B5F41CDB for <[email protected]>; Tue, 14 Jan 2020 10:33:54 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 14 Jan 2020 12:33:54 +0200 From: [email protected] To: [email protected] Subject: Spectrum analysis report Message-ID: <[email protected]> X-Sender: [email protected] User-Agent: Roundcube Webmail/1.2.3 Results inconclusive. These are the header details with identifying details fudged.
Google has a tool to analyze e-mail headers. What does it say for the e-mail you posted? https://support.google.com/mail/answer/29436
Google has outsourced the spam detection to the remote host (you). They require you to register here and fill the forms: https://gmail.com/postmaster
Yeah, the headers in my previous post were taken from the gmail tool. It's the one that reported that my SPF and DKIM checks passed, but the message still ends up in my spam folder. Do I need to do something else on my server outside of adding the TXT to my DNS records?
If it shows you a good/green status and you apply to all the common best practices (SPF/DMARC/DANE...) then you should be fine. Maybe it takes some time to take effect. If it still does not work, go through the sender guidelines required by google: https://support.google.com/mail/answer/81126
I was experiencing the same issue when I just set up my server. I disabled sending over IPv6 to gmail.com adresses because this was giving issues sometimes (only with gmail, and no other provider). I saw that in the DMARC reports. Does mail-tester.com give you a 10/10 score, and how old is/are the domain(s) of the mailserver and sending adress? It can take weeks before your email will not be marked as spam anymore. If SPF, DKIM, and DMARC are correctly setup and there is no abuse of your server it should be working soon.
I didn't know about DANE, so I don't think I have it configured on my server. Are there any other areas I should cover? The spam flagging is happening to all of my domains, both old and new. The server has been operational for ~3 years, and this started happening only recently. Mail-tester.com gives me a 10/10 for all of my messages from my server, for any of the domains, as well as getting a pass from all the other mail testers i've tried. I've added the TXT record from the Postmaster tools to the DNS records of my domains, but messages are still going to spam. I don't have IPv6 configured on my server at the moment, could that be an issue?
DANE is not required and you shouldn't use it unless you know what you're doing. No IPv6 configured can't be the issue. Probably one of your users is sending out spam, you should check the logs and see if someone is sending out a suspicious traffic. Did you run a blacklist check? https://mxtoolbox.com/blacklists.aspx
Thanks for the heads up on DANE, i usually try these things out on my test server before applying them to my real server. And yes, I checked mxtoolbox, my server doesn't appear on their blacklists that i've checked, or on any other blacklist that i've checked. What would suspicious traffic look like in the logs? I check them regularly, and there's not a high amount of traffic for any of my clients.
I understand that it's not related, so it's a very weird issue. It's a 4096 bit key, generated by ISPC.
How do i check and/or change the number of bits used for my DKIM signature? Gmail says it doesn't authenticate messages that use fewer than 1024 bits and I want to make sure that mine does.