Google began sending mails from my server to SPAM folder

H

hruodr

I comply with everything here:

Email sender guidelines - Google Workspace Admin Help

The guidelines in this article can help you successfully send and deliver email to personal Gmail accounts. Starting in 2024, email senders must meet the requirements described here to send email to G
support.google.com support.google.com

The Server is only experimental, mail relay is filtered with most strict spamhouse db, no signal misuse.

It is frustrating, it seems one is forced to use the service of big mail providers.
 
did you look at the message headers of those mails that end up in spam? they provide a reason why the mail was considered spam.

in the web interface just go to a message, click on the three vertical dots icon and press on 'show original'.
 
Some keywords in the periodic emails seem to trigger spam filters. Even SpamAssassin sometimes marks it as "*** SPAM ***" every now and then.
 
There are some useful (free) websites out there that you can send an email to and a report is generated. That's how I discovered that I'd screwed up one of my DKIM dns records when changing DNS providers (classic copy and paste error). Might be of use to you?
 
Google does not give any reason in the headers. What Header should contain it?

DKIM, SPF and DMARC appear as passed.

Web.de does not put it in spam. Gmail was more tolerant. Something should have changed.

dazza said:
There are some useful (free) websites out there that you can send an email to and a report is generated.
Click to expand...
I know such a site for proving the configuration of the server, I did it once and my server did not change since.
 
I had cleaned my periodic mail folder yesterday. So couldn't find an example.

But found one still stuck in the spam folder spamassasin marked as '*** SPAM ***', you want to know the reason?

It was one of the daily security emails. It shows a number of failed ssh login attempts. It's an internet facing server, so there's quite a few of them. Their reverse lookups (IP to hostname) showed
several "bad" hostnames in the logs. And SpamAssassin triggered on that.

Code: 
  0.1 URIBL_CSS_A            Contains URL's A record listed in the Spamhaus CSS
                             blocklist
                         [URI: net-2-37-223-58.cust.vodafonedsl.it/2.37.223.58]
  0.0 URIBL_PH_SURBL         Contains an URL listed in the PH SURBL blocklist
         [URI: scale-down-test-1748994803065-f8d487a5.mongo.ondigitalocean.com]
{...}
  3.2 MANY_SUBDOM            Lots and lots of subdomain parts in a URI

All these failed logins from (probably infected) hosts caused the score to go above a threshold and it then marked it as spam.
 
SirDice said:
But found one still stuck in the spam folder spamassasin marked as '*** SPAM ***'
Click to expand...
But I am speaking about google receiving the mails from my server.
I have no spam filter in my mail reader (alpine), I see the classification of google.
Google has other means to recognize spam, can see the lot of people that receive it on their servers and decide.
 
hruodr said:
Google does not give any reason in the headers. What Header should contain it?

DKIM, SPF and DMARC appear as passed.
Click to expand...

Looking at the latest mail in my gmail spam folder and I can see all the X-Proofpoint* headers presumably added by google?.
among which

X-Proofpoint-Spam-Details: rule=probablespam policy=default score=95 bulkscore=0 mlxlogscore=-125 clxscore=1015 adultscore=0 suspectscore=0 phishscore=0 malwarescore=0 mlxscore=95 spamscore=95 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.22.0-2506270000 definitions=main-2510060172
Click to expand...

you'll have to search around what the labels mean in the context of the proofpoint software and try to adjust accordingly.
 
freezmi said:
presumably added by google?
Click to expand...
No, that is not added by Google. Not even real spam has that header. According to a google search:

The X-Proofpoint-Spam-Details: header is an email header generated by Proofpoint's email security system to provide details about why an email was classified as spam or malicious.
Click to expand...

I do not have that sofptware.
 
This annoying game of cat-and-mouse ended when I finally caved and started relaying all my outgoing mail through AWS SES. My volume is low enough to be able to do that for free, but it sure doesn't feel right. The big providers are indeed strong-arming the rest of the world out of self-hosting mail. I'm hosting at Hetzner, and it's apparently fair game for companies like Google to flag e-mail coming from their ASN as suspicous even though my server had been running as an exemplary citizen for literally years before.
 
hruodr said:
> X-Proofpoint-Spam-Details:
No, that is not added by Google. Not even real spam has that header. According to a google search:


I do not have that sofptware.
Click to expand...
I don't have it either, it was added somewhere between the spammer and google then, it's not specified in the headers on which hop the antispam software was run.

but you mentioned google's postmaster tools. I added my domain and I see that they provide stats on spam report rate, ip/domain reputation, arc/delivery error counts even retroactively.

everything looks squeaky clean for your domain?
 
freezmi said:
everything looks squeaky clean for your domain?
Click to expand...
I get:

No data to display at this time. Please come back later.
Postmaster Tools requires that your domain satisfies certain conditions before data is visible for this chart. Refer to the help page for more details.
Click to expand...

I must see what to do ...

EDIT: There is nothing to do, my domains were and are verified.
I do not get info probably because few mails are sent and hence no spam.
 
You must log in or register to reply here.
Back
Top