Andy's Technical Notes Main Security Page

Common reasons for your mail being blocked as spam


If your mail was blocked and you were directed here as part of it, make sure your message isn't using the fancey features as in the 'User Level' section, and then get your email system administrator onto this page for their part of othe equation. For end user tips to avoid geting on (more) spam lists see user spam avoidance (aka safe internet use)
 

User Level

Make sure your message doesn't make a lot of use of the fancy features that your email client may be letting you use that may work just fine to some locations. Some of the antispam options do consider messages containing lots of red, blinking, and/or large text as a spam like feature as well as none white backgrounds and messages that are just images. Basically these antispam measures look for the those loud, crude, and brassy used car salesmenship type messages which is the approach the spammers love so much.
- A simple test of this is to send a plain text(eg 'This is a test') message to the same location that blocked you and make sure it is formated in Text, not HTML (if you can change colour or font size then you are not in plain text format). All emailers do have this as a option or property both as a default and for each message, the challenge is in finding it.

You sent an attached file of a type that can be used by virus and worm writers to do their dasterdly deads. For information on the file types and how to get around those blocks if you really need to, see MIT's page on the topic.
 


System Level

This part is intended for email system administrators.

Your message(s) was refused because your system was unable to verify it was who it was claiming to be. Faking the originating source is a very common technique used in the spreading of spam, and most email worms come from infected PCs that tend to not be registered email servers.

Part of your email service/server(s) has failed one or more of the following tests.

  • The message claims to be from a domain that did not exist within the global DNS at the time it was being sent.
       - The fix is to make sure your domain name is properly registered with an appropriate root authority and that your redundant DNS servers are in seperate locations. A tool to test is to enter your domain(s) into DNSreport to make sure you don't have any failures and few if any warnings.
  • The message is not coming from one of your registered email servers. By registered we mean having a DNS MX record pointing to it. DNSreport will show which are your registered email servers and test them.
       - The fix is to make sure all email only goes out of email servers that have the appropriate MX, A, PTR, and SPF, DNS records set.
  • Your email server's IP address(es) does not have a PTR record registered for it. Again DNSreport will test that for each known email server. This is set with where you get your IP address from vs where your DNS is set.
       - The fix is to so make sure email only goes out on the IP address your MX records point to or that you know how to (and actually check) NSlookup PTR recoreds
  • One or more of your servers have an Open Relay on it, and this has been detected by one or more of the black lists. Generally these black lists will have attempted to notify you based on back tracking through the above tests and through default addresses such as admin, postmaster, & abuse within your domain(s) so you should have received instructions on how to clear your system from the black list once you have closed your open relay.
       - The fix is to close the open relay. If you need a partial relay for any reason, make sure it is tightly controled and that clients using SMTP to send are required to authenticate before sending.
  • Your primary public DNS servers are IPv6 capable, but don't any AAAA(IPv6) records set for your domain(s). While not strictly an antispam issue, it is certainly a known growing pain on the evolution of the InterNet that may effect you.
       - The fix is to add a blank AAAA resource record for your domain(s) with 00:00:00:00:00:00:00:00 as the entry.
  • Your system may be Blacklisted. Check the various lists with MXtoolbox, and Robtex
  • You don't have a SPF record or Sender Policy Framework or where you were sending email from does not match what is in your SPF record. You can test with these tools.
  • - and yes this list will likely grow as we gradually harden the whole email system to be more trustworthy.

    Note that not all of these tests are always of the pass or fail level or that they are all tested. An increasing number of antispam products count each symptom of spam with a point value and if the message goes over a certain number it is rejected. Most of these tests are used for some fairly hefty point values so cleaning as much of these up as possible will help keep your systems email from being treated as spam or from being used by spammers.

    Making sure all of these are set correctly can be challenging so if you do find you are hitting a brick wall, remember that Konecny Consulting Inc. is in the business of fixing or helping you fix these problems since the dawn of email spam. We can either do the work directly or we can train you to be self sufficient on this matter. This page is just a warm up of this topic.
       

    Last updated 2020-04-06