Email from Site Still Going to Gmail spam even with DKIM and header say that SPF has passed.


I have my site set up to send users email when they do certain things (sign up for an account or ask to reset their password, etc). I noticed that those email were going to spam on server email address I tried. I used this article:’s-dns-records, to set up DKIM to try and fix this issue. Though, even after setting this up, when I try to send to a Gmail address the mail is still sent to spam.

One thing I have noticed though is that the headers say that Google is seeing the message as having passed the spf and dkim check that is done on incoming emails.

Here is what the headers look like:

Arc-Seal: i=1; a=rsa-sha256; t=1504230674; cv=none;; s=arc-20160816; b=V5HeLxDwcsnKpAgYxZNb2y327zUFXqBVlOJVwUucE0p0ciiofBh8f4lzTRvXmRikEH RWp8pQN5c23PNbn9wpH2+URXZ3AztH//rWZimk9ZEdwtXIl2Xmee1bxlFtdwbQgmkGFa 7BlDnm6VsPfWSC+Q6ZQHttmQJkeAypv5Dl78EjoAvtRJHgKzTknUGJ2WDyqRtTO762/v nnu+szBELhFbjeT42O2GkGQNHL/Tf9lLrQb/9iE62p0bhS8OpLXuavf0ouwsANek+gPy Cje+UXLclo3qgyjLBcOkBdQRBdFaznbquQVKHmPgVgvg1JmmLjtdcCbt5UJU276G3hT6 ebUw==
X-Received: by with SMTP id q25mr624414qtj.260.1504230674918; Thu, 31 Aug 2017 18:51:14 -0700 (PDT)
Return-Path: <>
Arc-Authentication-Results: i=1;; dkim=pass header.s=mail header.b=j/7ZTIv3; spf=pass ( best guess record for domain of designates as permitted sender)
X-Google-Smtp-Source: ADKCNb6Ay63iEYeS0Yo3Uiqm9SaoCqBuBUF/B5Ie5XGGh+Tzbc2etrVP2frHDn6CX6prRYLZ2fps
Mime-Version: 1.0
Authentication-Results:; dkim=pass header.s=mail header.b=j/7ZTIv3; spf=pass ( best guess record for domain of designates as permitted sender)
Arc-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816; h=date:message-id:mime-version:from:subject:to:dkim-signature :arc-authentication-results; bh=JG82wtXzhMJs79kwMbUAuICXbiXMjog4LfHm+AQTwLA=; b=QS47WSXmI9bc3H0B6TISGEoNyZiGOr5ACYhVkcI1paR29dr8XCG+cTgXkqMMzGx8Hj pudsbaV5xQy+IerEBT86E95mjmD4Ig/S44dInQ2AmpeixHF8VKdrpaSTYb+5XsrVNPC2 iWnMOjok7jhQE/BK9SDcIECnmC6+lF3wibW34OjFj/s17/3L1KePDV7+FRRFXAynEYbx PJ1ivsAuITPGAE7wiHc3pvdNfS4JEJLvz6NHc4yLzeVH5NF0yl0pY8wZyCrr6sKh6D/j 79OL04jP1gjuMmMgJn7rC5Yd7Yx+LftzENribPsy0K2ae+oodbj45yG1c5IKr8WiAByx 6Dog==
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1504230674; bh=JG82wtXzhMJs79kwMbUAuICXbiXMjog4LfHm+AQTwLA=; h=To:Subject:From:Date:From; b=j/7ZTIv33UfTIL7NGhFzd2yT5RZJL/0ngNhWI/vWZpK/vwP84/xNB/DOU3MscFetQ UvpSycvqsDMMK1iL75pPObU2Tt8BnRjlYM+6Sjk/4hia6vFfKc7A5Jj8HM+Ww3n6z3 u0NLsKlgWuuZAFSVXoiDfUhc29ohnjq77rIXI6Pk=
Message-Id: <>
Content-Type: text/html;charset=iso-8859-1
Received-Spf: pass ( best guess record for domain of designates as permitted sender) client-ip=;

Can anyone help me figure out why these mails are still being sent to spam? If you need more information, feel free to ask me for it.

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

@Aprexer Thank you for the links! I have tested out the mail-tester and one thing I see is this

The DKIM signature of your message is:

Your public key is:

Key length: 1024bits

Your DKIM signature is not valid

I am confused as to why it does not believe the DKIM signature is valid. Is it because I have somehow set up DKIM wrong?

Another thing google doesn’t like is unsecured mail so make sure you’re using TLS and if you can use S/MIME also.

I see now that when I send html messages, they are not sending with TLS. I am using Let’s Encrypt to give my domain https access. Would I be able to change the postfix settings to be able to use this certificate as well, or is there something that actually needs to go in the header of the email to make gmail see it as encrypted?

Try using and use the content that you’d usually send. Another thing google doesn’t like is unsecured mail so make sure you’re using TLS and if you can use S/MIME also.