dirk2099
By:
dirk2099

Email sent to gmail is flagged as spam.

December 11, 2013 44k views
I am almost ready to give up here. I have a ubuntu server with postfix and I am hosting mutiple domain names with email accounts. Any email address I send from on my server to gmail ends up in a spam folder. I have this SPF record set for all my domains in the DNS and my email still ends up in gmails spam folder. Here is my SPF record: @ v=spf1 mx ip4:192.241.174.155 -all I have checked the spam lists from here http://www.spamhaus.org/query/ip/192.241.174.155 and everything looks good. Any help would be appreciated. I am at a loss. Here is a email header from one email that is put in apm folder Delivered-To: blah@gmail.com Received: by 10.68.204.97 with SMTP id kx1csp344035pbc; Wed, 11 Dec 2013 15:41:50 -0800 (PST) X-Received: by 10.224.55.197 with SMTP id v5mr6990173qag.9.1386805309858; Wed, 11 Dec 2013 15:41:49 -0800 (PST) Return-Path: Received: from blahtech.us (blahtech.us. [192.241.174.155]) by mx.google.com with ESMTP id t13si17143153qef.73.2013.12.11.15.41.49 for ; Wed, 11 Dec 2013 15:41:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of blah@blahtech.us designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of blah@blahtech.us designates 192.241.174.155 as permitted sender) smtp.mail=blah@blahtech.us Received: from localhost (localhost [127.0.0.1]) by blahtech.us (Postfix) with ESMTP id 29E78A13FB for ; Wed, 11 Dec 2013 18:41:49 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at blahtech.us Received: from blahtech.us ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvifmUrXjonV for ; Wed, 11 Dec 2013 18:41:48 -0500 (EST) Received: from blah.com (localhost [127.0.0.1]) by blahtech.us (Postfix) with ESMTP id B45E0A13EF for ; Wed, 11 Dec 2013 18:41:48 -0500 (EST) Received: from 50.165.145.244 (SquirrelMail authenticated user blah@blahtech.us) by blah.com with HTTP; Wed, 11 Dec 2013 18:41:48 -0500 Message-ID: <8f7a1823da66577b49c4fccd524b7e95.squirrel@blah.com> Date: Wed, 11 Dec 2013 18:41:48 -0500 Subject: Wed night hockey From: blah@blahtech.us To: blahblah1@gmail.com User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal
32 Answers
"Received: from localhost (localhost [127.0.0.1])"

In all likelihood, there's your problem. A LOT of spammers use localhost in the email header b/c they're relying on a spoofed domain name. So, despite the SPF record, you're sending the receiving mail-servers mixed signals.

Given that your SPF record is using the "hard fail" qualifier, i.e. -all, it's no surprise that Gmail is sending your mail to the Spam folder. It might help to change it to "soft fail," i.e. ~all. See How To use an SPF Record to Prevent Spoofing & Improve E-mail Reliability.

Nevertheless, you're better off with a properly set /etc/hosts file. See Setting the Hostname & Fully Qualified Domain Name (FQDN) on Ubuntu 12.04 or CentOS 6.4 | GitHub.
by Pablo Carranza
A carefully tailored SPF record will reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from getting flagged as spam before they reach your recipients.
  • Hi @pablo,

    I am in the same situation actually. All my sent emails are flagged as spams. I correctly setup SPF, DKIM and properly set /etc/hosts file. Please, is there any way to remove Received: from localhost (localhost [127.0.0.1]) from the header ?

    Best,

    Edouard.

Thank you for the help.

I am a little confused on one thing.
I am trying to set the FQDN and right now the /etc/hosts has:
127.0.0.1 localhost blahtech

Should I remove the localhost and have the line say:
127.0.0.1 blahtech

or should i have:
192.241.174.155 blahtech

Thank you
Don't remove localhost, remove blahtech and add a new line above it that says 127.0.0.1 blahtech .

So /etc/hosts will look like this:
127.0.0.1 blahtech

127.0.0.1 localhost
[...]
This is how my
/etc/hosts
file looks like now:

127.0.0.1 blahtech
127.0.0.1 localhost


If I do
hostname -f
in the terminal my hostname shows up as blahtech.us which is correct.

But when I send a email the email header still has localhost in it.



Delivered-To: blahblah1@gmail.com
Received: by 10.68.204.97 with SMTP id kx1csp418090pbc;
Thu, 12 Dec 2013 11:56:56 -0800 (PST)
X-Received: by 10.49.76.66 with SMTP id i2mr16662763qew.35.1386878216527;
Thu, 12 Dec 2013 11:56:56 -0800 (PST)
Return-Path:
Received: from blahtech.us (blahtech.us. [192.241.174.155])
by mx.google.com with ESMTP id e16si19805596qej.91.2013.12.12.11.56.56
for ;
Thu, 12 Dec 2013 11:56:56 -0800 (PST)
Received-SPF: pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) smtp.mail=info@blahgranola.com
Received: from localhost (localhost [127.0.0.1])
by blahtech.us (Postfix) with ESMTP id E3A53A2E4C
for ; Thu, 12 Dec 2013 14:56:55 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at blahtech.us
Received: from blahtech.us ([127.0.0.1])
by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id M-iVFP5FI675 for ;
Thu, 12 Dec 2013 14:56:55 -0500 (EST)
Received: from blahblah.com (localhost [127.0.0.1])
by blahtech.us (Postfix) with ESMTP id A0F7CA2E45
for ; Thu, 12 Dec 2013 14:56:55 -0500 (EST)
Received: from 50.138.128.223
(SquirrelMail authenticated user info@blahgranola.com)
by blahblah.com with HTTP;
Thu, 12 Dec 2013 14:56:55 -0500
Message-ID:
Date: Thu, 12 Dec 2013 14:56:55 -0500
Subject: test
From: info@blahgranola.com
To: blahblah1@gmail.com
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

egre

  • maybe too late for you, but others can help...
    check your /etc/postfix/main.cf

    myhostname = yourdomain.com
    
Did you reboot your droplet?
Nope but I rebooted now and I think its fixed.

I still localhost listed in the header after
Received: from localhost (blahtech [127.0.0.1])




Delivered-To: blahblah1@gmail.com
Received: by 10.68.204.97 with SMTP id kx1csp421854pbc;
Thu, 12 Dec 2013 12:53:44 -0800 (PST)
X-Received: by 10.224.127.74 with SMTP id f10mr9660112qas.56.1386881624569;
Thu, 12 Dec 2013 12:53:44 -0800 (PST)
Return-Path:
Received: from blahtech.us (blahtech.us. [192.241.174.155])
by mx.google.com with ESMTP id r10si11014534qak.130.2013.12.12.12.53.42
for ;
Thu, 12 Dec 2013 12:53:43 -0800 (PST)
Received-SPF: pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) smtp.mail=info@blahgranola.com
Received: from localhost (blahtech [127.0.0.1])
by blahtech.us (Postfix) with ESMTP id 6AD2AA2E1B
for ; Thu, 12 Dec 2013 15:53:41 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at blahtech.us
Received: from blahtech.us ([127.0.0.1])
by localhost (blahtech.us [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 4Qu-wLkQ3AUt for ;
Thu, 12 Dec 2013 15:53:41 -0500 (EST)
Received: from blahblah.com (blahtech [127.0.0.1])
by blahtech.us (Postfix) with ESMTP id E50F2A2CCB
for ; Thu, 12 Dec 2013 15:53:40 -0500 (EST)
Received: from 50.138.128.223
(SquirrelMail authenticated user info@blahgranola.com)
by blahblah.com with HTTP;
Thu, 12 Dec 2013 15:53:40 -0500
Message-ID: <0ffb94d941b77c6674f3afd011941f6e.squirrel@blahblah.com>
Date: Thu, 12 Dec 2013 15:53:40 -0500
Subject: test66
From: info@blahgranola.com
To: blahblah1@gmail.com
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal

fgregre
"Should I remove the localhost and have the line say:"

No! I provided an example of what your /etc/hosts file should look like @ Setting the Hostname & Fully Qualified Domain Name (FQDN) on Ubuntu 12.04 or CentOS 6.4 | GitHub.
I don't know if this might be relevant or not. When I created my first droplet, the emails I sent to comcast, gmail, hotmail, and yahoo, were going into spam as well. After researching I found out it was my PTR records that weren't set properly.

So I went into my DO DNS settings and notice my PTR record said server1 and I change it to server1.mydomain.com which is my hostname.

That solved the issue for me.
"After researching I found out it was my PTR records that weren't set properly."

Ya, the How To Create Your First DigitalOcean Droplet Virtual Server article needs a semi-major overhaul.

It appears as though the article was written b/f DigitalOcean rolled out its DNS Manager, but the article was never updated to reflect (i) the importance of PTR records and (ii) the fact that a PTR record is automatically created from the hostname assigned to a droplet in the DigitalOcean Control Panel. Consequently, users that do not format their hostname as a FQDN, in the DO Control Panel, are doomed from the start.
by Etel Sverdlov
Once you log into DigitalOcean, you will need to create your first server. This tutorial will walk you through the steps to need to make your first DigitalOcean droplet. These include choosing your server's size, location, and linux distribution. It will also also show you to log into your server.
I am seriously confused now. Sorry and I really thank you guys for all the help.

I have the hostname set in my digital ocean control panel to
blahtech.us
and I have my
/etc/hosts
file to
127.0.0.1    blahtech

127.0.0..1 localhost


I also have the
/etc/hostname
file set to
blahtech.us


In the DNS records for one of my domain names blahgranola.com I have an "A" record set as
A   mail    192.241.174.155


Please keep in mind I have several domain names for multiple clients.
If you would only take a look at the article I cited to -- twice before -- you would see that your /etc/hosts file should be formatted like this.
I have been reading your article and I have found it informative but I am a little confused thats all.

I think I have it now.

127.0.0.1 localhost.localdomain localhost
127.0.1.1 mail.blahtech.us
127.0.1.1 mail.blahgranola.com
192.241.174.155 mail.blahtech.us
192.241.174.155 mail.blahgranola.com


Is that a typo in the localhost ip? 127.0.1.1 Shouldn't it be 127.0.0.1?
"Is that a typo in the localhost ip? 127.0.1.1 Shouldn't it be 127.0.0.1?"

I take back my previous comment. localhost is ALWAYS 127.0.0.1; but, on Debian-based system, such as Ubuntu, you need the second 127.0.1.1 ... line in the /etc/hosts file, as well.
okay so is this correct? I followed what I could from your article and did a little google searching to put this together. Email still goes into gmails spam folder with these settings. I have two domain names here blahtech.us and blahgranola.com

my
/etc/hosts
file:

127.0.0.1 localhost.localdomain localhost
127.0.1.1 btserver.blahtech.us btserver
127.0.1.1 btserver.blahgranola.com btserver
192.241.174.155 btserver.blahtech.us btserver
192.241.174.155 btserver.blahgranola.com btserver


My
/etc/hostname
file:
btserver


My digitalocean control panel -> settings -> rename
btserver


And again thank you for the help.
RE: the Hostname you specify in the DigitalOcean Control Panel

Did you see @Raul Cruz's comment, above? Use a Fully Qualified Domain Name (FQDN), e.g. btserver.blahtech.us.
I set the digitalocean control panel host name to
btserver.blahtech.us
and email still goes to spam in gmail. Do I need to create any sort of "A" record in my blahtech.us DNS like
A   btserver  192.241.174.155
?

Or maybe I need to just wait a few hours for everything to resolve?
Email still goes to spam. I am almost ready to give up. Do you have any other suggestions?
Everything passes except the SOA serial number has a warning and the server returned no glue records. The SPF passes So I am at a loss.

I just noticed hotmail flags email from my server as spam as well. This is not good.

I appreciate all the help.
"I just noticed hotmail flags email from my server as spam as well."

From both domains?
Yes both domains.

I also used this service:
www.mail-tester.com

and my domains have a 9/10 score and the only thing wrong is the message is not signed with DKIM.
Actually Hotmail is excepting emails now. It is just Gmail once again.
I think I found the problem. A bot was using a old contact form submission script that I had forgotten about years ago on my server to spam the hell out of my gmail account. I never had any bot checks on that script so the bot was able to send over a 100 emails a day to my gmail account. Gmail must of blacked flagged the servers IP from this.

I have removed the script and the spam has stopped.

I am hoping maybe within a few days or so this might clear up the spam flag and if not I may have to change the servers IP and see if that helps.

I appreciate all the help from everyone here. If anything I was able to fix a bunch of other issues with my email server from the help of the people here.

Thank you
50% of digital ocean's AMS datacenter's IP's are blacklisted. That's why your email are going in to a spam folder in gmail.
  • Assuming this is true...

    1. is this something i can control/avoid with proper mail server/DNS/FQDN setup or is it a roll of the dice depending on the IP of my droplet?
    2. Is there a common alternative you could share?
I have the same problem, in my mails appears Received: from mydomain.com (mydomain.com[127.0.0.1]), anyone knows how can I resolve it?
Have another answer? Share your knowledge.