Menu
dirk2099
By:
dirk2099

Email sent to gmail is flagged as spam.

December 11, 2013 44k views
I am almost ready to give up here. I have a ubuntu server with postfix and I am hosting mutiple domain names with email accounts. Any email address I send from on my server to gmail ends up in a spam folder. I have this SPF record set for all my domains in the DNS and my email still ends up in gmails spam folder. Here is my SPF record: @ v=spf1 mx ip4:192.241.174.155 -all I have checked the spam lists from here http://www.spamhaus.org/query/ip/192.241.174.155 and everything looks good. Any help would be appreciated. I am at a loss. Here is a email header from one email that is put in apm folder Delivered-To: blah@gmail.com Received: by 10.68.204.97 with SMTP id kx1csp344035pbc; Wed, 11 Dec 2013 15:41:50 -0800 (PST) X-Received: by 10.224.55.197 with SMTP id v5mr6990173qag.9.1386805309858; Wed, 11 Dec 2013 15:41:49 -0800 (PST) Return-Path: Received: from blahtech.us (blahtech.us. [192.241.174.155]) by mx.google.com with ESMTP id t13si17143153qef.73.2013.12.11.15.41.49 for ; Wed, 11 Dec 2013 15:41:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of blah@blahtech.us designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of blah@blahtech.us designates 192.241.174.155 as permitted sender) smtp.mail=blah@blahtech.us Received: from localhost (localhost [127.0.0.1]) by blahtech.us (Postfix) with ESMTP id 29E78A13FB for ; Wed, 11 Dec 2013 18:41:49 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at blahtech.us Received: from blahtech.us ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lvifmUrXjonV for ; Wed, 11 Dec 2013 18:41:48 -0500 (EST) Received: from blah.com (localhost [127.0.0.1]) by blahtech.us (Postfix) with ESMTP id B45E0A13EF for ; Wed, 11 Dec 2013 18:41:48 -0500 (EST) Received: from 50.165.145.244 (SquirrelMail authenticated user blah@blahtech.us) by blah.com with HTTP; Wed, 11 Dec 2013 18:41:48 -0500 Message-ID: <8f7a1823da66577b49c4fccd524b7e95.squirrel@blah.com> Date: Wed, 11 Dec 2013 18:41:48 -0500 Subject: Wed night hockey From: blah@blahtech.us To: blahblah1@gmail.com User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal
Log In to Comment
32 Answers
pablo December 12, 2013
"Received: from localhost (localhost [127.0.0.1])"

In all likelihood, there's your problem. A LOT of spammers use localhost in the email header b/c they're relying on a spoofed domain name. So, despite the SPF record, you're sending the receiving mail-servers mixed signals.

Given that your SPF record is using the "hard fail" qualifier, i.e. -all, it's no surprise that Gmail is sending your mail to the Spam folder. It might help to change it to "soft fail," i.e. ~all. See How To use an SPF Record to Prevent Spoofing & Improve E-mail Reliability.

Nevertheless, you're better off with a properly set /etc/hosts file. See Setting the Hostname & Fully Qualified Domain Name (FQDN) on Ubuntu 12.04 or CentOS 6.4 | GitHub.
How To use an SPF Record to Prevent Spoofing & Improve E-mail Reliability
by Pablo Carranza
A carefully tailored SPF record will reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from getting flagged as spam before they reach your recipients.
Reply
  • lorenz September 11, 2014
    [deleted]
  • eduleboss July 29, 2016

    Hi @pablo,

    I am in the same situation actually. All my sent emails are flagged as spams. I correctly setup SPF, DKIM and properly set /etc/hosts file. Please, is there any way to remove Received: from localhost (localhost [127.0.0.1]) from the header ?

    Best,

    Edouard.

dirk2099 December 12, 2013
Thank you for the help.

I am a little confused on one thing.
I am trying to set the FQDN and right now the /etc/hosts has:
127.0.0.1 localhost blahtech

Should I remove the localhost and have the line say:
127.0.0.1 blahtech

or should i have:
192.241.174.155 blahtech

Thank you
Reply
kamaln7 MOD December 12, 2013
Don't remove localhost, remove blahtech and add a new line above it that says 127.0.0.1 blahtech .

So /etc/hosts will look like this: 
127.0.0.1 blahtech

127.0.0.1 localhost

[...]
Reply
dirk2099 December 12, 2013
This is how my 
/etc/hosts
file looks like now: 

127.0.0.1 blahtech

127.0.0.1 localhost


If I do 
hostname -f
in the terminal my hostname shows up as blahtech.us which is correct.

But when I send a email the email header still has localhost in it. 


                                                                                                                                                                                                                                                               

Delivered-To: blahblah1@gmail.com

Received: by 10.68.204.97 with SMTP id kx1csp418090pbc;

        Thu, 12 Dec 2013 11:56:56 -0800 (PST)

X-Received: by 10.49.76.66 with SMTP id i2mr16662763qew.35.1386878216527;

        Thu, 12 Dec 2013 11:56:56 -0800 (PST)

Return-Path: 

Received: from blahtech.us (blahtech.us. [192.241.174.155])

        by mx.google.com with ESMTP id e16si19805596qej.91.2013.12.12.11.56.56

        for ;

        Thu, 12 Dec 2013 11:56:56 -0800 (PST)

Received-SPF: pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155;

Authentication-Results: mx.google.com;

       spf=pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) smtp.mail=info@blahgranola.com

Received: from localhost (localhost [127.0.0.1])

	by blahtech.us (Postfix) with ESMTP id E3A53A2E4C

	for ; Thu, 12 Dec 2013 14:56:55 -0500 (EST)

X-Virus-Scanned: Debian amavisd-new at blahtech.us

Received: from blahtech.us ([127.0.0.1])

	by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)

	with ESMTP id M-iVFP5FI675 for ;

	Thu, 12 Dec 2013 14:56:55 -0500 (EST)

Received: from blahblah.com (localhost [127.0.0.1])

	by blahtech.us (Postfix) with ESMTP id A0F7CA2E45

	for ; Thu, 12 Dec 2013 14:56:55 -0500 (EST)

Received: from 50.138.128.223

        (SquirrelMail authenticated user info@blahgranola.com)

        by blahblah.com with HTTP;

        Thu, 12 Dec 2013 14:56:55 -0500

Message-ID: 

Date: Thu, 12 Dec 2013 14:56:55 -0500

Subject: test

From: info@blahgranola.com

To: blahblah1@gmail.com

User-Agent: SquirrelMail/1.4.22

MIME-Version: 1.0

Content-Type: text/plain;charset=iso-8859-1

Content-Transfer-Encoding: 8bit

X-Priority: 3 (Normal)

Importance: Normal



egre

Reply
  • djanym December 23, 2016

    maybe too late for you, but others can help...
    check your /etc/postfix/main.cf

    myhostname = yourdomain.com
kamaln7 MOD December 12, 2013
Did you reboot your droplet?
Reply
dirk2099 December 12, 2013
Nope but I rebooted now and I think its fixed.

I still localhost listed in the header after 
Received: from localhost (blahtech [127.0.0.1])



                                                                                                                                                                                                                                                               

Delivered-To: blahblah1@gmail.com

Received: by 10.68.204.97 with SMTP id kx1csp421854pbc;

        Thu, 12 Dec 2013 12:53:44 -0800 (PST)

X-Received: by 10.224.127.74 with SMTP id f10mr9660112qas.56.1386881624569;

        Thu, 12 Dec 2013 12:53:44 -0800 (PST)

Return-Path: 

Received: from blahtech.us (blahtech.us. [192.241.174.155])

        by mx.google.com with ESMTP id r10si11014534qak.130.2013.12.12.12.53.42

        for ;

        Thu, 12 Dec 2013 12:53:43 -0800 (PST)

Received-SPF: pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) client-ip=192.241.174.155;

Authentication-Results: mx.google.com;

       spf=pass (google.com: domain of info@blahgranola.com designates 192.241.174.155 as permitted sender) smtp.mail=info@blahgranola.com

Received: from localhost (blahtech [127.0.0.1])

	by blahtech.us (Postfix) with ESMTP id 6AD2AA2E1B

	for ; Thu, 12 Dec 2013 15:53:41 -0500 (EST)

X-Virus-Scanned: Debian amavisd-new at blahtech.us

Received: from blahtech.us ([127.0.0.1])

	by localhost (blahtech.us [127.0.0.1]) (amavisd-new, port 10024)

	with ESMTP id 4Qu-wLkQ3AUt for ;

	Thu, 12 Dec 2013 15:53:41 -0500 (EST)

Received: from blahblah.com (blahtech [127.0.0.1])

	by blahtech.us (Postfix) with ESMTP id E50F2A2CCB

	for ; Thu, 12 Dec 2013 15:53:40 -0500 (EST)

Received: from 50.138.128.223

        (SquirrelMail authenticated user info@blahgranola.com)

        by blahblah.com with HTTP;

        Thu, 12 Dec 2013 15:53:40 -0500

Message-ID: <0ffb94d941b77c6674f3afd011941f6e.squirrel@blahblah.com>

Date: Thu, 12 Dec 2013 15:53:40 -0500

Subject: test66

From: info@blahgranola.com

To: blahblah1@gmail.com

User-Agent: SquirrelMail/1.4.22

MIME-Version: 1.0

Content-Type: text/plain;charset=iso-8859-1

Content-Transfer-Encoding: 8bit

X-Priority: 3 (Normal)

Importance: Normal



fgregre
Reply
pablo December 12, 2013
"Should I remove the localhost and have the line say:"

No! I provided an example of what your /etc/hosts file should look like @ Setting the Hostname & Fully Qualified Domain Name (FQDN) on Ubuntu 12.04 or CentOS 6.4 | GitHub.
Reply
aguilar1181 December 13, 2013
I don't know if this might be relevant or not. When I created my first droplet, the emails I sent to comcast, gmail, hotmail, and yahoo, were going into spam as well. After researching I found out it was my PTR records that weren't set properly.

So I went into my DO DNS settings and notice my PTR record said server1 and I change it to server1.mydomain.com which is my hostname.

That solved the issue for me.
Reply
pablo December 13, 2013
"After researching I found out it was my PTR records that weren't set properly."

Ya, the How To Create Your First DigitalOcean Droplet Virtual Server article needs a semi-major overhaul.

It appears as though the article was written b/f DigitalOcean rolled out its DNS Manager, but the article was never updated to reflect (i) the importance of PTR records and (ii) the fact that a PTR record is automatically created from the hostname assigned to a droplet in the DigitalOcean Control Panel. Consequently, users that do not format their hostname as a FQDN, in the DO Control Panel, are doomed from the start.
How To Create Your First DigitalOcean Droplet Virtual Server
by Etel Sverdlov
Once you log into DigitalOcean, you will need to create your first server. This tutorial will walk you through the steps to need to make your first DigitalOcean droplet. These include choosing your server's size, location, and linux distribution. It will also also show you to log into your server.
Reply
dirk2099 December 13, 2013
I am seriously confused now. Sorry and I really thank you guys for all the help.

I have the hostname set in my digital ocean control panel to 
blahtech.us
and I have my 
/etc/hosts
file to 
127.0.0.1    blahtech

127.0.0..1    localhost


I also have the 
/etc/hostname
file set to 
blahtech.us


In the DNS records for one of my domain names blahgranola.com I have an "A" record set as 
A   mail    192.241.174.155


Please keep in mind I have several domain names for multiple clients.
Reply
pablo December 13, 2013
If you would only take a look at the article I cited to -- twice before -- you would see that your /etc/hosts file should be formatted like this.
Reply
dirk2099 December 13, 2013
I have been reading your article and I have found it informative but I am a little confused thats all.

I think I have it now. 

127.0.0.1  localhost.localdomain  localhost

127.0.1.1  mail.blahtech.us

127.0.1.1  mail.blahgranola.com

192.241.174.155  mail.blahtech.us 

192.241.174.155  mail.blahgranola.com

Reply
dirk2099 December 13, 2013
Is that a typo in the localhost ip? 127.0.1.1 Shouldn't it be 127.0.0.1?
Reply
pablo December 13, 2013
No, it's not a typo. See 127.0.1.1 ? Ubuntu / Debian and/or /etc/hosts and resolving of the local host/domainname - 127.0.0.1 vs. 127.0.1.1.
Reply
pablo December 13, 2013
"Is that a typo in the localhost ip? 127.0.1.1 Shouldn't it be 127.0.0.1?"

I take back my previous comment. localhost is ALWAYS 127.0.0.1; but, on Debian-based system, such as Ubuntu, you need the second 127.0.1.1 ... line in the /etc/hosts file, as well.
Reply
dirk2099 December 14, 2013
okay so is this correct? I followed what I could from your article and did a little google searching to put this together. Email still goes into gmails spam folder with these settings. I have two domain names here blahtech.us and blahgranola.com

my 
/etc/hosts
file: 

127.0.0.1  localhost.localdomain  localhost

127.0.1.1  btserver.blahtech.us btserver

127.0.1.1  btserver.blahgranola.com btserver

192.241.174.155  btserver.blahtech.us btserver

192.241.174.155  btserver.blahgranola.com btserver


My 
/etc/hostname
file: 
btserver


My digitalocean control panel -> settings -> rename 
btserver


And again thank you for the help.
Reply
pablo December 14, 2013
RE: the Hostname you specify in the DigitalOcean Control Panel

Did you see @Raul Cruz's comment, above? Use a Fully Qualified Domain Name (FQDN), e.g. btserver.blahtech.us.
Reply
dirk2099 December 14, 2013
I set the digitalocean control panel host name to 
btserver.blahtech.us
and email still goes to spam in gmail. Do I need to create any sort of "A" record in my blahtech.us DNS like 
A   btserver  192.241.174.155
?

Or maybe I need to just wait a few hours for everything to resolve?
Reply
pablo December 14, 2013
Both.
Reply
dirk2099 December 14, 2013
Email still goes to spam. I am almost ready to give up. Do you have any other suggestions?
Reply
pablo December 15, 2013
Run each of your domains through the Domain Configuration tool and through easySPF: an Ajax enabled SPF Wizard.
Reply
dirk2099 December 16, 2013
Everything passes except the SOA serial number has a warning and the server returned no glue records. The SPF passes So I am at a loss.

I just noticed hotmail flags email from my server as spam as well. This is not good.

I appreciate all the help.
Reply
pablo December 16, 2013
"I just noticed hotmail flags email from my server as spam as well."

From both domains?
Reply
dirk2099 December 16, 2013
Yes both domains.

I also used this service:
www.mail-tester.com

and my domains have a 9/10 score and the only thing wrong is the message is not signed with DKIM.
Reply
dirk2099 December 17, 2013
Actually Hotmail is excepting emails now. It is just Gmail once again.
Reply
kamaln7 MOD December 18, 2013
Check if your IP address is blacklisted: http://mxtoolbox.com/blacklists.aspx
Reply
dirk2099 December 18, 2013
I think I found the problem. A bot was using a old contact form submission script that I had forgotten about years ago on my server to spam the hell out of my gmail account. I never had any bot checks on that script so the bot was able to send over a 100 emails a day to my gmail account. Gmail must of blacked flagged the servers IP from this.

I have removed the script and the spam has stopped.

I am hoping maybe within a few days or so this might clear up the spam flag and if not I may have to change the servers IP and see if that helps.

I appreciate all the help from everyone here. If anything I was able to fix a bunch of other issues with my email server from the help of the people here.

Thank you
Reply
pablo December 18, 2013
You may also want to check out Postfix/DKIM | Ubuntu Docs.
Reply
aheihachi February 13, 2014
50% of digital ocean's AMS datacenter's IP's are blacklisted. That's why your email are going in to a spam folder in gmail.
Reply
  • metaprinter December 7, 2014

    Assuming this is true...

    1. is this something i can control/avoid with proper mail server/DNS/FQDN setup or is it a roll of the dice depending on the IP of my droplet?
    2. Is there a common alternative you could share?
franklynd May 16, 2014
is that true ?
Reply
luissh84 May 19, 2014
I have the same problem, in my mails appears Received: from mydomain.com (mydomain.com[127.0.0.1]), anyone knows how can I resolve it?
Reply
lorenz September 11, 2014
[deleted]
Reply
Have another answer? Share your knowledge.