Bypass Gmail's spam filter (mails sent with PHP from a shared host)

php email spam swiftmailer spam-prevention
15,994

Solution 1

Solution: Use Mailgun (not tested) or Sendgrid (tested and works wonders!). There is a price-difference between the two, - but in short: Mailgun is good if you're small; Sendgrid is good if you're big.

Either that, - or send mails using MailChimps API or something. It's can't be fixed on shared hosts (most likely). The reason is below.

Explanation: I've later learned more about how shared hosts work. Imagine that several different sites are located on the same server (such as domain-1.org, domain-2.org and domain-3.org). That means that if domain-3.org sends a bunch of crap-emails, then Gmail (and other spam-filters) mark that IP-address as spam. So if domain-2.org then send out stuff, then that'll (probably) come from the some IP-address and therefore end up in spam. Shared hosts can't really do anything about it (and don't care, since so few people have this problem). And that is why it's so cheap.

Sendgrid and Mailguns IP-addresses are marked as 'fine' by all the spam-filters, and that's the service that you're paying for with them. They keep it that way, by monitoring how many emails you send out are being marked as 'spam'. If it's something like 5%-10% or something crazy low, then Sendgrid/Mailgun will block your account until you fix it (going through a long process, where you have to contact their customer service and do 1.000 hail-Mary's and all kinds of wierd stuff).

I heard that if you get your own server (which is way more expensive), and set up your own mail-server, then you have to be really careful, not to be marked as spam. Cause spam-filter are really tough nowadays...

Solution 2

1) Normally an email address won't go easily into a blacklist, it takes time and/or a lot of people to tag you as spammer to actually get that address into a blacklist.

2) Yes. A whole domain name can be blacklisted, because spammers normally generate random email addresses like [email protected].

3) It doesn't matter how many times it went to the spambox, basically, the spam filters nowadays are strong, because spammers try to improve their ways to get around day by day, so the filters gets more strict every day. If it goes into spam folder first time, and the user didn't actually put it into the spam box, it will continue going unless users unmark it, or you fix the troubles.

How to avoid spambox?

Basically you need some signatures, and a lot of access to your DNS records, because there is where we are going to do most of the setups.

  • Reverse DNS Lookup: On dedicated servers or even on some VPS you are able to set up a reverse dns record, sometimes you just open a ticket and the IT's set it up for you. If you can't have it, change your hosting or keep being tagged as spammer xD. This is to preven header forgeries, as you could set on your headers that your email comes from gmail.com but it doesn't this is the way the email servers check it.

  • SPF is a must have as well, if you can't set a SPF then don't even try any further, consider changing your hosting, and you can almost stop reading by here xD.

  • DKIM/Domain Key: preferably DKIM, is a encrypted signature, you set the public key on the DNS, and store a private key in your email server, when a server receives an email, it has the private key attached in the headers (you need a mailserver software which manages DKIM, for windows for example it worked for me hmailserver) and the mail service (gmail for example) will check your dns record to see if the public key matches. This is almost a must have as well

Those three were the basics, if you Set up DMARC and ADSP it will get you better score for the SpamAssassins. To get a even better score search for some spam keywords lists on google and try to avoid them, some stuff like starting an email with "Dear xxx" are harmful for your score, Set up the unsuscribe system(even if it's crappy, as long as you provide a clear link) will help you a bit as well.

Also:

  • Avoid sloppy html and white text over (any) backgrounds, some spammers use it to fit in hidden text, those filters are smarter than you think.

  • Read the specific recommendations. Most email services have a FAQ or something in their website with some tips to help you sending emails and not going into the junk. on Some of them you can even apply for getting into a white list ( at least some years ago, on some services like gmail they don't do it anymore)

  • If you are sending in bulk, watch the time! If you have X emails per second sent into somewhere, you are likely to get into blacklist, set up a script or something to get a 1sec delay or so, the delay might depend on the destinatary to get into the blacklist or not.

Hope those tips help you, I had to deal with some spam filters recently and it's a pain in the ass, that's why I know all that info, that's all my research xD Even after all the signatures and things I have set up, some of the emails are still going into spambox(a smaller percentage but it still hurts me) The only reliable way is to get the users adding you to the contacts list (while having the signatures and headers correctly), so remind them to do so if possible.

Solution 3

One thing to bear in mind, I had trouble with emails being blocked by Gmail and Yahoo! mail from php because the Return-Path header didn't match the from. On a lot of servers if you explicitly set the Return-Path in the headers PHP Mail will ignore that and set the return path to the machine name. You have to force it in the 'additional parameters' section of the mail function using the '-f' flag. Now I've never used Swift Mailer so I don't know the equivalent to PHP's native mail() function, but here's what it would look like using mail();

mail($to,$subject,$message,$headers,'-f [email protected]')

If you can find out the equivalent to this in swift mailer it might solve your problem.

Edit:

It looks like you're not actually setting the Return-Path at all. I know GMail really doesn't like that to be left out. Try setting it explicitly to your Swift_Mailer message (and make sure it matches your From):

$message->setReturnPath('[email protected]');
Share:
15,994
Zeth
Author by

Zeth

Web developer. Making websites in primarily WordPress and Vue.

Updated on June 14, 2022

Comments

  • Zeth
    Zeth almost 2 years

    TL;DR: Mails sent from shared hosting (such as a cheap domain from Unoeuro or One.com) end up in spam. How to fix?

    I made a mail-system, that first generated a PDF-file (using FPDF), whereafter it sent the PDF-file as an attachment with PHP's Swiftmailer. This email was sent out to 130 people (as a 'one-of' invoice). But it landed in the spam-filter for almost everybody. I tried adjusting SwiftMailers header-settings, but without any luck. Even mails that I haven't sent to before (thoroughly tested). This was my initial setup:

    function sendMailEt($toEmail, $toName, $invoiceNumber){

require_once('includes/lib/swift_required.php');

$transport = Swift_SmtpTransport::newInstance('mailout.one.com', 25)
  ->setUsername('[email protected]')
  ->setPassword('THE-PASSWORD')
  ;    

$mailer = Swift_Mailer::newInstance($transport);

$message = Swift_Message::newInstance('FROM COMPANY')
      ->setSubject('Thanks for signing up - COMPANY')
  ->setFrom(array('[email protected]' => 'Company name'))
  ->setTo(array($toEmail => $toName))
      ->setBody('A brief body, that explains that this is an invoice and that it has to be paid within 5 days. (written in danish)')
      ->addPart('A brief body, that explains that this is an invoice and that it has to be paid within 5 days. (written in danish)', 'text/html')

   ->attach(Swift_Attachment::fromPath('/URL-TO-THE-PDF-FILE.pdf'))
  ;

$result = $mailer->send($message);
}

    I also tried sending out the emails with PHP's native mail()-function, and then simply link to the invoice ( http://www.company-domain-name.dk/invoice/base64_encoded-name.pdf )... Same result (spam).

    I tried writing the entire header myself. I've read a numerous amount of forums about what headers should include, but they all wrote different things. So I tried a few different things (both emails I had sent to previously and emails I hadn't)... Same result (spam).

    Then I tried writing the header exactly as MailChimps does, in their header. That led me to this:

     $headers = "Reply-To: Company name <[email protected]>\r\n"; 
 $headers .= "Return-Path: Company name <[email protected]>\r\n"; 
 $headers .= "From: Message from Company name <[email protected]>\r\n"; 
 $headers .= "MIME-Version: 1.0\r\n";
 $headers .= "Sender: Message from Company name <[email protected]>\r\n";
 $headers .= "Content-type: text/plain; charset=\"utf-8\"; \r\n";
 $headers .= "X-Mailer: PHP". phpversion() ."\r\n";

    And then I send the mail like this:

    mail($toName . '<'.$toEmail.'>', utf8_decode('Faktura på depositumet'), utf8_decode($someMessage), $headers);

    ... Same result (spam).

    The webspace is with One.com, so I can't use PHPmailer (since that has to be installed, and that can't be done on one.com's servers). And I can't define a SPF with One.com.

    All I want, is to be able to send emails that doesn't go to spam.

    Here are my questions:

    1. Is it because my header is off, or is it something 'deeper down'?

    2. Does the Gmail-spam filter ban single email accounts (such as [email protected]) or does it ban entire domains (such as @example.com)?

    3. Can one get a blacklisted email whitelisted somehow?

    * Addition 1 *

    Ok... I have now tried a number of things:

    • I tried adding LoneWolfPR's returnpath, like recommended, and it didn't help.
    • I contacted One.com (the hosting company), and confirmed with them, that it isn't possible to set a SPF-record or a DKIM-record. It still isn't.
    • I considered setting up an 'unsubscribe'-link, with a link to a website with a form, but I didn't believe that approach. I mean - invoices are sent all the time, with e-mails. And why should you be able to unsubscribe an invoice?! Since that made so far from sense in my head, then I only tried it for about 20 minutes (obviously, without results).

    Here is my current email header (gotten from Gmail, by clicking the 'View original'):

    Delivered-To: [email protected]
Received: by 10.76.75.104 with SMTP id b8csp48728oaw;
        Sat, 16 Mar 2013 17:32:56 -0700 (PDT)
X-Received: by 10.152.116.45 with SMTP id jt13mr7897860lab.0.1363480376067;
        Sat, 16 Mar 2013 17:32:56 -0700 (PDT)
Return-Path: <[email protected]>
Received: from mail-out2.b-one.net (mail-out2.one.com. [91.198.169.19])
        by mx.google.com with ESMTP id p10si4637427lbb.120.2013.03.16.17.32.55;
        Sat, 16 Mar 2013 17:32:55 -0700 (PDT)
Received-SPF: neutral (google.com: 91.198.169.19 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=91.198.169.19;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 91.198.169.19 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Date: Sat, 16 Mar 2013 17:32:55 -0700 (PDT)
Message-Id: <[email protected]>
Received: from localhost.localdomain (srv18.one.com [193.202.110.18])
    by mail-out2.b-one.net (Postfix) with ESMTP id F3D0B10365
    for <[email protected]>; Sun, 17 Mar 2013 01:32:53 +0100 (CET)
Received: from 85.218.159.219 by www.DOMAIN-NAME.dk via URL_TO_THE_SCRIPT.php with HTTP; Sun, 17 Mar 2013 00:32:53 +0000
To: RECIEVERS_NAME <[email protected]>
Subject: EMAIL-SUBJECT
X-PHP-Originating-Script: 87486:NAME-OF-THE-SCRIPT-THE-E-MAIL-WAS-SENT-FROM.php
Reply-To: COMPANY NAME <[email protected]>
From: Besked fra COMPANY NAME <[email protected]>
MIME-Version: 1.0
Sender: Besked fra COMPANY NAME <[email protected]>
Content-type: text/plain; charset="utf-8"; 
X-Mailer: PHP5.3.21
  • Moshe Katz
    Moshe Katz about 11 years
    Note that you should use this -f ... even if you set the Return-Path header manually, because sendmail (called by the mail() function) may strip the header and/or replace it with a different one. Just make sure that both places where you specified the Return-Path are the same.
  • Eric Jones
    Eric Jones about 11 years
    I left the spam folder reminders in my code in case it ever did get flagged. But so far it does not get flagged as spam. Hope this can help you.
  • Zeth
    Zeth about 11 years
    Hmm... Tried it, and it didn't work. I updated the Question a bit, where I included my whole header. Thanks for the suggestion, though.
  • Zeth
    Zeth about 11 years
    Hmm... My question was, if I could send mails from One.com's domain, where it itsn't possible to change the SPF-record or the DKIM-record. So what you're saying is, that it isn't possible, since I can't change the SPF-record or the DKIM-record? If not, then what do you suggest? Move to a whole new webspace because of this tiny issue (that has turned huge)? <br /> I added what my header looks like now. It says something with SPF-neutral, or something like that, but I don't have a clue if it means that it's set or not (or approved or not).
  • Zeth
    Zeth about 11 years
    Hi Eric. Thanks for the suggestion. The e-mail I'm sending from is created in One.com's controlepanel, so it's not that. <br /> I tried copy/pasting your script into my file, and manually insert the right values. I put it all in a JSfiddle, so you could see the script and what it outputted (spoiler-alert), but it still lands in spam - sorry ( jsfiddle.net/F4Lwr ). Thanks for the suggestion though (and the all-caps are not to be rude, but it's just to make it clear, what's in the file and what's not).
  • aleation
    aleation about 11 years
    Yes, it means that you would have to change the domain's service and/or the web hosting. The email spamming isn't a that small issue if you are facing a lot of users that are not from a known network. The neutral SPF-record means that the server detects that you have spf-record set, but it doesn't match or have all the information needed, so think of as it's not set correctly. And yes, it sucks that nowadays you need so complex setups for such basic things as emails, all because of spammers...
  • LoneWolfPR
    LoneWolfPR about 11 years
    Sorry man. I'm not sure why you'd be getting spammed unless you have a high image/text ratio or you've been blacklisted at some point. It could be worth getting a tool that checks your automated emails against various spam filters.
  • Zeth
    Zeth about 11 years
    Damnit... But thanks. I'll consider what other options I have, before I'll do that. That is quite a lot of work, for something so simple...
  • ywarnier
    ywarnier almost 4 years
    Just to comment that ADSP doesn't seem to be recommended anymore, as per its Wikipedia page en.wikipedia.org/wiki/Author_Domain_Signing_Practices The term caught my attention because I didn't know about it. I find the rest of your answer great, though (even 7 years later)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

how to avoid email header Received: from unknown and email going to spam
Swiftmailer config : send mail using gmail
Fatal error when trying to send email using SwiftMailer and Sendgrid
PHP - Send email from other domain without being spam!
Sending email to multiple Recipients with swiftmailer
When using Gmail for SMTP, can you set a different "from" address?
Swift_TransportException·Connection could not be established with host smtp.sendgrid.net [Connection timed out #110]
sending mail with php & escaping hotmails junk folder
How to attach PDF to email using Swiftmailer in Symfony2
Gmail is marking my emails as SPAM - Please help