0

We are running a (webbased) application that is being used by many companies. This application generates large volumes of e-mail, almost all of them have a PDF attachment. These are e-mails the users want and need. We are now sending out around 40k mails per month I believe.

At first we were sending these e-mails from the webserver (Ubuntu 20.0.4 LTS) itself through EXIM/sendmail. This worked fine until after two years of usage the server got on Spamhaus blacklist. I tried to get it unlisted but without any success. The server had rDNS, DKIM, SPF and DMARC correctly configured.

Then I tried sendgrid.com. This did work, but still around 3-5% of e-mails ended up in spam. For this particular application this is not acceptable. After some googling I found out that most services (including Amazon SES) cope with these issues. So I went back to hosting a new e-mail server with Exim and a fresh IP address. Also correctly configured rDNS, DKIM, SPF and DMARC for this new IP. Everything went smooth for two days. After that Spamhaus blocked the new server as well. I have double checked but haven't seen any suspicious activity/emails coming from the application.

I feel that Spamhaus recognizes the e-mail contents and therefore blocks this e-mail. Is that possible? It hasn't been a problem for 2 years, but once it got on Spamhaus now every server that sends it gets blacklisted. Will it be solved by changing the e-mail contents? Maybe change the attachment by adding a link to the text? How can I find out what the problem exactly is? I'm just not sure where to go from here.

Frank
  • 113
  • 1
  • 5
  • What’s the reason Spamhaus gives for blocking it? What have they said when you speak with them? – Ackack Jun 02 '21 at 14:50
  • How can I get more information from them? Their page just says `Your IP address is either exhibiting suspect behavior, is misconfigured, or has a poor sending reputation. As a result, the IP is listed in the CSS Blocklist (CSS)` – Frank Jun 02 '21 at 14:53
  • Review all the emails you are sending and not just the content - all user visible headers and text. As an example I have seen some spammers create fake accounts using a target's email address and put the spam in the TO field so even an email verification message is in effect spam, same with password reset emails. – Brian Jun 02 '21 at 15:04
  • It is impossible, only we can create new accounts. I keep an eye on the logs and see emails going out to @[company-name].com addresses, nothing strange there. – Frank Jun 02 '21 at 18:31
  • 2
    While many people will believe spam is still detected based on magic forbidden phrases, the reality these days is that people are reporting it. You've got to ask yourself the question why does the problem follow you, regardless of the service? Do you give recipients a link for opting out? Have you registered an abuse notification email address with ISPs such as yahoo where you can learn users are clicking on spam icon in yahoo web mail? The abuse notification may illustrate there is an actual spam loophole in your website. Services like Google Postmaster Tools might be a useful dashboard. – labradort Jun 02 '21 at 19:09
  • Thank you for your suggestions. I was thinking about the individual user marking emails as spam as well. It currently is not possible to unsubscribe from the e-mail itself. So that is a good suggestion. I wasn't aware of Google's Postmaster Tools, seems interesting. I just don't think much emails are sent to Google servers, but at least I can give it a shot. – Frank Jun 02 '21 at 20:02
  • Yes, feedback loops are useful to see how many of your emails are marked as spam. Hotmail/Outlook has one too. Unfortunately most users don't see a distinction between spam and unwanted email. Hitting inboxes >95% of the time is increasingly difficult unless you're too big to be blocked. If you're sending out PDF attachments though, do be sure to include sufficient individualized content in the message body, otherwise many automated filters will judge it spammy. – Bart Noordervliet Jun 08 '21 at 22:43

0 Answers0