Some emails going to spam
-
Hi Cloudron Forum!
We have 3 websites hosted on Cloudron, I'll detail some email scenarios where we'd appreciate some advice / guidance from those of you who have been there already.
domain1
Manual DNS setup in Cloudron, but in Email | Status tab all is green (MX / DKIM / SPF / DMARC / PTR / outbound SMTP direct / IP address not on a blocklist)
Email relay on Outbound tab is via Built-in SMTP server
When emailing an Office 365 / Exchange Online mailbox our emails get delivered to Junk Mail; analysing the email header there is only 1 issue: DKIM Authenticated (this according to mxtoolbox); namely, from the mxtoolbox report:dkim:domain1:cloudron-<domain1_domainkey>
DKIM public record (in green)
v=DKIM1; t=s; p=MIG...<long alphanumeric string>
DKIM signature (in red)
v=1; a=rsa-sha256; c=relaxed/simple; d=domain1; s=cloudron-<domain1_domainkey>; h=from:subject:date:message-id:to:mime-version; bh=<some body hash string>=; b=<some other long alphanumeric string>=
PS: The failed test is "DKIM Signature Body Hash Verified" and the result is "Body Hash Did Not Verify".Why would the DKIM Authenticated element be flagged as an error? Our DKIM record is correct, so the DKIM email signature should be derived from it without any issues; the email in question is DMARC Compliant, but still it ends up in Junk on O365.
As an aside, I must note the email was sent with rich text formatting; if the email is sent to Hotmail in plain text, the email headers check out perfectly, green all round, yet the outcome is the same, still gets labelled as spam. Now, why would plain text or rich text have any bearing on the DKIM Authenticated element passing or failing as far as mxtoolbox analyse headers is concerned, to me this makes no sense at all. But it does seem to suggest the outcome is driven by something else, not just the technical setup per se.
If from Roundcube webmail we email any icloud.com address we get this bounceback message:
Final-Recipient: rfc822;<name>@icloud.com
Action: failed
Status: 5.7.0
Remote-MTA: mx02.mail.icloud.com
Diagnostic-Code: smtp;554 5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup.cgi?ip=<our IP address>So whilst Cloudron says our IP address is not on a blocklist, icloud.com must have us blocked, right? Is O365 blocking us as well?
Let me link the 2 scenarios together with a surprising outcome; we have a free Mailchimp account for domain1 (we email our paying members), where domain1 is verified and authenticated as an email domain. From there we can send to icloud.com just fine (likely because Mailchimp is the sender on our behalf, so emails don't go out from our IP address) and we can deliver emails to O365 Inboxes too (the surprising element being that if you analyse the O365 email headers it's a Christmas tree of red lights: DMARC fail, SPF fail, DKIM fail, yet it gets to Inbox?!). What's the moral of this story? Mailchimp good, our Roundcube webmail bad? I'm specifically interested in deliverability to O365 and other enterprise grade email systems. Our emails get to Junk in Hotmail too, regardless of plain text or rich text, which is what makes me think that sender reputation or being blocked are just as, if not more important than our technical setup being correct, which it is.
Finally, on domain3, same setup as domain1 with the exception of a GoDaddy automatic Domain / DNS setup in Cloudron, we get pretty much the same issues, outgoing emails go to Junk. The plain text "trick" when emailing O365 does not yield a perfectly clean mxtoolbox email headers analysis, but then it seems this is not enough any way for a successful Inbox delivery. We have tried to relay through a free Mailjet account on domain3, but this was a waste of time as ultimately we discovered that the underlying Mailjet mail server was blacklisted on 2-3 sites hence the waste of time.
So, how can we send legitimate emails out successfully from Cloudron and have them reach recipients' Inboxes? We are not spammers, nor are we selling anything, so I'm keen to cover all the bases and tick all the boxes. The emails we want to send are directed at specific people to raise awareness of various topics (one email and that's it, pretty much); they engage with us, fine, they don't, fine again, bu I mention this because we can't use Mailchimp as the T's and C's of that platform (as well as others presumably) are that you can only email subscribers (and our intended audience are not subscribers, but one off / hand picked people) or else you fall fault of spam rules and legislation, hence why we are staying clear of that.
Are there other free mail relay services which can be relied upon? Or does one need to get a paid service for that level of service and end result, i.e. Inbox deliverability? At the moment, given the hit and miss results and baffling analysis of email headers, I must say I'm not really sure.
Thank you for reading and thank you in advance for any ideas / advice you have; hopefully this post proves helpful to others as well.
THI Staff
-
It seems we found a way forward, using a different mail relay provider; fundamentally the process is the same, but if there is a difference in the technical implementation then it is the fact this new provider requires CNAME records to be created instead of TXT records for SPF and DKIM as was the case for MailJet; and the emails land in the inbox now. Moral of the story perhaps being that if you fail once, get up and try again.
-
-
-
While not free, a fairly amazing alternative for transactional email relay is Postmark. Can highly recommend.
-
I third this. One of the other benefits of Postmark is being able to make sure that an outbound email is delivered. For some recipients, you will even see an "Open". This is not always reliable as O365 and some systems that "jail" the opening of email for security analysis may report an odd location (not one expected for the recipient). Another option is to extend the length that the log is retained. IMHO, worth the extra $5 per month.
-
FLOSS & self-hostable -> https://github.com/postalserver/postal AND you learn a lot about mail delivery
-
@girish @ekevu123 @crazybrad Thank you for that; Postmark was next on our list to try; in fact I did save a link to some of their documentation which was so detailed that it looked well worth referencing at a later stage.
@crazybrad What about the DMARC Monitoring optional add-on (starting at $10/month per domain, is that worth getting as well?
@luckow We'll have a look, thank you; may need some good research on github, but learning a lot about mail delivery certainly sounds helpful; we did briefly consider building our own email server; I did find a very good link / article on setting up such an email server on a non-Windows server, starting from some Cloudron forum searches, but sadly I did not save that link; it did start with explaining many basics and advanced concepts about mail delivery before going into the email server setup; I didn't think we'd ever need to consider that.
-
@luckow Thinking about it, maybe it was Postal that I came across before and didn't save that webpage; it certainly wasn't on postalserver.io, the webpage had a different design and look and feel, but the content and complexity of the technical setup seems pretty similar; thank you again.
-
@THI_Staff Apologies for a late response on this. I haven't used this yet. I was grandfathered on some free monitoring elsewhere. That being said, some of the delivery reports tell you servers that attempted to send email on your behalf. That has helped me resolve some delivery issues where others were sending legitimate emails, but using one of our email addresses instead of theirs. That tripped a DMARC fail. I would start their service without and then see if you want more.