I can’t repeat it often enough: thx for all your efforts and work, you are doing an amazing job!
For many months I have the problem that mails coming from my Yunohost server are rejected or marked as spam. I have read through all the posts in this forum and hundreds of tips and discussions out there on the internet. I hope you can maybe give me a tip or just tell me to give up
My YunoHost server
Hardware: Hetzner VPS, same IPs for 2 years straight YunoHost version: 11.1.15 (stable) I have access to my server : ssh, webadmin Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no Domain Structure: as DOMAIN.org hosts our public website the main domain is portal.DOMAIN.org (for login, mail etc.)
Description of my issue
All mails sent from our server get rejected by gmail. Others like AOL and Yahoo mark many as spam.
For a while our mail got accepted by Google and marked as spam “only”. Since a few weeks the IP gets fully blocked. The nasty thing: Gmail sends the reject-mail 5 days (!) after the incoming. The code reads as follows:
Diagnostic-Code: smtp; 550-5.7.1 [MY-IP 19] Our system has detected
that this message is 550-5.7.1 likely suspicious due to the very low
reputation of the sending 550-5.7.1 domain. To best protect our users from
spam, the message has been 550-5.7.1 blocked. Please visit 450 4.7.1
https://support.google.com/mail/answer/188131 for more information.
j3-20020adfea43000000b002f6179b6fcdsi9205411wrn.931 - gsmtp
Background:
We as a group use the standard Yunohost Mailserver for mail communication (web interface Rainloop and SMTP); We use mailman for mailing lists and an opt-in newsletter; We are sending and receiving mails for 3 years now, since 2 years with the current IP address.
Technical Details:
DKIM, SPF and DMARC is all set up and working (test below confirm that).
additional DNS settings to the Yunohost suggestion to fulfil Google’s requirements
extra '"google-site-verification=................"'TXT entry (see below)
changed p=none; to p=reject;
defined a ruf= and rua= address to gather dmarc mails
Reverse DNS is set up
checked all blacklists in the world (literally): my IP isn’t on a single one
checked everything I could at Google’s services
verified my domain with a Google key
Google Postmaster doesn’t show any data (they obviously don’t do that if you have less than a few hundred mails per day)
google deleted the form for complaints about blocks → I know other way to contact them
checked if my domain is on “Google Safe Browsing”. All subdomains (including portal.) were green. The main DOMAIN.org is orange and says “Some pages on this website are insecure” → not a single information on why, how, where…
moved my Server to another IP a few days ago with no success (low reputation of course) and got blocked by MS and others as well, so I went back to the old one which still works like before
My emails also are being flagged as spam by Google. Microsoft also does this with selfhosted email. Both flags my emails as spam. If your mails are being flagged as false positives by Google and Microsoft users, your issue will be gone. If your emails are being rejected you can contact your hosting technical support and they will solve this issue. I don’t understand why Microsoft flags legit mails as spam, but phishing are flagged as legit ones. The best we can do is avoid using these email providers when somebody want to send us an email
They use grey listing, black listing, undisclosed mechanisms to degrade self-hostiong intiniatives and yes the goal is to force people to use « cleaning services » like whatever the big company who will read your mail before delivering them. As Cloud-flare is killing the dns, they are killing the decentralized service called mail.
So you can complain, fight, send mail, register your IP to their « anti-spam programs or initiatives » etc and still finish in the spam at the end.
For instance, my domain is hosted at Hetzner® since many years. I’m the only one to send emails since 2001.
Clients I have for many years, hosted at Google® and O365® knowing my mail for all those years have to check their spam box from time to time. Even if I’m in their address books, even if they re-re-re-re-flag me as non-spam … after a while and ramdomly my mails (simple text, no html) are considered evil, bad and stinky by those nice corporations.
Recently it’s Yahoo® who’s choice to check SOA DNS record of (sub)domain −there is no such thing as sub-domain− and simply reject. See a post written a few days ago about it.
Thank you!
So in summary we can say that self-hosted mailing is effectively dead? I mean, one thing is mails marked as spam – bad enough, this can already lead to lost business opportunities and the like. But when providers silently do not accept your mail and send the reject-mail 5 (!!) days later (or not at all), mails can not be used as reliable communication at all…
thx. Sad story is, you don’t see if it’s gmail. We had plenty of cases, where people, even in big companies had a mail address with their own domain directly linked or forwarded to their gmail account → no chance to avoid them…
Am I thinking wrong or would a smtp-relay service like Amazon SES, Sendgrid, SenInBlue or Mailgun solve the problem? Some services offer a few hundred mails per day for free, we don’t send more anyway…
If my server send a mail to your server, both servers will establish an encrypted communication for sending and receiving a mail.
It means that my server and your server will be the only ones to exchange our mails, headers (from, to, cc, bcc, date, subject, etc) and the content if it’s not encrypted (Hello sweet heart… Dear Colleagues… Dear customer…).
May I remind us that those GAFAMetc would prefer all of us to use those kind of services instead of being less bully about our beloved small personal/small companies/organization servers which does NOT sends spams ?
It’s like asking the post with both post-cards (non encrypted GPG or S/MIME mails) and envelopes (encrypted GPG or S/MIME mails) to rent an third party company to clean the mails before delivery.
So… For what reason in the world would allowing a third party to do the same to solve a so called problem created by already dominants companies ?
I absolutely understand you and appreciate your position, but what would be the practical alternative if I, as a small non-profit cooperative, need to reliably send mails to partners who use these mail addresses? I could use a SAS mailing provider, but then I would end up back at your question…
I would never use Amazon for this reason, but thought it would be advantageous to continue using my complex mail structure (logins for various self-hosted services, mailing lists, newsletters, etc.) with the disadvantage of routing everything through e.g. servers from sendgrid (which are at least not GAFAM…)
Your unknown domain is suspicious because it as a low reputation means « We don’t like you because we don’t know you so we consider your mails as spam ». There is another word for that; xenophobia. Whatever…
If you use another « beautiful and know other big company to relay your mails » you will be welcome and your mail would go to Inboxes instead of spam folders because those other big smtp server are known and welcome.
And their business is also related to marketing so… you know… profiling and making money with it it’s a doublé. You have to use them to deliver a mail because they don’t know your domain and they make money by tracking people and selling data about it.
Just do it… and you will be relieved… but for me it’s like taking the Blue Pill and staying in the Matrix.
thx tierce.
Just a small update in case others read that and decide to set up a smtp relay: I did it with Sendgrid. Set up and Installation was quite forward (thx to the Yunohost docu as well), but actually mails still won’t be delivered. The shared-IPs of the sendgrid pool are one multiple blacklists and they have a super low reputation. So for example Gmail just sorts them all into “spam”…
