Major mail providers are sending me to spam

Hey everyone, I’ve setup MiaB a few days ago, the installation went well but Gmail, Yahoo and Microsoft are all sending my emails to the spam folder. But the MiaB status page, mxtoolbox and mail-tester are all telling me that everything is ok, I’m not on any blacklists and DMARC, SPF and DKIM are all properly working. I even used Google’s postmaster to hopefully convince them to allow emails from my domain.

What should I do to make sure that my emails go to inbox? I have tried everything that I can think of.

Time. If it is a brand new domain, sometimes all it takes is time. Also, which TLD is your domain on?

My domain’s TLD is .org.

Is it a newly registered domain?

Yes. It is a newly registered domain.

Give it a couple of days. I had the same problem for a new domain last week. But it’s now working correctly

You can also go to each providers site and verify with them (Google and Microsoft have this at the very least)

I find the same thing especially with Google. Been through EVERYTHING with their engineers to the point where they just say “yes, everything is fine, which is puzzling, but we can’t help you any more because, you know, secrets…”.

The only thing that works is to have my domain added to the whitelist of the Gsuite account if it is a business.

Which version of MIAB are you on? I’m not yet upgraded from v.0.30

Version of MiaB is no issue in this case. My personal experience is that’s G-Suite accounts are correctly receiving mail (.nl) within a couple of days.

In case of a new domain, I add them the postmaster.google.com

1 Like

This problem with Google has been ongoing for over a year. Google can’t tell me what the issue is, but by default, all my email is classified as spam.

postmaster.google.com - how does this help with MAIB domains?

Thank you.

The only thing you can do at postmaster.google.com is to verify your email address with google.

If it will work? I don’t know. I verified all my domains in the last couple of years.

What’s the history of the domain name. I have a user, from which her site was hacked a couple of years ago. It sended lots of abuse mail. It took months before sites as google where accepting her mail as normal.

The other thing, you can do is to change the DMARC Record, to get reporting and a strict acceptance of email from only the hosts with the correct dkim/spf records. I personally have the domain name “doofpot.nl”, for more than 20 years. But with dmarc reporting, i still see sometimes a lot of spams ended trough other hosts.

_dmarc.some_domain.nl descriptive text “v=DMARC1; p=reject; rua=mailto:dmarc@box.my_domain.nl; ruf=mailto:dmarc@box.my_domain.nl; pct=100”

Which says: reject all the mail, not send trough box.my_domain.nl, if possible, give me forensic reports (for all the mail).

(create also an alias for ‘dmarc’:wink:

You 'll receive mails, mostly from google, telling it has accepted or rejected mail.

If google accepts the mail, but it’s locally moved to the spam, it’s up to the recipient users to learn google to accept the mail, by moving out your mail from spam to inbox
(in google meanings: remove label SPAM)

Hi and thanks for the info/suggestions!

Just to show how screwed Google’s spam-filtering is, I see the following a moment ago—Google’s own security advice email classified as spam.

Some might consider this a feature but I would say an email platform’s security advisory emails to be always whitelisted.

Will try the DMARC thing - cheers.

I’m not sure, but is it really needed to verify all the domain names you’re using? Wouldn’t it be enough to verify only the main domain? I mean, no matter how many domains you are using all the mails are sent via the main mailserver domain.

Your question made me look deeper and I believe that the answer is you need to verify ALL domains. From https://support.google.com/mail/answer/6227174?hl=en

What’s an Authentication Domain?

An authentication domain is either the DKIM (d=) or SPF domain (Return-Path domain) that is used to authenticate your email. You can find it in the ‘Authentication Results’ header of an email that has successfully passed authentication (and was delivered to a Gmail mailbox).

For example, in the sample Authentication Results header below, domain.com is the ‘Authentication Domain.’:
Authentication-Results: mx.google.com; spf=pass (google.com: domain of bounce-123@domain.com designates 1.2.3.4 as permitted sender) dkim=pass header.i=@domain.com; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=12345; d=domain.com;

Postmaster Tools uses your authentication domain to uniquely identify your email traffic and provide access to your traffic analytics.

Tip : Authentication domain can be either the domain-name or the sub-domain. If it’s a domain-name, the data will show the traffic aggregated over any and all sub-domains of that domain-name, plus any traffic corresponding to the (exact) domain-name match. You can also independently add multiple sub-domains and view data about each of them separately.

As I do not use gmail at all for email, I cannot verify what the results of the spf pass header are as they are added by Google itself. Perhaps you can test? In my case I can only confirm that the DKIM (d=) is unique to the sending domain. Common sense says that if SPF passes Google’s checks, then no, only the hostname of MiaB needs to be verified … but as I said, I am gmail-phobic so I cannot confirm.

@alento
I’ve said that, because all my mails landed in google’s junk folder, after I added my main server domain, I had no problems with the other one.
But if the right way is to add really all domains, it’s probably better to do so.

I’m not a huge Google fan, too :grin:
But I have an account, which I created after setting up MiaB to test if mail delivery is working properly. I can try to test later, but I’m not sure how to get google’s mails header.

All in all it’s really sad that you still have to put that much effort into whitelisting your pretty well configured mail server at those big players to make sure your mails not land in their customers junk folders.

Yes indeed. I feel that this is nothing more than a marketing ploy by the major players to force smaller providers and self-hosted email providers to give up and move to their service because they don’t block mails from their users of course.

@alento
Thanks for the hint, I sent mails from both domains (but only the mail server domain is verified at Google) and both show the same results - pass: SPF, DKIM, DMARC. I’m not sure, if that’s all what you wanted to know?

True. But to be honest, Google’s solution is not the worst one. At least it’s just an automatic whitelisting that works without any problems (I guess?). There are some other much more difficult solutions from other major players like e.g. Micro$oft where you can only try(!) to reach the same effect.