Mailing List Archive

On Sun, Apr 07, 2024 at 08:40:40PM -0500, Jerry Malcolm wrote:
> The problem is that gmail, in particular continues to insist on
> putting these in spam folders and (theoretically) discarding some
> of them completely.  Some of users swear they never get them and

And did you check that claim? When you send your mails to some newly
created Gmail account, does it end up in Spam folder? And if it does,
what does the text in that grey "Why is this message in spam" box says?

Does it say the same thing for some of your users having problems?
You'll obviously need some way to reproduce the issue and check if it
is fixed, before you can even try fixing it.

Also, did you create account at https://postmaster.google.com/ and
checked what does it say for your domains after a while how they fare?

Also, did you check your mail server logs, are there any temporary
(4xx) or permanent (5xx) rejections of your mail traveling to Google?
And if so, what do they say?

> So... recommendations, please... should I change DoNotReply@.....com to
> something else, and if so, what is the accepted (non-spam-trigger) email

Since your current e-mail adress has a high spam score relevance by
now, trying to continue using it is not going to help... But do make
sure you fix all potential issues (see link below) before changing
it, or you'll implicate yourselves as spammers even more.

> address to use to still get the point across to not send anything to that
> account?

People will still reply to those, there is no fixing humanity, so you
may as well give up on that. I wouldn't worry too much about that;
vast majority of them won't ever read sender e-mail address anyway
before hitting reply.

Your best bet is to configure your ticketing system to accept
messages being sent to that email address, and inject them into
ticketing system if you care about streamlining that.

> Secondly... more generally, any suggestions on how to crack the gmail code
> and make them know we aren't spammers?

Sure. Convince the users (or at least a lots of employees and family
and friends) to register and click on "not spam" every time it goes
into spam and actually read those e-mail and click on links in them.
Just like people would do if they were interested in those mails.

That will give feedback to train Google. It will still likely take
weeks/months of doing that before the reputation starts to change,
and that is assuming number of people doing that is significant,
and they do not look like sockpuppets.

Also, did you read https://support.google.com/a/answer/81126 ?

(Yes, there is quite a LOT of things to do, but you do need to do it
all if you want Google to recieve your messages)

Also, note that Google *likes* their e-mail user share (although not
yet monopoly), and would like nothing more than to silo it completely.
Luckily market still does not allow them to do that quite yet.

Note that it also means that Google is unlikely to want your
independent e-mail server easily communicating with their userbase.

In fact, they'll love to make it annoying enough for you to give up
and move your e-mail over to their paid service, but are still
somewhat afraid of government-level antitrust sanctions, so much to
their chargrin they can't make it _too_ annoying and thus too
obvious... Yet.

--
Opinions above are GNU-copylefted.

Below is my opinion, it's worth everything you paid for it. But I do
suggest you read it and think about it for a few minutes.

On 4/7/24 20:40, Jerry Malcolm wrote:
> I send the validation email from DoNotReply@xyz.com.

I absolutely hate the do not reply type email addresses as you're trying
to use them. Not because I get annoyed at people replying -- and people
will reply -- but because I think that doing such is a wasted opportunity.

I think you should send with an SMTP envelope that uses some form of
VERP to be able to correlate inbound messages with the original outbound
recipient address.

I think that you should send using a friendly From: header address.

I think that you should embrace user+detail in the From: header so that
you can do similar correlation of inbound messages with the original
outbound recipient address.

I think that you should leverage the Reply-To: header to try to steer
replies somewhere useful, like the ticketing system.

I think the ticketing system should be aware of the U+D data and use
that to prime the association of the inbound message with a client ID /
account number / etc.

> We have a ticket reporting system and seriously want to discourage
> users from sending in problem reports by email.

Does your ticketing system have a way to generate tickets from email? I
assume that it does. I strongly suggest that you leverage it and cause
the emails that people will send to be routed to the ticketing system.

> DoNotReply is actually a legit inbox, and I monitor it to catch
> users that haven't yet mastered the art of reading.

The universe is winning. The universe will always win. No matter how
smart we make the mouse trap, there will always be mice that avoid it /
get out of it / break it / etc.

> I want to keep that DoNotReply email address to tell the
> user.... "don't send an email to this address"

That's a never ending battle. Stop fighting a battle that you can not win.

Pull a Kobayashi Maru and make what people naturally want to do work for
you.

> But I have a co-worker that is convinced that "DoNotReply@xyz.com"
> is a trigger for gmail's spam filters and all spam filters will score
> the email higher as spam due simply to that word in the email address.
> I'm not convinced.

I don't know about Google, but I perceive do not reply types of email
addresses as a broadcast only sender and I have poor opinions of them.

On the flip side, I have high opinions of senders that can take my input
any way that is convenient for me, even if that's replying or sending a
new email to an address I just received a message from.

> I do not want to change it to something else that will encourage users
> to start inundating us with questions/problems by email instead of
> using our established ticket system..

Why can't the email address be a gateway into the ticketing system?

Let users do what they want to do and comes naturally to them while it
also does what you want by routing messages to the ticketing system.

> But I also don't want to be shooting myself in the foot with spam
> filters by using that name if it's indeed a trigger word.

I have no first hand experience there because I always try to use system
generated emails as a way to steer inbound messages like I've described
here. I'd suggest sending from an address that accurately describes
what the messages are; password-reset@, automated-bill-reminder@, what
have you. Don't hide. Be clear about what you are doing and why you
are doing it.

As for the HTML email, please make sure that you are sending a
comparable text/plain MIME part and not just text/html.

Don't encode / obfuscate anything that doesn't have a specific need to
do so. If there is a need, seriously consider if you can change that
need. This goes for being both transparent and clear on what you are
doing and why you are doing it.



--
Grant. . . .

On Monday 08 April 2024 at 05:15:58, Grant Taylor via users wrote:

> Below is my opinion, it's worth everything you paid for it. But I do
> suggest you read it and think about it for a few minutes.

For what it's worth, I thoroughly agree with these opinions.

- don't alienate people by sending from a DoNotReply address - it's rude

- maximise the efficiency of your ticketing system by making it work for people
who like browsers and also for people who like email

- never send out HTML-only emails - always include a plaintext equivalent

- make your systems transparent so that people feel they understand what's
happening and when at different stages in the process - don't create a
"corporate black box" which customers can't understand


Antony.

--
"Life is just a lot better if you feel you're having 10 [small] wins a day
rather than a [big] win every 10 years or so."

- Chris Hadfield, former skiing (and ski racing) instructor

Please reply to the list;
please *don't* CC me.

On 4/8/24 5:44?AM, Antony Stone wrote:
> - make your systems transparent so that people feel they understand
> what's happening and when at different stages in the process - don't
> create a "corporate black box" which customers can't understand

I'll add to this and say that URLs that include things like email
addresses for things like unsubscribe forms are okay. Make these things
obvious and transparent. If at all possible, avoid any obfuscated
parameters. If you do need something like a checksum or signature or
validation token (think message authentication code), make it as short
and as clear as possible. E.g.


https://contact.example.com/email-preferences.html?email=user@example.net&action=unsubscribe&checksum=abc123



--
Grant. . . .
unix || die

GMail just... sucks. I have an email server in EC2 that also passes all
tests, but they insist on dumping our emails into users' spam folders.
Good luck trying to get anyone at GMail to actually do their jobs and
change whatever is causing them to mark your emails as spam. In my case,
they are not coming from donotreply@, so I don't think that address does
anything towards marking your mail as spam.

Thomas

On 4/7/24 20:40, Jerry Malcolm wrote:
> Slightly off-topic from SpamAssassin specifically.  But I have a
> question about certain email addresses triggering spam filter scores.  I
> know anybody can create any rule they want to.  I just want to
> understand best practices and recommendations.
>
> I work for a medium size but growing company that needs to have user
> accounts verified.  Same process a billion other sites use. I send an
> email with a link.  The user clicks the link, and voila...validated. The
> problem is that gmail, in particular continues to insist on putting
> these in spam folders and (theoretically) discarding some of them
> completely.  Some of users swear they never get them and then go on
> social media, etc disparaging our company.  You know the drill.  Some
> end up with a typo in their email address, and some finally figure out
> they have a spam folder.  But this is big problem that it's not showing
> up in everyone's inbox.
>
> I have validated my outbound emails with mail-tester.com and get a 10/10
> perfect score.  So SPF, DKIM, DMARC, everything is correct.
>
> Now here's my question (at least one of them)... I send the validation
> email from DoNotReply@xyz.com.  We have a ticket reporting system and
> seriously want to discourage users from sending in problem reports by
> email.  DoNotReply is actually a legit inbox, and I monitor it to catch
> users that haven't yet mastered the art of reading.  I want to keep that
> DoNotReply email address to tell the user.... "don't send an email to
> this address"  But I have a co-worker that is convinced that
> "DoNotReply@xyz.com" is a trigger for gmail's spam filters and all spam
> filters will score the email higher as spam due simply to that word in
> the email address.  I'm not convinced.  I do not want to change it to
> something else that will encourage users to start inundating us with
> questions/problems by email instead of using our established ticket
> system.. But I also don't want to be shooting myself in the foot with
> spam filters by using that name if it's indeed a trigger word.
>
> So... recommendations, please... should I change DoNotReply@.....com to
> something else, and if so, what is the accepted (non-spam-trigger) email
> address to use to still get the point across to not send anything to
> that account?
>
> Secondly... more generally, any suggestions on how to crack the gmail
> code and make them know we aren't spammers?
>
> BTW.... we are generating these emails from an AWS EC2 server and using
> AWS's SES SMTP server for outbound.  The emails are html and have a
> little bit of border, font, and embedded logo.  Content is a Click here
> to validate your account and an https link, followed by a thank you.  I
> can remove the letterhead and footer, but then I'm worried about get a
> "not enough content with a link" rule triggered.  Help!
>
> Thanks,
>
> Jerry
>

On 08/04/2024 11:40, Jerry Malcolm wrote:

> Now here's my question (at least one of them)... I send the validation
> email from DoNotReply
>
> So... recommendations, please... should I change DoNotReply@.....com to
> something else, and if so, what is

Typically, noreply@... is used

Have you tried using that sender from a non AWS host, even for just a
test?

My bet is, it's scoring higher because of AWS, who are abused often by
spammers and scammers.

> server and using AWS's SES SMTP server for outbound. The

and therein probably lies the answer.

--
Regards,
Noel Butler

On 2024-04-07 at 21:40:40 UTC-0400 (Sun, 7 Apr 2024 20:40:40 -0500)
Jerry Malcolm <techstuff@malcolms.com>
is rumored to have said:

> But I have a co-worker that is convinced that "DoNotReply@xyz.com" is
> a trigger for gmail's spam filters and all spam filters will score the
> email higher as spam due simply to that word in the email address. 

1. "All spam filters" isn't a useful phrase. Nothing is true of all spam
filters.

2. Google's filters are, beyond their documented rules, entirely opaque.
Anyone who claims to know anything about how they work internally is not
to be trusted. I seem to recall someone who maintains GMail filtering
(Brandon Long) saying as much in the MailOps list.

3. I just sent myself a message from DoNotReply@billmail.scconsult.com
(a never-before-seen bogus address) via my personal mail server to one
of my GMail accounts and it delivered into the Inbox. So your cow-orker
is simply wrong.

Obviously, you need to follow all of Google's well-publicized
recommendations for volume senders if you want to stand any chance of
getting messages into INBOX instead of Spam. Other tricks that *SEEM TO
ME* to help is to send simple text messages instead of complex
multipart/alternative messages with HTML or (WORSE) pure HMTL. Modern
MUAs recognize URLs in plaintext and for basic confirmations like this,
you should keep the message as simple, clear, and unadorned as possible.


--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire