I'm working on a PHP application. Swift Mailer is used to send messages to clients. Messages are personal (like appointment confirmations with specific dates/times for the receiver), so we're not talking about newsletters/marketing. Because multiple companies will use the application, the Sender:
and Return-Path:
header contain an address from the application's domain, and the From:
and Reply-To:
headers contain an address from the company that's actually using the application.
The problem is that Gmail marks the messages as spam because they "similar to messages that have been detected by our spam filters".
I feel like I've tried everything:
- SPF is set up correctly.
- DKIM is set up correctly (2048-bit).
- PTR record exists for sending SMTP server.
- The HTML is clean and does not contain images/styling.
- The plain text version is 99% the same as the HTML version.
Furthermore I've checked the following things:
- SpamAssassin rates the message as excellent.
- The IP from the SMTP server is not blacklisted anywhere.
- The IP from the SMTP server is even whitelisted on some places, according to our ISP.
- The messages we normally send are in Dutch. As a test I translated a message to English. That version was marked as spam as well.
Especially the last point makes me doubt whether the (content of the) message is really "similar to messages that have been detected by our spam filters", or that there's some other cause.
One relevant thing might be that we also use Google Apps on this domain. It's configured for incoming mail. The messages from our application are sent by our own SMTP server, but I believe that shouldn't be a problem (because it's set up right in the SPF record).
Does anyone have an idea what to do/try? I've been searching online for a while now, but I really can't get any further anymore.
Added:
Gmail clearly accepts the SPF/DKIM config, but still treats the messages as spam:
Received-SPF: pass (google.com: domain of [APPS-EMAIL] designates [IP] as permitted sender) client-ip=[IP];
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [APPS-EMAIL] designates [IP] as permitted sender) smtp.mail=[APPS-EMAIL];
dkim=pass header.i=@[APPS-DOMAIN]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=[APPS-DOMAIN]; s=x;
h=Content-Type:MIME-Version:To:From:Subject:Date:Message-ID; bh=[CUT];
b=[CUT]
And the Port25 authentication verifier service is happy as well:
==========================================================
Summary of Results
==========================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham