9

Google's gmail has recently started marking all mail from domain example.com (real domain name is hidden) as spam, with grey-box explanation of:

"Why is this message in spam? Lots of messages from example.com were identified as spam in the past."

also, messages to domains whose email is hosted on Google (AKA "G Suite"?) are generation bounces from mailer-daemon@googlemail.com in the form of:

** Message not delivered **

There was a problem delivering your message to hidden@someothercompany.org. See the technical details below.

Learn more here: https://support.google.com/a/answer/168383

The response was:

Your email to group hidden@someothercompany.org was rejected due to spam classification.

The owner of the group can choose to enable message moderation instead of bouncing these emails.

More information can be found here: https://support.google.com/a/answer/168383.

Good facts are:

  • domain example.com does publish SPF, DKIM and DMARC records, and has valid FcRDNS

  • domain example.com gets score 10/10 on https://www.mail-tester.com/ and PASS on DKIM, SPF, DMARC on https://www.port25.com/authentication-checker/ too

  • bounce messages from mailer-daemon@googlemail.com also indicate SPF, DKIM and DMARC test are passed OK:

  • all of the email for domain example.com always originate from same SMTP server on IP X.X.X.X (which is correctly indicated in SPF record)

Received-SPF: pass (google.com: domain of user@example.com designates X.X.X.X as permitted sender) client-ip=X.X.X.X;

Authentication-Results: mx.google.com; dkim=pass header.i=@example.com header.s=default header.b=eeWEtVgZ; spf=pass (google.com: domain of user@example.com designates X.X.X.X as permitted sender) smtp.mailfrom=user@example.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=example.com

  • outgoing SMTP traffic from X.X.X.X to google SMTP servers is TLS-encrypted (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256)

  • domain example.com and its SMTP server IPv4 address X.X.X.X are NOT on any of http://multirbl.valli.org RBL lists

  • E-mail abuse@example.com promptly deals with any problem, is on several FBL notification lists, and has not received any spam complaints in months.

  • domain example.com does not send any mass-mailings, and number of it's originated e-mails are quite low (few dozens emails per day at the most)

  • https://postmaster.google.com for domain example.com indicate User-reported spam rate of 0, no IP reputation, Authenticated traffic of 100% for SPF and DKIM success rate (but jumping from 0-100% for DMARC - for unknown reasons as that is static DNS record as are SPF/DKIM ones), 100% Inbound TLS Encryption rate, 0 delivery errors

  • other domains which share same SMTP server with IP X.X.X.X (and thus have same SPF, but different DKIM records) are unaffected by the issue, and can send mail normally to gmail.com users, without it being identified as a spam.

  • non-google based emails do not seem to have a problem with example.com emails

BAD facts are:

  • https://postmaster.google.com for domain example.com unfortunately also indicate "Domain reputation: Bad" (which is the worst on shown scale Bad, Low, Medium, High)

  • what seems to have caused a problem is that some of the users on example.com have set up their e-mail forwards from example.com mailboxes to their gmail.com private addresses. And as example.com domain does indeed receive a fair amount of spam (in the order of few hundred per day), all that has been forwarded for months to gmail (with envelope-from of example.com), which is probably what nuked the domain reputation to "bad" level.

  • the "forwarding spam to gmail" issue has been dealt with several days ago; and we have already asked several of gmail.com users to find e-mails in Spam folder and click on "Not spam" button and add senders to addressbook, but while that fixes the specific mail for specific gmail user, all mail from example.com to all other gmail users still continues to end up in spam folder with explanation that "Lots of messages from example.com were identified as spam in the past"

Question: what else can be done to improve e-mail domain reputation on google, so email will stop ending up in Spam folder because "lots of messages were identified as spam in the past"? Will just waiting cure the problem (and if so, any estimates how long before it gets better - especially if you've been in similar situation)? Any other hints what to try?

Matija Nalis
  • 2,409
  • 23
  • 37

1 Answers1

2

This is a most complex problem in many situations.

First of all, you must make sure that everything in your network is not full of viruses, trojans or anything else that may send spam.

After that, consolidate the e-mail part.

Google can use reputation assessment from public blacklists like

pbl.spamhaus.org,sbl.spamhaus.org, xbl.spamhaus.org, cbl.abuseat.org .

Checking your e-mail status on them is a very good 1st step in improving your situation. Sites like cbl provide all necessary tools for you to determine where your problem comes from, so problems should be easier to trace and fix. They also provide ways to de-list from various databases but sometimes the process is a little time consuming.

Google will de-list you automatically, just like yahoo, but only after a few days. The amount may depend on the severity of the issue you got listed for. The condition for this to happen is not to spam anymore during that interval.

What can you do on your e-mail side:

  • Verify that PTR, DKIM, SPF or DMARK records are correct

  • Check your SMTP server logs for 500-tag errors

  • Check logs for blocks to public blacklists

  • Lookup your IP in a blacklist lookup tool

  • Check your server's sending reputation (also on public tools)

  • Check for users bulk forwarding email to gmail.com and their domains

Good places to start with:

  • spamhaus.org

  • www.senderbase.org (now assimilated by Talos)

  • www.email-checker.com

You can also report a problem directly to them using this form, but it will do you no good if you continue to spam them.

Overmind
  • 2,970
  • 2
  • 15
  • 24
  • 1
    Thanks. Tried all that, was not on any RBL, stopped bounces to faked gmail addresses, told users to click on "not spam", and used the form you linked for contact... Still nothing helped for weeks. Now, 2 months later, domain finally has dropped from https://postmaster.google.com which no longer contains any data (as we're not sending big volume), and now e-mails to gmail.com users are no longer being marked as spam. – Matija Nalis Apr 30 '19 at 15:29
  • 1
    Both Google and Yahoo use automatic rep status and de-listing, so if you don't spam them for a time, you will become again neutral from a trust p.o.v. – Overmind May 02 '19 at 06:26