is our dynamic IP causing our mail to go into spam, despite clean mailserver?

0

Recently, we are having contacts reporting our usual business email going into their spam folder. For sending email (with thunderbird), we connect to our email server (hosted by webland.ch) using a dynamic IP provided by our ISP. We have valid spf records (domain: holographicevolving.net).

Having checked all possible involved IP's for blacklists, our dynamic IP lists in the SORBS DUHL, which is normal for a ISP's dynamically assigned IP.

Our email server includes such dynamic IP (85.6.153.32) in the header's "From" field: is it possible that such appearance causes the email to go into spam, even if the message is sent through a mail server with a clean reputation? Is it normal practice to include such IP in the message which is being sent, or should I search for an ISP with different policies?

I'm including a full header of an email which has gone into spam (note: X-Brightmail: 1.00) - NOTE: the true email addresses have been replaced by fake addresses. In bold the dynamic IP:

Return-Path: <srs0+3abd91964137ff50=7d=annabacchia.net=xyz@ms11.webland.ch>
Delivered-To: abc@libero.it
Received: from dcd-19 ([10.255.30.104])
    by dcbackend-14.iol.local (Dovecot) with LMTP id fUxHCxVOgFlfzgAAqNsjrg
    for <abc@libero.it>; Tue, 01 Aug 2017 11:47:01 +0200
Received: from dcproxy-10 ([10.255.30.104])
    by dcd-19 (Dovecot) with LMTP id ag0wABVOgFniywEAoY8DWg
    ; Tue, 01 Aug 2017 11:47:01 +0200
Received: from libero.it ([10.255.30.104])
    by dcproxy-10 (Dovecot) with LMTP id uviHFxVOgFnBVAEAZXjisA
    ; Tue, 01 Aug 2017 11:47:01 +0200
Received: from ms11.webland.ch ([92.43.217.111])
    by smtp-04.iol.local with SMTP
    id cTlUdepuqo31wcTlVdg9HK; Tue, 01 Aug 2017 11:47:01 +0200
X-IOL-SEC: _SPFOK_NODKIM_NODMARC_ENVFROMHEADDIFF
X-IOL-Original-Envfrom: srs0+3abd91964137ff50=7d=annabacchia.net=xyz@ms11.webland.ch
x-libjamoibt: 2601
Received-SPF: pass
X-Brightmail: 1.00
X-CNFS-Analysis: v=2.2 cv=VI2tp5HX c=1 sm=1 tr=0
 p=UxAtPQK97qOwBkGOy/pxrQ==:17 a=HGfs8QhyHZ6xrkQRJn5Ltg==:117
 a=KeKAF7QvOSUA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=U2MMoiraAAAA:8 a=WGvLXF1mAAAA:8
 a=r9tP6c68YEtjmGW1dm0A:9 a=PUjeQqilurYA:10 a=d_A673Y89EbVYa8fyBwA:9
 a=ZUr75wxaj2RIQm8O:21 a=_W_S_7VecoQA:10 a=OIaM6Ey06vj2unKmtWkP:22
 a=mpdrkRMdHaYbt6RDyd1c:22
Received: from [192.168.1.105] (**[85.6.153.32]**)
      by ms11.webland.ch (Webland Mail Server v. 11.4.5.) with ASMTP (SSL) id 01201708011146597162
      for <abc@libero.it>; Tue, 01 Aug 2017 11:46:59 +0200
To: abc@libero.it
From: X Y Z <xyz@holographicevolving.net>
Subject: test
Message-ID: <78417de1-a39d-593c-ac49-e2428bd0b20c@holographicevolving.net>
Disposition-Notification-To: X Y Z 
 <xyz@holographicevolving.net>
Date: Tue, 1 Aug 2017 11:46:59 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------------5AC249F98CE20F74EA62454C"
X-CMAE-Envelope: MS4wfGEitL1ItzF4cvjgHAR4VBpq4j+yLgLLtymAL3ajzBPaPTqF4FqwOUvQK2+qydOC5kCMbc+sH3ylgfqmhtsoi0Y54wYd/8bIguXfxjZ6CYQgn5RVZ0x3
 oEwkBpUVBzP46pzZYPt7tVeZ3ToJCPzsAzhoZAJZQYYKL+s+Jt+4VQSPLxpm5qBE4e7f+1HQkdE8GRPwfvBrRCqUd/IoeXSpGRf6gLqZ2e6orN5ps6feRbMt
 h5F3RpeBg0k/c6ygdqLrJg==

This is a multi-part message in MIME format.
--------------5AC249F98CE20F74EA62454C

1NN

Posted 2017-08-01T10:44:24.213

Reputation: 120

Answers

1

  1. Usually only nearest external (untrusted) sender node checked for blacklist (looking at Your mail headers it probably ms11.webland.ch ([92.43.217.111]) )
  2. May be other headers checked also
  3. You can remove Received headers on Your mail server (ms11.webland.ch), so "Received: from [192.168.1.105] ([85.6.153.32])" become invisible to external hosts. How to do it depends on which mail server You using.

Mikhail Moskalev

Posted 2017-08-01T10:44:24.213

Reputation: 1 718

Thanks - I will contact my ISP to see if I can configure our mail server according to your point 3 – 1NN – 2017-08-01T17:25:52.670

1I mark this as correct answer regarding my question, as point Nr 1 is correct. The spam issue was effectively NOT related to the IP address, but to the fact that the ISP sent the emails through a domain different from the address in the FROM field, without providing any DKIM. – 1NN – 2019-10-28T19:52:25.963

0

This is actually a possibility. Many spam filtering systems now utilize DNS features to verify the identity of a mailer. If the email server's IP address is constantly changing this could be seen as a red-flag for a potential spammer... as legitimate email servers would typically use a hosted solution with a static IP. Doubly so as incoming mail depends on static MX entries in DNS that do not change.

Spammers, conversely, cannot usually use a hosted solution as the hosts disallow large scale emailing specifically because it gets their other, legitimate email marked as spam. Not having a static IP doesn't matter for spammers as they aren't expecting any incoming email.

If your mail server is hosted in such a way that it has a dynamic IP and you aren't an email spammer I would suggest getting inexpensive hosting or using inexpensive/free webmail like Google's G Suite. The latter lets you use gmail with your own domain name.

Cliff Armstrong

Posted 2017-08-01T10:44:24.213

Reputation: 1 813

Asked: 2017-08-01T10:44:24.213

Viewed: 233 times

Active: 2017-08-01T11:25:05.617