Mail servers use a wide array of anti-spam checks to keep out spam. This includes IP reputation check, message composition, RFC compliant SMTP handshake, mail user feedback, and more. All these checks together produce a spam score that determines whether a mail is a spam or not.
Spammers constantly adapt to these anti-spam measures, so we have to continually modify server configurations to help reduce spam. As a result, there is no single thing you can do to ensure that all of your outgoing messages are delivered successfully.
We’ve seen that some emails, while legitimate, produce a low spam score because of the poor reputation of the server IP network, message encoding, message headers, etc.
Reasons for delivering emails to the spam folder
IP reputation
First of all, the reason for your messages to go to the junk folder can be related to the reputation of the IP address of your mail server.
The IP reputation relies on many factors such as the volume of sent emails, the content of the messages, bounced messages, messages sent to not-existing email boxes, messages hitting spam traps. All that is used to calculate the reputation of your IP. Then mail servers decide where they will deliver the email message based on the IP reputation score.
Engagement
Most of the major email providers, including Yahoo!, AOL, Hotmail, and Gmail, use engagement-based filtering to help detect spam. That is, the more your recipients interact with your emails by opening, clicking, and reading, the more highly engaged your audience is, and the more likely you’ll end up in their inboxes. If a lot of users are marking a message as spam, it’s more likely to end up in other people’s spam folders. If they’ve moved emails out of the spam folder, that can help ensure future emails that are similar are delivered to the inbox instead.
The destination server blocks your domain
Another reason for delivering emails to the spam folder is the fact that your domain exists in the blacklist of the destination mail server. To find out if that was the case you will have to contact the mail administrator of the destination server.
Missing or wrongly configured reverse DNS record
The reverse lookup is a simple verification check that helps your email server quickly differentiate between valid email senders and potentially compromised machines hijacked for the purpose of sending spam.
Missing or wrongly configured SPF, DKIM, DMARC
Sender Policy Framework (SPF) is a DNS txt entry which shows a list of servers that are allowed to send mail for a specific domain. It is used as an email authentication method that allows emails to be sent only from an authorized source.
DomainKeys Identified Mail (DKIM) is also an email authentication method to verify that the emails are trustworthy. It ensures that the email contents weren’t changed from the moment it left the initial mail server.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technical specification to help reduce the potential for email-based abuse. A DMARC policy uses DNS to confirm that an email message uses a valid DKIM and SPF record and that the From header matches those records.
Many large email networks require that you use a DMARC policy to help protect their users from a spam email. To prevent email rejections or spam flags within these networks, your server must use a DMARC policy.
If any of the three are missing, the emails may be marked as spam.
Anti-spam filters
Apache SpamAssassin is an open source email filter that examines incoming email and tests for spam characteristics. It uses Bayesian spam filtering and network tests to screen incoming email. The scores can be positive or negative. The higher the positive score is in your email, the higher the probability that the message is spam. This results in an overall score that Apache SpamAssassin uses to determine whether it should discard a message.
How to Keep your Email Out of the Spam Folder
1) Check whether your domain is blacklisted. You can check the blacklists by visiting http://www.mxtoolbox.com/blacklists.aspx.
Enter your domain name or IP address to check the blacklists. It will check the domain name or IP against most popular blacklist databases for reputation check.
If you find that you are on a blacklist, you will need to follow up with the website that has added you to their blacklist. That information is provided by the tool above.
2) Make sure that your email authentication is enabled. The email authentication is a verification method used to stop spam coming from your email address even if you are not sending any. If your emails are not authenticated properly spammers can easily spoof emails coming from your domain. This causes your domain to get blacklisted even though you are not sending emails. The email authentication can be enabled on your cPanel by following the below steps.
cPanel Home >> Email >> Authentication.You can enable DKIM and SPF by clicking on the enable button. Your emails will be authenticated after enabling both DKIM and SPF records.
For newer versions of cPanel cPanel >> Home >> Email >> Email Deliverability.
This interface helps to identify problems with your mail-related DNS records for one or more of your domains. The system uses these records to verify that other servers can trust it as a sender.
3) The mail servers must use a reverse DNS (Domain Name System) setup and is also a good solution. PTR records are used for the reverse DNS lookup. If the PTR records are successfully set up, using the IP address you can get the associated domain/hostname. An A record should exist for every PTR record. You may contact your hosting/datacenter to set up a PTR record. You can check whether the PTR record is set up by entering your server IP in the reverse lookup tool below.http://mxtoolbox.com/ReverseLookup.aspx
4)Enable anti-spam scans in outgoing mail
cPanel by default scans only incoming emails as spam.
It uses several high-quality algorithms to check if the incoming emails contain spammy links, images, text or attachments. We can turn on this stringent spam checking on outgoing emails as well.
In that way, if a mail contains any chance of being tagged as spam by Gmail, Hotmail, etc., the mail won’t be sent.
The email user will have a chance to modify the message based on the Spam Score.
This can be enabled in WHM by going to WHM –> Service Configuration –> Exim Configuration Manager –> Apache SpamAssassin Options –> Scan outgoing messages for spam.
5)Prevent malware infection
All major mail service providers keep historical records of IP reputation. So, it is important to keep your server out of IP blacklists. If it is listed once, it’s likely to have a slightly higher spam score than IPs that were never listed.
To prevent IP blacklisting, we take these measures:
- Implement a web application firewall to prevent website infection and malware upload. So spam scripts never reach the server through vulnerable websites.
- Setup malware scanning that’s triggered every time a new file is uploaded. In this way, spam scripts uploaded through FTP and cPanel will be removed.
- Allow only Exim and Mailman to send outgoing emails. This will prevent any spam scripts that evaded detection from sending spam.
- Limit the emails sent per hour per user. With such a limit, even if an email account is hijacked by a spammer, only a limited amount of spam will leave the server, thereby avoiding IP blacklist traps.
- Setting up feedback loops, and DMARC spam reporting IPs. This gives us an early warning of a potential spammer in the server and allows us to take corrective actions before the IP is blacklisted.
6)Use dedicated IPs for bulk mailers
Mail volume and bounces may act as an indicator of spammy behavior. We’ve seen bulk mailers using shared server IPs to blast thousands of marketing emails. In such a system, even if one bulk mailer fails to implement best practices (eg. unsubscribe link), the spam score of all users in the shared IP will be affected.
That is why we should provide bulk mailers a dedicated IP.
A dedicated mail IP can be set up by entering the domain name in the /etc/mailips file, like this:
domain.com: 10.0.1.2