Emails classified as SPAM

Discussion in 'Installation/Configuration' started by francoisPE, Dec 6, 2021.

  1. francoisPE

    francoisPE Member HowtoForge Supporter

    Hello
    I have ispconfig 3.2.7p1 with multiserver conf.
    I have several domains fqdn.
    I use ispconfig to send mails and it works well with these domains.
    I set dnssec, dkim, dmarc, spf for all.
    I follow spamhaus and other similar services. I am not classified as SPAM.
    Nevertheless, big companies classify my mails as SPAM.

    I learn these companies use ip whitelists.
    Do you know where and how to whitelist my ips ?
    Thank you very much
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Where did you learn this?
    I have experience of big e-mail providers using their own e-mail blacklists, where it is time consuming to get my e-mail server IP removed. Also I have never received info on why my IP was blacklisted.
    Have you checked mxtoolbox.com blacklist tool, maybe your host is there?
     
  3. brainsys

    brainsys Member

    Sounds as though you have done all the right things. Have you tested your server with something like mxtoolbox.com? Is your IP in a domestic/business ISP provided range or with a well known server company?

    Having said all that I do find GMail has bouts of over enthusiastic spam detection with my emailservers. Then they tweak their algorithms and after a couple of weeks it gets back to normal. No change on my side.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you mean with big Companies e.g. Microsoft (Hotmail and Office 365) and Google? if yes, sign up for their sender reputation programs. Getting whitelisted by them is not that easy, they may blacklist you even if you have done nothing wrong. But they have complaint forms where you can request to get whitelisted.
     
  5. francoisPE

    francoisPE Member HowtoForge Supporter

    I found out !
    That's my server provider...
    All my IPs are concerned !
    upload_2021-12-6_13-15-0.png
     
  6. brainsys

    brainsys Member

    I'm with another German provider. I have spread my servers across their three data centres - so on completely different ranges. Hence if one does get blacked i can route stuff through another. Otherwise you are always stuck with a single point of failure. Even the best server companies can get hit by abusers - and as OVH demonstrated earlier this year - losing a complete data centre is a real possibility.
     
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I would say UCEPROTECT is a dubious blacklist. My server gets added to UCEPROTECT, no reason given why, then removed a few weeks later. Eventually UCEPROTECT lists my server again, and this repeats.
     
  8. Steini86

    Steini86 Active Member

    Don't worry about UCEPROTECT. They are scam. They almost randomly put IPs on their list and require money to remove. Nobody serious is using them.
    Which providers are you talking about? Anything specific? Look at the header of a mail classified as spam (or if you get a bounce). Usually they tell you why it is classified as spam and how to avoid this. @till already gave you the correct answer to follow.
    The big providers have their own lists and you need to apply with them individually. The smaller ones might use smething like https://www.dnswl.org. It is no big hassle to register there, but none of the big ones is using that (in principle, this is what SPF does)
     
  9. francoisPE

    francoisPE Member HowtoForge Supporter

    Thanks a lot to all for that explainations.
    I dig and find that my provider has its ips level2 or level3 !
    I'm going to sign up to big providers reputation programs and look at https://www.dnswl.org
    Many thanks :):):)
     
  10. francoisPE

    francoisPE Member HowtoForge Supporter

    Today I do that with my postscreen
    Code:
    postscreen_dnsbl_sites =
      zen.spamhaus.org
      bl.mailspike.net*3
      b.barracudacentral.org*2
      bl.spameatingmonkey.net*2
      bl.spamcop.net
      dnsbl.sorbs.net=127.0.0.[2;3;6;7;10]
      #whitelist
      list.dnswl.org=127.0.[0..255].0*-1
      list.dnswl.org=127.0.[0..255].1*-2
      list.dnswl.org=127.0.[0..255].[2..3]*-3
      iadb.isipp.com=127.0.[0..255].[0..255]*-2
      iadb.isipp.com=127.3.100.[6..200]*-2
      wl.mailspike.net=127.0.0.[17;18]*-1
      wl.mailspike.net=127.0.0.[19;20]*-2
    
    What do you think ?
    Is that list robust enough ?
     
  11. francoisPE

    francoisPE Member HowtoForge Supporter

    Hello,
    Digging a bit, I found some blacklists that answers not only 127.[0..255].[0..255].[0..255], but 48.xxx or else...
    My understanding is that only 127.[0..255].[0..255].[0..255] is in rfc5782 (https://www.ietf.org/rfc/rfc5782.txt)

    Do you confirm that I can filter answers with regex '^127.' to obtain when my servers are classified as Spam ?
     

Share This Page