Default 'extra info' email content triggering gmail spam detection

[neekfenwick]

Hi carlwhat Thanks for your points and I know this situation is complicated, more than the average observer on this forum may understand from their experience. You do sound clued up, though.

in your situation, the client is your web site; and your SMTP server is rejecting your mail. this happens due to spam...

My point here is that, apparently fairly recently, the rules of gmail's spam classification seem to have changed (we have seen a change in behaviour). I base this on the fact that we've used google business mail as our primary address for quite a while and had no problem, and within the last two weeks or so there has been a pretty consistent classification of some emails sent by ZC as spam (which have led to a very serious consequence of our main email account on gmail being blocked from sending emails, which makes our order management system via email non functional, as I detailed above). As I said before, these cases seem to be primarily cases where the EXTRA_INFO block is included in an email. None of the normal order update etc emails to customers are classified as spam.

DKIM is a method of signing email from your SMTP server so that the receiving email server knows the SMTP server is authorized to send email on your behalf. how setting up DKIM would address this problem, you got me... perhaps you can elaborate?

When we suspected google were detecting our emails as "spammy" we looked at ways this might be the case. One is that DNS records like DKIM and SPF are not set up correctly. So, setting these up correctly would remove them as potential reasons google would mark our emails as spammy. Yet, after doing this, the problem persisted.

i am not sure about your host, or if you have a slice, but i would think you might be better off sending email utilizing a mail server on your host (where your website resides) and configuring an SPF record and DKIM for your host and bypassing gmails SMTP server.

The situation we are discussing is related to google's spam detection of emails sent via their SMTP service. The DNS records of our host (the domain in the 'From' header of the email) should contain records that can validate the sender (DKIM/SPF/etc). Our physical host is not really part of that equation.

We did used to run our own MTA (exim) and had some hard lessons learned as we were marked as spammy and put on RBLs (our host was insecure in various ways I won't detail here), that is one reason we moved to G Suite (gmail business account) to handle our emails, many months ago. So we've tried what you suggest ("utilizing a mail server on your host") but I don't see how, if we are using gmail as a mail host now, that would improve the situation. It would be a change, sure, but the improvement is not qualified, and it would be a regression (not that you knew that ).

i am not disputing that what you are doing is working; but to me there is no guarantee that it will continue to work in the future. the idea that you can not convince your SMTP server that you are authorized to send email, and the only way to do this is to remove IP address information is silly to me... SPF, DKIM and DMARC are the gold standard for ensuring mail delivery from SMTP server to the receiving email server. but you are saying the problem is happening before that. which strikes me as messed up and worthy of determining a better SMTP server.

The problem isn't that we can't convince our SMTP server that we are authorized. That has been achieved by several steps (basic auth, DKIm, SPF etc) .. the problem occurs because of physical content in the emails that are sent. This is outside of host, authentication, authorisation, and as far as I can tell, reputation (as far as that goes in the email/spam world).

The problem doesn't happen "before that" (by which I think you mean the point of sending the email, can our sending action be considered valid). It happens exactly after the email is sent, and we get back a Delivery Status Notification email, and after a few occurances of that, the sending account is blocked on gmail for "sending spam". My investigation seems to (over the past 3 days now) have proved that removing certain content (so far I've narrowed it down to the ip address and host address, see email_collect_extra_info in functions_email.php) from the emails stops this spam classification.

Your point of a 'better SMTP server' is a little weird in that we're talking about google/gmail here, I think we can generally agree it's world class. The emails in question tend to be from and to gmail, i.e. when a customer submits the Contact Us form, the only email sent that includes the Office Use Only section is the one sent from and to the ZC host's own email address, i.e. this email goes from 'us at ourcompany dot com' to the same address, and these are being blocked, a Delivery Status Notification email is sent, and after about 10 attempts of this our sending gmail account is blocked on gmail. I think they're generally doing a great job, and I'm just trying to help us and everyone else work with them.

cuz email is hard!

It is a massive pain in the balls to admin, for sure