If the emails you send end up in the spam folder, you should pay attention to the following points.
Large mail services, such as Gmail, Yandex, Mail.ru, use a system for analyzing the content of a letter in order to identify signs of spam. To check this, try sending a simple text message without any links from the address that gets into spam. If it is delivered without problems, then you need to change the text of the messages sent out.
Another solution to this problem may be to add the sender to the "whitelist". You can learn how to do this in the “help” section on the email service’s website:
You can also contact the support services of the mail services, attach a sample letter and indicate that it is not spam:
If your resource sends out a large number of messages (for example, notifications of new messages from a forum), then you should take into account that major mail services have restrictions on the maximum number of delivered messages per unit of time. To prevent your mailing list from being mistaken for spam, you should take the following steps:
- use a permanent dedicated IP address;
- the IP address from which messages are being sent must have a valid reverse DNS entry pointing to your domain.
- use the same address in the "From:" field in all letters;
- sign messages with a DKIM key;
- publish SPF records in DNS;
- publish a DMARC policy to DNS.
If your resource does not carry out any mailings, you need to check if it has been hacked and used by attackers to send spam. First, examine the HTTP server access logs. Having too many POST requests to the same files too often is suspicious:
185.31.210.44 — — [01/Sep/2015:09:04:07 +0200] «POST /images/banners/New/view.php HTTP/1.0» 200 264 «-» «Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.7.6)»
185.31.210.44 — — [01/Sep/2015:09:04:55 +0200] «POST /images/banners/New/view.php HTTP/1.0» 200 264 «-» «Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.7.6)»
185.31.210.44 — — [01/Sep/2015:09:05:43 +0200] «POST /images/banners/New/view.php HTTP/1.0» 200 264 «-» «Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.7.6)»
Analyze this file and check whether it’s part of the site's CMS, whether it contains encrypted code and check the modification date. If there are signs of infiltration, remove it. Take measures to prevent re-infection: update CMS, change passwords, disable unnecessary modules.
Users of Web shared hosting services with a dedicated IP address, VDS and dedicated servers should also check the presence of the IP address in the DNSBL lists:
DNSBLs are databases of addresses from which spam is sent. If the address is present in one of them, you need to go to the DNSBL website, find out the reason, take measures to fix the problem and apply for deletion from the list.
