MegaSack DRAW - This year's winner is user - rgwb
We will be in touch
One of my colleagues is having trouble with her email, when she sends it to a certain company and copies in somebody from our company it goes straight to our webmail spam folder. If the mail is sent only to this one person at the other company it goes through ok but with a medium spam rating same for an email to say me. This only seems to happen for some people and the email isn't even bounced back as undelivered so we don't know how common it is.
As she is in the sales dpt she sends lots of quotes out and when people don't receive the mails it costs us money, so it is more than an inconvenience. I seem to have tracked part of the fault down to our company logo that she uses in her signature and removing that lowers her spam score considerably. However putting that logo in my signature doesn't raise my spam score at all.
We have eliminated the PC by having the same problem on a fresh out of the box laptop reproduce the same thing.
So we can stop it from happening but we don't know why or how the Spam score is jumping up just for her. This is part of the message that comes up in the full header from one of her mails in my spam folder, can anybody decipher it?
YN_RDNS_AND_INLINE_IMAGE,
DYN_RDNS_SHORT_HELO_HTML,DYN_RDNS_SHORT_HELO_IMAGE,FROM_12LTRDOM,
FSL_HELO_NON_FQDN_1,HELO_NO_DOMAIN,HTML_MESSAGE,KHOP_DYNAMIC,
RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,SHORT_HELO_AND_INLINE_IMAGE,
T_DOS_OUTLOOK_TO_MX_IMAGE autolearn=no version=3.3.2
Thanks
isnt it your mail server that determines the spam rating and takes the required action, nothing to do with the PC....its probably flagging it based on her username.
To be honest I don't have a clue. I knew nothing about webmail until friday and only know a little bit now.
Maybe somewhere inbetween your mail server and hers there is spamassassin or similar. Check their avoiding [url= http://wiki.apache.org/spamassassin/AvoidingFpsForSenders ]false positives guide[/url]. Pretty technical though.
Who maintains your mail server?
Some of that header makes sense to me but I don't think it's meant to be human-readable. The short answer though is, it's not your problem, it needs to be fielded by whoever looks after your server.
A number of those messages would point back to your mail server having a dynamic IP address. This could be the root of your problem; if you host your own mail server, it really should have a static IP address and reverse DNS entries to match.
Hang on.
You're not hosting your own mail, are you. You're connecting Outlook directly to an external hosting company. Yes?
No we arnt hosting our own mail, our website people deal with the mail server but they are stumped too. It does also say in the report that we have a dynamic ip address that matches the one coming from our BT router. I have a bit of a suspicion that because she occasionally sends flyers out that people may have reported her for spam. Would that have these effects?
Would that have these effects?
Could do if she's sending to a lot of people from her personal email account. If you're doing mass mailings and not using something like mailchimp or constant contact then you could well find your way onto a spam blacklist.
It means your crossbeam's gone out of skew on the treddle.
If I read the fault description properly, UserA at Company A sends to UserA at Company B, with a CC to UserB at Company A and it ends up in company A's spam net. I therefore assume that I have somehow managed to get the wrong end of the stick.
Right?
Cougar's right, basically it's down to you using dynamic ip address.
The spam rating is accumulative. The more negatives you have the higher the score & once you hit a watermark it's flagged as spam. Some negatives count higher than others.
If you look at that header, a lot of the negatives are triggered by reverse lookup from dynamic ip address. Dynamic ip address & image attachment counts for more. DYN_RDNS_AND_INLINE_IMAGE & DYN_RDNS_SHORT_HELO_IMAGE score over 1.3 & 1.8 respectively. Typically any mail with a score over about 3.0 would be flagged as spam. Add up the other negatives & they'll tip that message as being spam. So to prevent this, get rid of the big scores. (The scores can be seen in the spamassassin 50_scores.cf file).
Gordy you are correct, it also ended up in company Bs spam box.
We are at the star now of deciding to set her up a new email adress with a redirect from her old one. In addition to this we will stop sending the flyers so the new address doesn't have any problems. Not ideal but unles there is a way of removing her from any black lists than I can't see any other options.
Oh and anothe thing, when she puts the company logo in her signature it really bumps up the spam rating, when I use the same image nothing happens.
when she puts the company logo in her signature it really bumps up the spam rating, when I use the same image nothing happens.
That's because she's linking to an image on a website rather than embedding the file.
We are at the star now of deciding to set her up a new email adress with a redirect from her old one.
Don't bother, because:
unles there is a way of removing her from any black lists
I'm pretty confident it's not a blacklist issue.
No we arnt hosting our own mail, our website people deal with the mail server
By "website people" do you mean the ISP who host it, or your web developers, or something else? Is the SpamAssassin service run by a third party, or another department of your company, or...?
My feeling is that you need to get a static IP assigned to the email source, but it's difficult to advise accurately who, how or where you'd do that when you're drip-feeding us minimal information.
By website people i mean the web developers, as far as I know our email is based on one of their servers and I can log into it through http://gobo.infinahosting.com. Im not sure about the SpamAsssassin.
The company logo that she uses is just copy and pasted from somebody else's email signature it isn't linking to or from anywhere.
Sorry if i seem to be drip feeding info its just that I dont know a lot about it and out of the stuff I do know I don't know how much of it is worth mentioning.
The email isn't being flagged as spam because you're on a blacklist, it's because the email is failing too many of the tests on the remote (company B) mail server's spamassassin filter. Your original post lists the tests that are failing. The two i highlighted above are both failing due to reverse DNS lookups indicating you're emailing from a dynamically assigned email address with an image attached to the email. To fix this you really need to send email from a fixed IP address.
How does your org receive email ?. You've said you're not hosting your own mail server. Your receiving mail server will have a static ip address, can't you send email via that server ?.
The outbound mail server has a dynamic IP? Hmmm something's not right there.
I'm wondering if the 'web development company' has a mail server in-house, on a dynamic IP ADSL connection...
( and yes there are instances when a mail server can have a dynamic IP and still work... )
@ [b]OP[/b]
Could you send a test email to your colleague (with the intention of being trapped in spam), then ask her to forward it on (as an attachment, so I get the whole email, including headers) to me? email in profile 🙂
Is the domain ppsequipment.co.uk?
If so, here's the DNS information about it..
============
; <<>> DiG 9.6-ESV-R4 <<>> -t ANY ppsequipment.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5987
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 2, ADDITIONAL: 3
;; QUESTION SECTION:
;ppsequipment.co.uk. IN ANY
;; ANSWER SECTION:
ppsequipment.co.uk. 14400 IN SOA ns1.infinahosting.com. hostmaster.ppsequipment.co.uk. 2010122100 14400 3600 1209600 86400
ppsequipment.co.uk. 14400 IN A 64.247.16.140
[b]ppsequipment.co.uk. 14400 IN TXT "v=spf1 a mx ip4:209.123.181.142 ~all"[/b]
ppsequipment.co.uk. 14400 IN MX 10 mail.ppsequipment.co.uk.
ppsequipment.co.uk. 14400 IN NS ns1.infinahosting.com.
ppsequipment.co.uk. 14400 IN NS ns2.infinahosting.com.
;; AUTHORITY SECTION:
ppsequipment.co.uk. 14400 IN NS ns1.infinahosting.com.
ppsequipment.co.uk. 14400 IN NS ns2.infinahosting.com.
;; ADDITIONAL SECTION:
[b]mail.ppsequipment.co.uk. 14400 IN A 64.247.16.140[/b]
ns1.infinahosting.com. 100 IN A 64.247.16.136
ns2.infinahosting.com. 100 IN A 64.21.94.104
;; Query time: 155 msec
;; SERVER: 69.56.222.10#53(69.56.222.10)
;; WHEN: Thu Nov 17 00:18:57 2011
;; MSG SIZE rcvd: 298
============
And here's the mail servers domain..
===========
; <<>> DiG 9.6-ESV-R4 <<>> -t ANY mail.ppsequipment.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7111
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;mail.ppsequipment.co.uk. IN ANY
;; ANSWER SECTION:
[b]mail.ppsequipment.co.uk. 14400 IN A 64.247.16.140[/b]
;; AUTHORITY SECTION:
ppsequipment.co.uk. 14400 IN NS ns2.infinahosting.com.
ppsequipment.co.uk. 14400 IN NS ns1.infinahosting.com.
;; ADDITIONAL SECTION:
ns1.infinahosting.com. 100 IN A 64.247.16.136
ns2.infinahosting.com. 100 IN A 64.21.94.104
;; Query time: 197 msec
;; SERVER: 69.56.222.10#53(69.56.222.10)
;; WHEN: Thu Nov 17 00:20:50 2011
;; MSG SIZE rcvd: 142
===================
I'm wondering if the SPF record is setup wrong? Bit rusty on it, but should the SPF record be pointing at the same IP as 'mail.ppsequipment.co.uk' ?
xiphon thats us yes. I dont seem to be coming up as spam its her that is. However you have all confused the hell out of me now this stuff is way beyond my knowledge.
It looks like our web guys have just decided to give her a new email address as I have just received an email from a new address.
xiphon if you want I can send you an attachment of a spam mail I received from her.
Id be intrigued to know why you're seeking assistance from the same people you insult with the term "geek"
Please clarify you "knob muncher", much obliged 😀
I_Ache - am I right in thinking *outbound* mail from her gets caught in spam? If she sends to you, does it get caught - or delivered?
By website people i mean the web developers, as far as I know our email is based on one of their servers and I can log into it through http://gobo.infinahosting.com. Im not sure about the SpamAsssassin.
Somebody, somewhere must know how this is set up. What's the crack here? You've got, what, a webdev team who claim to 'maintain' it but don't in actuality know anything about it? Don't you have an IT Manager? (And if you're based in the North, and do you want one?)
Yup, sounds like you need to give these web people a good hard verbal kick.
Or whoever is responsible for your email system.
Incidentally, www.ppsequipment.co.uk appears to be down. And looking at 'infinahosting' I'm starting to understand where the problem may have started. Is Infinahosting the CEO's mate Dave from the pub?
I'm wondering if the 'web development company' has a mail server in-house, on a dynamic IP ADSL connection...
Smells like it.
I'm guessing of course, but I think you've got a much bigger problem here than "email gets flagged as spam in an ephemeral manner." It looks to me like your 'web team' are utterly out of their depth and the email needs taking apart and putting together properly.
I'd further guess that this was setup originally by someone who has now left the company, and the webdev team got lumbered with it.
I'd further guess that this is the tip of the iceberg as far as infrastructure issues go.
How am I doing so far?
Just a thought. Someone has correctly configured an outgoing email server on her mail client haven't they ?.
The company logo that she uses is just copy and pasted from somebody else's email signature it isn't linking to or from anywhere.
The copy and paste has done something creative, then. It needs removing and adding back in from a local file on her PC.
Our website is up for me.
We are only a small company so no in house IT department. I think that the guys that now control the email were given it as part of a package to keep the financial side of it tidy. So it was all setup by people who are not involved with it anymore.
xiphon - Member
I_Ache - am I right in thinking *outbound* mail from her gets caught in spam? If she sends to you, does it get caught - or delivered?
She if she sends it from outlook I wont receive it on outlook but I can login to infina and it will be in my spam box on there.
enfht - Member
Id be intrigued to know why you're seeking assistance from the same people you insult with the term "geek"Please clarify you "knob muncher", much obliged
Of course I am but I see it as more of an affectionate term than an insult. I would class myself as a bike geek. And anyway being a geek is supposed to be cool these days. 🙂
grahamb - Member
Just a thought. Someone has correctly configured an outgoing email server on her mail client haven't they
Do you mean outlook? Yes I'm pretty sure they have. Will go and double check.
Cougar - Member
The copy and paste has done something creative, then. It needs removing and adding back in from a local file on her PC.
Done that already. Makes no difference.
For reference,
[img] 
[/img]
Done that already. Makes no difference.
Could you email me from her a/c please? As per Xiphon's request.
We are only a small company so no in house IT department. I think that the guys that now control the email were given it as part of a package to keep the financial side of it tidy. So it was all setup by people who are not involved with it anymore.
Bingo.
Who deals with IT issues day to day?
(Y'know, I'm idly thinking we should set up an STW-IT consultancy team, there's some good people here...)
Sounds like you need an outsourced IT department - no offence....
If you're in London, I can recommend my former employees...