views:

5973

answers:

18

This is a tricky one - and I've always relied on techniques such as permission-based emails (i.e. only sending to people you have permission to send to) and not using blatantly spamish terminology.

Of late, some of the emails I send out programmatically have started being shuffled into people's spam folder automatically - and I'm wondering what i can do about it.

This is despite the fact that these particular emails are not ones that humans would mark as spam (specifically, they are emails that contain license keys that people have paid good money for, so I don't think they're going to consider them spam)

I figure this is a big topic in which I am essentially an ignorant simpleton.

+9  A: 

You can tell your users to add your From address to their contacts when they complete their order, which, if they do so, will help a lot.

Otherwise, I would try to get a log from some of your users. Sometimes they have details about why it was flagged as spam in the headers of the message, which you could use to tweak the text.

Other things you can try:

  • Put your site name or address in the subject
  • Keep all links in the message pointing to your domain (and not email.com)
  • Put an address or other contact information in the email
Daniel Broekman
+96  A: 

Use email authentication methods, such as SPF, and DKIM to prove that your emails and your domain name belong together, and to prevent spoofing of your domain name. The SPF website includes a wizard to generate the DNS information for your site.

Check your reverse DNS to make sure the IP address of your mail server points to the domain name that you use for sending mail.

Make sure that the IP-address that you're using is not on a blacklist

Make sure that the reply-to address is a valid, existing address.

Use the full, real name of the addressee in the To field, not just the email-address (e.g. "John Smith" <[email protected]> ).

Monitor your abuse accounts, such as [email protected] and [email protected]. That means - make sure that these accounts exist, read what's sent to them, and act on complaints.

Finally, make it really easy to unsubscribe. Otherwise, your users will unsubscribe by pressing the spam button, and that will affect your reputation.

That said, getting Hotmail to accept your emails remains a black art.

Michiel de Mare
note: "John Smith <[email protected]>" is not a valid e-mail address, "John Smith" <[email protected]> is. If there is a space in the name, the name needs to be quoted; if there are any characters > ascii 127, they have to be escaped as well.
Piskvor
@Piskvor - you're right. I've fixed the article.
Paul Tomblin
Could you elaborate on abuse accounts? I'm not sure about what you mean
marcgg
http://www.brandonchecketts.com/emailtest.php you can test if your mail server setup conforms to DomainKeys, DKIM, SPF and other anti-spam methods.
Jonas
also, make a bounced-emails-detection-algoritm to verify bad email adresses (say if a mail bounces back 3 times, stop sending mails to that address)
clyfe
+5  A: 

Yahoo uses a method called Sender ID, which can be configured at The SPF Setup Wizard and entered in to your DNS. Also one of the important ones for Exchange, Hotmail, AOL, Yahoo, and others is to have a Reverse DNS for your domain. Those will knock out most of the issues. However you can never prevent a person intentionally blocking your or custom rules.

Nick Berardi
Yahoo uses SPF records and DomainKeys; SenderID is a different (and in many ways, incompatible, insecure, and poorly-designed) technology, which should not be used.
Dan Udey
+12  A: 

Sign up for an account on as many major email providers as possible (gmail/yahoo/hotmail/aol/etc). If you make changes to your emails, either major rewording, changes to the code that sends the emails, changes to your email servers, etc, make sure to send test messages to all your accounts and verify that they are not being marked as spam.

thelsdj
+10  A: 

Confirm that you have the correct email address before sending out emails. If someone gives the wrong email address on sign-up, beat them over the head about it ASAP.

Always include clear "how to unsubscribe" information in EVERY email. Do not require the user to login to unsubscribe, it should be a unique url for 1-click unsubscribe.

This will prevent people from marking your mails as spam because "unsubscribing" is too hard.

engtech
+2  A: 

I've found that using the recipients real first and last name in the body is a sure fire way of getting through a spam filter.

CVertex
+3  A: 

You need a reverse DNS entry. You need to not send the same content to the same user twice. You need to test it with some common webmail and email clients. Personally I ran mine through a freshly installed spam assassin, a trained spam assassin, and multiple hotmail, gmail, and aol accounts.

But have you seen that spam that doesn't seem to link to or advertise anything? That's a spammer trying to affect your Bayesian filter. If he can get a high rating and then include some words that would be in his future emails it might be automatically learned as good. So you can't really guess what a user's filter is going to be set as at the time of your mailing.

Lastly, I did not sort my list by the domains, but randomized it.

dlamblin
+7  A: 

You may consider a third party email service who handles delivery issues:

  • Exact Target
  • Vertical Response
  • Constant Contact
  • Campaign Monitor
  • Emma
  • Return Path
  • IntelliContact
  • SilverPop
Zack Peterson
A: 

I have had the same problem in the past on many sites I have done here at work. The only guaranteed method of making sure the user gets the email is to advise the user to add you to there safe list. Any other method is really only going to be something that can help with it and isn't guaranteed.

Tanerax
+2  A: 

one of my application's emails was constantly being tagged as spam. it was html with a single link, which i sent as html in the body with a text/html content type.

my most successful resolution to this problem was to compose the email so it looked like it was generated by an email client.

i changed the email to be a multipart/alternative mime document and i now generate both text/plain and text/html parts.

the email no longer is detected as junk by outlook.

glob
+3  A: 

In the UK it's also best practice to include a real physical address for your company and its registered number.

That way it's all open and honest and they're less likely to manually mark it as spam.

Keith
+3  A: 

Delivering email can be like black magic sometimes. The reverse DNS is really important.

I have found it to be very helpful to carefully track NDRs. I direct all of my NDRs to a single address and I have a windows service parsing them out (Google ListNanny). I put as much information from the NDR as I can into a database, and then I run reports on it to see if I have suddenly started getting blocked by a certain domain. Also, you should avoid sending emails to addresses that were previously marked as NDR, because that's generally a good indication of spam.

If you need to send out a bunch of customer service emails at once, it's best to put a delay in between each one, because if you send too many nearly identical emails to one domain at a time, you are sure to wind up on their blacklist.

Some domains are just impossible to deliver to sometimes. Comcast.net is the worst.

Make sure your IPs aren't listed on sites like http://www.mxtoolbox.com/blacklists.aspx.

Eric Z Beard
+3  A: 

Have you checked to see if you (not you you, but your server :)) have been blacklisted?

Laura
A: 

I would add :

Provide real unsubscription upon click on "Unsubscribe". I've seen real newsletters providing a dummy unsubscription link that upon click shows "[email protected] has been unsubscribed successfully" but I will still receive further newsletters.

Andrei Rinea
A: 

About the reverse DNS thing. What if the mail server is supposed to send mail for different domains?

dummy
this is a question, not an answer. (and you use different ip addresses for the mail server in that case.)
Jeremy
the domain being relayed has nothing to do with the authority of the relay server itself to send mail. Having a PTR record that matches the servers HELO greeting is crucial, but unrelated to the sender of the mail envelope
Dave Cheney
If I understand that correctly: The domain of the from adress does not have to match the reverse DNS of the MTA.The HELO-adress should match the reverse DNS of the MTA.Correct?If so, then should it not be easy for a spammer, to look up the reverse DNS of the zombie. Then give the right HELO?
dummy
A: 

It sounds like you are depending on some feedback to determine what is getting stuck on the receiving end. You should be checking the outbound mail yourself for obvious "spaminess".

Buy any decent spam control system, and send your outbound mail through it. If you send any decent volume of mail, you should be doing this anyhow, because of the risk of sending outbound viruses, especially if you have desktop windows users.

Proofpoint had spam + anti-virus + some reputation services in a single deployment, for example. (I used to work there, so I happen to know this off the top of my head. I'm sure other vendors in this space have similar features.) But you get the idea. If you send your mail through a basic commerical spam control setup, and it doesn't pass, it shouldn't be going out of your network.

Also, there are some companies that can assist you with increasing delivery rates of non-spam, outbound email, like Habeas.

benc
+3  A: 

I hate to tell you, but I and others may be using white-list defaults to control our filtering of spam.

This means that all e-mail from an unknown source is automatically spam and diverted into a spam folder. (I don't let my e-mail service delete spam, because I want to always review the arrivals for false positives, something that is pretty easy to do by a quick scan of the folder.)

I even have e-mail from myself go to the spam bucket because (1) I usually don't send e-mail to myself and (2) there are spammers that fake my return address in spam sent to me.

So to get out of the spam designation, I have to consider that your mail might be legitimate (from sender and subject information) and open it first in plaintext (my default for all incoming mail, spam or not) to see if it is legitimate. My spam folder will not use any links in e-mails so I am protected against tricky image links and other misbehavior.

If I want future arrivals from the same source to go to my in box and not be diverted for spam review, I will specify that to my e-mail client. For those organizations that use bulk-mail forwarders and unique sender addresses per mail piece, that's too bad. They never get my approval and always show up in my spam folder, and if I'm busy I will never look at them.

Finally, if an e-mail is not legible in plaintext, even when sent as HTML, I am likely to just delete it unless it is something that I know is of interest to me by virtue of the source and previous valuable experiences.

As you can see, it is ultimately under an users control and there is no automated act that will convince such a system that your mail is legitimate from its structure alone. In this case, you need to play nice, don't do anything that is similar to phishing, and make it easy for users willing to trust your mail to add you to their white list.

orcmid
+1 for the interesting use case
marcgg
A: 

A few bullet points from a previous answer:

  • Most important: Does the sender address ("From") belong to a domain that runs on the server you send the E-Mail from? If not, make it so. Never use sender addresses like [email protected]. User reply-to if you need replies to arrive at a different address.

  • Is your server on a blacklist (e.g. check IP on spamhaus.org)? This is a possibility when you're on shared hosting when neighbours behave badly.

  • Are mails filtered by a spam filter? Open an account with a freemailer that has a spam folder and find out. Also, try sending mail to an address without any spam filtering at all.

  • Do you possibly need the fifth parameter "-f" of mail() to add a sender address? (See mail() command in the PHP manual)

  • If you have access to log files, check those, of course.

  • Do you check the "from:" address for possible bounce mails ("Returned to sender")? You can also set up a separate "errors-to" address.
Pekka