How to prevent most site registration emails from going to spam
« on: September 09, 2017, 05:40:01 AM »
To whom it may concern:

New user here.  I see that in your registration process you mention to check your spam folder for the confirmation email in case it lands there.  As a gmail user (gmail does very well with email security practices), it went straight to spam.  As a person with a relatively extensive email security background, it was immediately clear why.  I can give you very simple instructions to dramatically improve your inbox placement without needing to spend a dime on software.  If any admins here are interested, I'm happy to help, free of charge of course.

Edit:  after reading over my original post, it sounds kinda shady... for transparency my advice would be about how to implement authentication mechanisms such as SPF/DKIM and things like making sure your sending domains align for DMARC checks.  All easily googled stuff but I assume this site has had this problem for a while since they are not properly in place, so just offering some help pro-bono.
« Last Edit: September 09, 2017, 06:31:42 AM by Psychotropic »

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: How to prevent most site registration emails from going to spam
« Reply #1 on: September 09, 2017, 06:34:51 AM »
Thanks for raising this issue. It's mostly a case of unawareness -- those of us who run the site don't regularly create new accounts, so we don't notice if e-mails end up in spam folders. I also don't personally use gmail, so I'm unfamiliar with its behaviour in this case.

SPF is set up on tfes.org and has been for years. Would adding DKIM/DMARC really make that big of a difference? If so, I'll take a look at setting it up.
when you try to mock anyone while also running the flat earth society. Lol

Re: How to prevent most site registration emails from going to spam
« Reply #2 on: September 09, 2017, 06:37:47 AM »
Thanks for raising this issue. It's mostly a case of unawareness -- those of us who run the site don't regularly create new accounts, so we don't notice if e-mails end up in spam folders. I also don't personally use gmail, so I'm unfamiliar with its behaviour in this case.

SPF is set up on tfes.org and has been for years. Would adding DKIM/DMARC really make that big of a difference? If so, I'll take a look at setting it up.

It makes a world of difference.  I saw that spf was indeed setup for tfes.org, but your SMTP MAILFROM (separate header of which SPF works from) is not tfes.org, so unfortunately it's not even being applied to these mails.  Properly implement SPF and DKIM, and your DMARC should also pass and should require nothing further aside from making sure both FROM headers align (are the same @domain, which they aren't now).

Edit: I see you use postfix which is very good and the things I mentioned are well documented on how to integrate with it.

Edit again: your spf is set to hardfail (-all), I highly suggest turning that to a softfail (~all) once you setup DKIM.

Edit 3 -- long story short you are behind on your email auth.  Get it up to date and I guarantee your inbox placement will skyrocket.
« Last Edit: September 09, 2017, 07:06:48 AM by Psychotropic »

Re: How to prevent most site registration emails from going to spam
« Reply #3 on: September 09, 2017, 07:05:10 AM »
All I just mentioned is often confusing to even admins like you and I'm still here to answer further questions.

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: How to prevent most site registration emails from going to spam
« Reply #4 on: September 09, 2017, 07:22:24 AM »
That's fine, I should be able to get things sorted out. I'm just going to get a gmail account set up first so I can actually test this behaviour, but right now isn't a good time for me to work on this, so that will have to wait until later or tomorrow.

I will let you know if I have questions, and thanks in advance.
when you try to mock anyone while also running the flat earth society. Lol

Re: How to prevent most site registration emails from going to spam
« Reply #5 on: September 09, 2017, 07:26:17 AM »
That's fine, I should be able to get things sorted out. I'm just going to get a gmail account set up first so I can actually test this behaviour, but right now isn't a good time for me to work on this, so that will have to wait until later or tomorrow.

I will let you know if I have questions, and thanks in advance.

Perfect starting point.  Best of luck!

Re: How to prevent most site registration emails from going to spam
« Reply #6 on: September 15, 2017, 12:31:22 AM »
Hey Parsifal,

If/when you implement these things, feel free to send me a site mail directly if you are able to and I'll happily review the headers for you.

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: How to prevent most site registration emails from going to spam
« Reply #7 on: September 16, 2017, 01:14:14 AM »
I have fixed the envelope from issue. Turns out that was default SMF behaviour that we never noticed before.

For the fix, see https://github.com/TheFlatEarthSociety/forum.tfes.org/commit/1941e5539621e052c755bdf0e88e7befebfcc9a4.

I still need to get around to implementing DKIM, but messages seem not to be flagged as spam anymore by gmail in my testing.
when you try to mock anyone while also running the flat earth society. Lol

Re: How to prevent most site registration emails from going to spam
« Reply #8 on: September 16, 2017, 01:20:27 AM »
I have fixed the envelope from issue. Turns out that was default SMF behaviour that we never noticed before.

For the fix, see https://github.com/TheFlatEarthSociety/forum.tfes.org/commit/1941e5539621e052c755bdf0e88e7befebfcc9a4.

I still need to get around to implementing DKIM, but messages seem not to be flagged as spam anymore by gmail in my testing.

Nice!  I'm glad I could help you discover it.  Now your SPF should pass properly and that's a huge step in the right direction.  Something to note is tha doing these things not only improves your inbox placement, but also helps prevent spoofing mails from your domains by bad actors.

Re: How to prevent most site registration emails from going to spam
« Reply #9 on: September 16, 2017, 01:24:47 AM »
If you implement DKIM, I suggest using a 2048 bit key minimum.

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: How to prevent most site registration emails from going to spam
« Reply #10 on: September 16, 2017, 04:01:13 AM »
We now have DKIM set up.

I'm going to wait a little while before configuring DMARC, just in case anyone reports any further problems in the interim. Gmail is accepting our DKIM signatures in my tests, though.
when you try to mock anyone while also running the flat earth society. Lol

Re: How to prevent most site registration emails from going to spam
« Reply #11 on: September 16, 2017, 04:35:10 AM »
We now have DKIM set up.

I'm going to wait a little while before configuring DMARC, just in case anyone reports any further problems in the interim. Gmail is accepting our DKIM signatures in my tests, though.

Good idea, and with just SPF + DKIM you should be golden anyways, DMARC is just nice to have.

Awesome I'm glad this all worked out!

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

Offline 3DGeek

  • *
  • Posts: 1024
  • Path of photon from sun location to eye at sunset?
    • View Profile
    • What path do the photons take from the physical location of the sun to my eye at sunset
Re: How to prevent most site registration emails from going to spam
« Reply #13 on: November 19, 2017, 08:57:39 PM »
On my both my blog site and my home business site - I count the number of people who go through the account creation dialog but don't verify within a week of the system emailing them.   There are always a few of those just because people try to use a fake email address to register with - but if the numbers take a sudden uptick, you know to go and look for a reason.

In one case, my Web provider changed my site's IPv6 address - and the new one was one they'd recycled from an evil spammer who'd been using their servers - so my site was instantly on a bunch of blacklists.   I had to talk to my service provider and ask them to give me a non-blacklisted IP...and as soon as they did that, everything was good again.

But if you don't track the numbers, you can get blacklisted without ever realizing it.
Hey Tom:  What path do the photons take from the physical location of the sun to my eye at sunset?

*

Offline xasop

  • Administrator
  • *****
  • Posts: 9776
  • Professional computer somebody
    • View Profile
Re: How to prevent most site registration emails from going to spam
« Reply #14 on: November 20, 2017, 12:27:08 PM »
On my both my blog site and my home business site - I count the number of people who go through the account creation dialog but don't verify within a week of the system emailing them.   There are always a few of those just because people try to use a fake email address to register with - but if the numbers take a sudden uptick, you know to go and look for a reason.

In one case, my Web provider changed my site's IPv6 address - and the new one was one they'd recycled from an evil spammer who'd been using their servers - so my site was instantly on a bunch of blacklists.   I had to talk to my service provider and ask them to give me a non-blacklisted IP...and as soon as they did that, everything was good again.

But if you don't track the numbers, you can get blacklisted without ever realizing it.

This isn't really relevant to the issue this thread is about, which is now resolved. Thread closed.
when you try to mock anyone while also running the flat earth society. Lol