Menu
What's new
By:
Filters

Email notifications going to spam since VI-C changed mail providers

tack

tack

Damned Dirty Ape
I noticed at some point in November (somewhere between Nov 18 and 28), VI-C moved from Amazon SES for email to some fly-by-night mailer, and as a result spam scores have shot up and VI-C emails are now commonly getting flagged as spam. In my own case, the spam scores when VI-C notifications came through SES were -0.10, and since the transition, the scores are baselining at 5.9 and periodically tip over 6.0 (my threshold) based on Bayesian classification.

Nothing wrong with fly-by-night email servers (I myself host one), but they really need to be diligently maintained. The one VI-C is using doesn't seem to be. Specifically:
  • The mail server is connecting from 51.81.67.29 and is announcing itself as roy.todo10.com. While 51.81.67.29 does reverse to roy.todo10.com, roy.todo10.com doesn't forward resolve to 51.81.67.29 so it's getting dinged on the spam score.
  • 51.81.67.29 is listed on a few blacklists, most notably VirusFree's botnet RBL
  • Use of DKIM and DMARC would help to lower the spam score. (SPF record is in use and is ok.)

I can provide full mail headers and mail server logs via email/PM if needed.

Not a big deal really, missing email notifications from VI-C isn't going to keep me up at night, but just thought I'd flag it to the forum admins in case it's not already on your radar.
Click to read more...
 
todo10 said:
We've restored Amazon SES again. We were experiencing issues with it (a high number of bounced emails) so we temporary switched to another email provider. Unfortunately it was blacklisted so we've gone back to Amazon SES while we'll check the blacklisted IP
Click to expand...

tack said:
I noticed at some point in November (somewhere between Nov 18 and 28), VI-C moved from Amazon SES for email to some fly-by-night mailer, and as a result spam scores have shot up and VI-C emails are now commonly getting flagged as spam. In my own case, the spam scores when VI-C notifications came through SES were -0.10, and since the transition, the scores are baselining at 5.9 and periodically tip over 6.0 (my threshold) based on Bayesian classification.

Nothing wrong with fly-by-night email servers (I myself host one), but they really need to be diligently maintained. The one VI-C is using doesn't seem to be. Specifically:
  • The mail server is connecting from 51.81.67.29 and is announcing itself as roy.todo10.com. While 51.81.67.29 does reverse to roy.todo10.com, roy.todo10.com doesn't forward resolve to 51.81.67.29 so it's getting dinged on the spam score.
  • 51.81.67.29 is listed on a few blacklists, most notably VirusFree's botnet RBL
  • Use of DKIM and DMARC would help to lower the spam score. (SPF record is in use and is ok.)

I can provide full mail headers and mail server logs via email/PM if needed.

Not a big deal really, missing email notifications from VI-C isn't going to keep me up at night, but just thought I'd flag it to the forum admins in case it's not already on your radar.
Click to expand...
Thanks for the heads-up! A return to Amazon was made. Let us know if that stopped the spam madness?

Andre
-------------------------
VIC Tech support
--------------------------
 
todo10 said:
We've restored Amazon SES again. We were experiencing issues with it (a high number of bounced emails) so we temporary switched to another email provider.
Click to expand...
Yeah, frustrating. I deal with this at a much smaller scale at The Sound Board, where the volume is low enough that I'm able to manually police bounces and disable email notifications for users whose mail providers chronically bounce.

Depending on the cause of the bounces, setting up custom MAIL FROM might help. And possibly dedicated IPs with SES (for an extra charge of course, but it's not too severe for the massive cash-rich empire that is VI-Control ;)).

creativeforge said:
Let us know if that stopped the spam madness?
Click to expand...
Well, interestingly I didn't receive an email notification when you quoted and replied to me. I'll report back when one does come in.

Thanks all!
 
fwiw This actually might be an issue with various users email accounts and the filters various providers use.
I use Yahoo mail and I have never had VI-C messages go to my spam folder.
 
Ok, I subscribed to this thread and kgdrum's post triggered an email notification. :)

Looking much better:

Code: 
X-Spamd-Result: default: False [-3.00 / 6.00];
    BAYES_HAM(-2.90)[99.58%];
    URI_COUNT_ODD(1.00)[9];
    DMARC_POLICY_ALLOW(-0.50)[vi-control.net,none];
    RWL_MAILSPIKE_EXCELLENT(-0.40)[54.240.8.29:from];
    FORGED_SENDER(0.30)[[email protected],0100018c82bdcc5c-bc2cd800-0c15-4492-b8db-9ea620752e83-000000@support.vi-control.net];
    R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18];
    R_DKIM_ALLOW(-0.20)[vi-control.net:s=bwm7imxwoefv5x6mm7tk7tnmkbqdxndy,amazonses.com:s=224i4yxa5dv7c2xz3womw6peuasteono];
    MIME_GOOD(-0.10)[multipart/alternative,text/plain];
    ARC_NA(0.00)[];
    MIME_TRACE(0.00)[0:+,1:+,2:~];
    FROM_HAS_DN(0.00)[];
    RCPT_COUNT_ONE(0.00)[1];
    RCVD_COUNT_ZERO(0.00)[0];
    TO_DN_ALL(0.00)[];
    DWL_DNSWL_NONE(0.00)[amazonses.com:dkim];
    ASN(0.00)[asn:14618, ipnet:54.240.8.0/21, country:US];
    TO_MATCH_ENVRCPT_ALL(0.00)[];
    MISSING_XM_UA(0.00)[];
    FROM_NEQ_ENVFROM(0.00)[[email protected],0100018c82bdcc5c-bc2cd800-0c15-4492-b8db-9ea620752e83-000000@support.vi-control.net];
    DKIM_TRACE(0.00)[vi-control.net:+,amazonses.com:+];
    RCVD_IN_DNSWL_NONE(0.00)[54.240.8.29:from]
 
kgdrum said:
This actually might be an issue with various users email accounts and the filters various providers use.
Click to expand...
It fundamentally is, yes. But in the modern Internet, mail servers must be configured in very exacting (and annoying) ways in order to have a chance at evading spam filters. Unfortunately aggressive spam countermeasures are a reality we have to deal with, because the alternative is so much worse.

As an admin, sometimes you can tick every single box in the "I am an upstanding mail server netizen" configuration checklist and still have recipients junk your emails, and there's not much to be done about that. If that had been the case here, I'd have considered it a user issue (me!) and dealt with it that way. As it was, there were some obvious issues on the VI-C side that would be affecting many users, so that's why I flagged it.
 
tack said:
It fundamentally is, yes. But in the modern Internet, mail servers must be configured in very exacting (and annoying) ways in order to have a chance at evading spam filters. Unfortunately aggressive spam countermeasures are a reality we have to deal with, because the alternative is so much worse.

As an admin, sometimes you can tick every single box in the "I am an upstanding mail server netizen" configuration checklist and still have recipients junk your emails, and there's not much to be done about that. If that had been the case here, I'd have considered it a user issue (me!) and dealt with it that way. As it was, there were some obvious issues on the VI-C side that would be affecting many users, so that's why I flagged it.
Click to expand...
Yeah it’s definitely a good thing that you mentioned this and it’s being addressed.
Ironically weird me might actually prefer it if my email notifications went directly to my spam folder so I didn’t have to bother deleting them from my email folder every day!
 
tack said:
Yeah, frustrating. I deal with this at a much smaller scale at The Sound Board, where the volume is low enough that I'm able to manually police bounces and disable email notifications for users whose mail providers chronically bounce.

Depending on the cause of the bounces, setting up custom MAIL FROM might help. And possibly dedicated IPs with SES (for an extra charge of course, but it's not too severe for the massive cash-rich empire that is VI-Control ;)).


Well, interestingly I didn't receive an email notification when you quoted and replied to me. I'll report back when one does come in.

Thanks all!
Click to expand...
OK, how about now? Did you get a notification for this one here?
 
You must log in or register to reply here.
Top Bottom