Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By tezalsec on
Hi there,
I looked around, but couldn't really find much information about this subject, so I am hoping for some feedback through this post.
I have a sort of community website (drupal 6.19) in which users can get an account to post stuff. Account requests have to be approved by the administrator (me) before they are activated. In this process, normally two e-mails get send by the drupal user system to the new user, one to confirm their account request directly after them filling out the application form, and then later one to inform them their account has been approved with the login link etc..
However, in many cases these automated e-mails/notifications apparently are labeled as spam by the providers of the users to-be, so they never get to login, and may even assume their application has been denied because they don't receive any response. In my user overviews in the administration section of the website I see all these users with an activated account that have never logged in, not knowing if they received their notifications or not, if they are just waiting not knowing their account has already been activated, or they have received them but have other personal reasons to not log in.
I have looked around for guidelines and such on how to prevent your automated e-mails being labeled as spam, and the following I have found and applied, but i would like to know if there are more guidelines, insights or considerations out there that are of value in this situation.
1. use the same emailadres as your domainname. Not doing this increases spam penalty points.
2. using also a display name in the from field instead of only an emailadress. Not doing this increases spam penalty points. I am using the script at http://drupal.org/node/209672 #47, which works perfectly.
Thanks for any suggestions!
Max
Comments
SPF
Hello,
Check that you have an SPF record set up for your domain - it's a TXT record in a domain's DNS entry which states which servers are allowed to send mail for that domain. It allows SpamAssassin etc to confirm that the sender isnt spoofed.
Hi, thanks for your reply! I
Hi,
thanks for your reply!
I wasn't aware of this yet, so I now researched and applied it. However, it should have been applied from the beginning without me knowing about it, because my virtual server + plesk setup already had a general spf record, like "TXT v=spf1 +a +mx -all". However, when I use a testing tool like http://www.kitterman.com/spf/validate.html, the result says: not found. So, new questions have risen...
To add to the list above, these issues can also add to SPAM penalty points:
* Bad use of HTML
* Too much experimenting with different configurations
* You need an SPF record for the domain
* You need a reverse DNS address, so it can be looked up. Preferably the same as your domain name.
* You need to look up the IP and find out how many spam databases it's in.
* Sometimes you have to fill out forms with specific providers to get them to leave you alone.
* Sometimes you have to do things to get the spam databases to delist you, or have your provider do that.
Max
Hi, to complete this thread
Hi, to complete this thread after finding all necessary configurations and allowing others to use the solutions, these are all the factors I stumbled upon:
1. use the same emailadres as your domainname. Not doing this increases spam penalty points.
2. using also a display name in the from field instead of only an emailadress. Not doing this increases spam penalty points. I am using the script at http://drupal.org/node/209672 #47, which works perfectly (for Drupal 6.x).
3. correctly configure your SPF record, see www.openspf.org for more info and testing tools
4. make sure the reverse DNS settings is the same as domainname, some receiving mail servers require this.
5. make sure to comply to RFC_2821 550: BAD HELO. This is done by editing the "me" file at var/qmail/control on your linux server, and replacing the value there to your domain name (root access needed for virtual/dedicated server)
And finally, besides the above config factors, the content of the body of the mail can be a factor:
6. bad html/ conspicuous text
Avoid these common mistakes
These are the most common mistakes we see new email marketers make, which result in accidental spam filtering.
• Using spammy phrases, like "Click here!" or "Once in a lifetime opportunity!"
• Going crazy with exclamation points!!!!!!
• USING ALL CAPS, WHICH IS LIKE YELLING IN EMAIL (especially in the subject)
• Coloring their fonts bright red, or green
• Coding sloppy HTML (usually from converting a Microsoft Word file to HTML)
• Creating an HTML email that's nothing but one big image, with little or no text (since spam filters can't read images, they assume you're a spammer that's trying to trick 'em).
• Using the word "Test" in the subject line (agencies run into this all the time, when sending drafts to clients for approval)
• Sending a test to multiple recipients within the same company (that company's email firewall can only assume it's a spam attack)
• Designing HTML email in Microsoft Word, and exporting the code to HTML (that code is sloppy, and spam filters hate it)
http://www.mailchimp.com/articles/how_spam_filters_think/
Cheers!
Max