No announcement yet.

"Safer looking" e-Mails... How?

  • Filter
  • Time
  • Show
Clear All
new posts

  • "Safer looking" e-Mails... How?

    Hello guys, i am working on a CGI that sends confirmation e-mail to the registered
    person. However, the e-mail is always sent to the Spam box of
    Hotmail accounts. How can i reduce possibilities that this happens?
    Any special tricks/headers that i need to fill?

    Im sure this would also be useful for my Egrid32 Upgrade CGI, some users report
    that the e-mails from my Egrid32 Auto upgrader gets blocked.

    Thanx for any help.

    I got a kind e-mail from one of the Users of Egrid32 regarding this, however,
    i cant seem to locate it. It had something to do with e-mail date and time.

  • #2
    Hi Elias,
    there are some simple things you can do:
    1) as few graphics as possible in the email
    2) do not use ALL CAPS
    3) do not use a unique identifier in the subject line
    ie: "Receipt #12345 from Egrid32"
    should instead be "Your receipt from Egrid32"

    beyond those things, it's not so easy. Your ISP can't be blacklisted somewhere, and your SMTP server has to pass a series of IP and DNS tests.

    I wrestled with this for a long time with gMail always marking certain email as spam. I even worked with their tech support because as far as I could tell, it was passing everything. The gMail tech told me it was failing gMail's "heuristic test" but could never tell me exactly how.

    Email is become a pain because people are locking stuff down so much in order to stop spammers.

    One other thing: if you can get a copy of the email marked as spam from your customer, you might be able to look at the headers and see where the failure lies.

    Good luck!
    Last edited by Shawn Anderson; 29 Nov 2007, 07:25 AM. Reason: added text


    • #3
      More info


      Here is a link that may help.

      Spam Assassin is one of the most popular filters. This page lists the tests that are done on an email. It may give you some ideas.

      Mark Strickland, CISSP, CEH


      • #4
        You gotta love the way Spam Assassin explains its rules using regular expressions, eg.

        Subject =~ /^\s*(?:\w+\s+)+you\s+(?:\w+\s+)*(?:owe| indebted)\s+(?:\w+\s+)+an\s*other/i
        Michael Mattias
        Tal Systems (retired)
        Port Washington WI USA
        [email protected]


        • #5

          Your auto generated emails always come in (or me anyway) with either no date, or with a date of 12-31-1969. This usually triggers my spam filter, but I put sweetheartgames and egrid*.* in my whitelists a long time ago.
          Software makes Hardware Happen


          • #6
            Thanx guys, im checking all this.


            • #7
              Are you sending through your ISP, or directly to the recipient's mail server? The latter is a pretty big no-no, spam detection wise.
              Real programmers use a magnetized needle and a steady hand


              • #8
                The latter is a pretty big no-no, spam detection wise.
                Huh? I don't know about anyone else's email server (well, actually I do, but...) but my server's don't ask if the sending server is an ISP or not, in fact, I'm not sure how it would even do that.

                Now, if you're talking about reverse DNS, that might make sense
                Software makes Hardware Happen


                • #9
                  I was thinking in terms of the sending program acting like a simple SMTP client. There's lots of things to be prepared for:

                  Many mail servers nowadays will check the reverse DNS entry for a connecting host, and it if looks even a little bit like a dynamically assigned host name, the message will get spiked.

                  Grey listing, where the receiver records data about the incoming connection, then fibs and says "I'm busy now, try again later". I "real" SMTP server will try again in a bit, and the receiver sees it as a second attempt for a previous send, and allows it. Some malware does "drive by" spamming, one attempt only.

                  SPF. If there is an SPF record for your domain, (, it defines which IP addresses & hosts are allowed to send e-mail from the domain. If the host you are sending from is not in the list, the message may not be accepted.
                  Real programmers use a magnetized needle and a steady hand


                  • #10
                    Originally posted by Joe Byrne View Post
                    Huh? I don't know about anyone else's email server (well, actually I do, but...) but my server's don't ask if the sending server is an ISP or not, in fact, I'm not sure how it would even do that.
                    I thought this is pretty common today. And it's not about being an ISP or not.

                    Sending IP <> IP in MX record of sending domain = reject email. Which pretty much rules out each direct SMTP client to recipient's mail server communication.

                    So, yes, using your own mail server for sending out emails is another means to get your mails through.


                    • #11
                      Any recomendations of a good online spam test i can send my test email to?


                      • #12
                        You can start targeting a Gmail account (open one if you haven't it already).

                        -- The universe tends toward maximum irony. Don't push it.

                        File Extension Seeker - Metasearch engine for file extensions / file types
                        Online TrID file identifier | TrIDLib - Identify thousands of file formats


                        • #13
                          I'd recommend checking your system against IronPort's SenderBase database:


                          Where "" is replaced with the IP address of the system that you're sending your email from. If it returns that your reputation is "poor", then you'll find that a lot of servers will flag your mail as spam, or reject it out-of-hand. If you're sending that email from a consumer dial-up or DSL/cable account, then there's a good chance that you'll also find your email flagged/blocked because some DNSRBLs basically flag entire net-blocks allocated for consumer addresses from companies like Verizon, EarthLink, etc. In other words, their position is that if you're a consumer user, you shouldn't be attempting to send mail directly, you should be going through your ISP so they can monitor your email habits.
                          Last edited by Mike Stefanik; 7 Apr 2008, 01:12 PM. Reason: Board software mangled the URL
                          Mike Stefanik


                          • #14
                            Thanx mark, ill try that...

                            Mike, it says my IP is neutral... is that good enough?


                            • #15
                              Neutral is fine. As long as you're not showing up on any of the DNSRBLs, then at least you know you're probably not getting flagged/blocked based on your IP address.
                              Mike Stefanik


                              • #16
                                Is there a way to tell?


                                • #17
                                  Originally posted by Elias Montoya View Post
                                  Any recomendations of a good online spam test i can send my test email to?

                                  Mike's suggestions are a good start, but the problem of SPAM is huge. Its really not possible to say "Here is an email message, is it spam?" If it were that easy, SPAM wouldn't be a problem.

                                  Every email server is going to do something to try and identify your email as legitimate or not. What that specific test (or more likely tests) is/are, is impossible to say. SpamAssassin is a widely popular SPAM detection program, but its just one of many.

                                  The smartest thing you can do is stay with plain text, check that your words don't contain 'sales' phrases, bad language, or things that might be thought of by some as SPAM. Avoid graphics and attachments, especially executables. Beyond that, you simply can't guarantee that any specific server will accept your email or not.

                                  A lot of people think that EMail is a guaranteed service, and it is not. Beyond the potential technical reasons why email can be dropped, the SPAM problem makes it all that much worse. Someday a new method will be developed, but for now people just have to accept the fact that EMail is good, but not perfect and should not be relied on for guaranteed communications.

                                  I sent an email to a 3rd party developer from here. Sent it 3 times and even used the PB private message. All 3 emails bounced back for reasons I think are ridiculous and I've not heard back via the PM. So I had to go shopping elsewhere. Shame, but that's life

                                  Added: I just noticed that you have a account. Unless I specifically add you to my email server's whitelist, you're email would never get to anyone using my email services. There is so much SPAM from these 'free' accounts, especially hotmail, that I block them all. When/if a customer asks for a specific address to be open, I'll do it, but in the 5 years I've been blocking hotmail and yahoo, I've only had a half dozen requests. I remind my customers pretty regularly what domain names I'm blocking and nobody has had an issue with Hotmail specifically being blocked.

                                  If you're afraid of being marked as a SPAMMER, I'd get rid of the free-bee email accounts. Although gmail seems to be pretty good .... so far.
                                  Last edited by Joe Byrne; 7 Apr 2008, 05:13 PM.
                                  Software makes Hardware Happen


                                  • #18
                                    Here is the situation:

                                    The CGI's i made, are a service to one of our clients, she has a lotof emails,
                                    and she loaded her database (hosted with us), and she wants us to handle their

                                    We are supposed to send this e-mails every 3 days, to 10 of the people in her list,
                                    so she has time to handle the answers with time.

                                    But many (and i mean MANY) of her contacts have hotmail accounts, i would say 95%
                                    of her contacts use hotmail. So i dont have any choice here.

                                    Ill keep investigating, i want to finish this quick, i havent been able to release new Update of Egrid32 because of this.


                                    • #19
                                      But many (and i mean MANY) of her contacts have hotmail accounts, i would say 95% of her contacts use hotmail. So i dont have any choice here.
                                      Well, this shouldn't be an issue. If you are sending TO a hotmail account, hotmail won't be blocking it. The only issue with hotmail would your customer was trying to email someone on my server and HER return address was a hotmail account. This does not seem to be the case from what you've described.

                                      The point though, is that there really is nothing you can do to guarantee that any of her email will get through. Its very likely that 99% will, but you generally don't have any control over the 1% of people who will mark your emails as spam and not deliver it.

                                      What you need to do is take care to make your outbound emails as plain as possible and then explain to your customer that there are no guarantees. You can spend an entire day (or week, or month) doing nothing but try to get email server admins to allow your email. Its simply not practical to do. The only time I invest that kind of effort is when I have two people who communicate regularly and its pretty easy to identify the problem. Most of the time, a simple call to the admin of the server that is blocking things will take care of the problem. If you have to do this with lots of email every day though, you're simply never going to have time to do anything else

                                      All in all, I think you're getting a little more worried about this than you need to. Assuming the email is not spam, and you don't have to make it some 2mb multi-media wiz-bang message with sound, you should be fine for 99% of it, and that's all you can really hope for.

                                      BTW, what kind of server are you bouncing this off? One thing that is essential is the ability for the receiving email server to do a reverse look up and validate that your IP address matches the DNS record for your server. In other words, you'd better have a dedicated (static) IP address or all bets are off.
                                      Software makes Hardware Happen


                                      • #20
                                        Well... i was sending mails to hotmail and the mails were most of the time sent to the spam box. Even a simple "Hello there" would be sent to the spam box.

                                        After i changed the mail server, all the e-mails go trough... so i guess the problem was the server i was using. Seems like hotmail doesnt like "neutral".