When user registers on my web site, web site sends user email confirmation link.
Subject:
Please confirm your email address
Body:
Please open this link in your browser to confirm your email address: http://www.postjobfree.com/a/c301718062444f96ba0e358ea833c9b3 This link will expire on: 6/9/2012 8:04:07 PM EST.
If my web site sends that email to GMaill (either @gmail.com or another domain that's handled by Google Apps) and that user never emailed to email — then GMail not only puts the email to spam folder, but also adds prominent red warning:
Be careful with this message. Similar messages were used to steal people's personal information. Unless you trust the sender, don't click links or reply with personal information. Learn more
That warning really scares many of my users, so they are afraid to open that link and confirm their email.
What can I do about it?
Ideally I would like that message end up in user's inbox, not spam folder. But at least how do I prevent that scary message?
IP address of my mailing server is not blacklisted:
http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a208.43.198.72
I use SPF and DKIM signature.
Below is the email that ended up in spam folder with that scary red message.
Delivered-To: 1@dennisgorelik.com Received: by 10.112.84.98 with SMTP id x2csp36568lby; Fri, 8 Jun 2012 17:04:15 -0700 (PDT) Received: by 10.60.25.6 with SMTP id y6mr9110318oef.42.1339200255375; Fri, 08 Jun 2012 17:04:15 -0700 (PDT) Return-Path: Received: from smtp.postjobfree.com (smtp.postjobfree.com. [208.43.198.72]) by mx.google.com with ESMTP id v8si6058193oev.44.2012.06.08.17.04.14; Fri, 08 Jun 2012 17:04:15 -0700 (PDT) Received-SPF: pass (google.com: domain of noreply@postjobfree.com designates 208.43.198.72 as permitted sender) client-ip=208.43.198.72; Authentication-Results: mx.google.com; spf=pass (google.com: domain of noreply@postjobfree.com designates 208.43.198.72 as permitted sender) smtp.mail=noreply@postjobfree.com; dkim=pass header.i=@postjobfree.com DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; d=postjobfree.com; s=postjobfree.com; h= received:message-id:mime-version:from:to:date:subject:content-type; b=TCip/3hP1WWViWB1cdAzMFPjyi/aUKXQbuSTVpEO7qr8x3WdMFhJCqZciA69S0HB4 Koatk2cQQ3fOilr4ledCgZYemLSJgwa/ZRhObnqgPHAglkBy8/RAwkrwaE0GjLKup 0XI6G2wPlh+ReR+inkMwhCPHFInmvrh4evlBx/VlA= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=postjobfree.com; s=postjobfree.com; h=content-type:subject:date:to:from:mime-version:message-id; bh=N59EIgRECIlAnd41LY4HY/OFI+v1p7t5M9yP+3FsKXY=; b=J3/BdZmpjzP4I6GA4ntmi4REu5PpOcmyzEL+6i7y7LaTR8tuc2h7fdW4HaMPlB7za Lj4NJPed61ErumO66eG4urd1UfyaRDtszWeuIbcIUqzwYpnMZ8ytaj8DPcWPE3JYj oKhcYyiVbgiFjLujib3/2k2PqDIrNutRH9Ln7puz4= Received: from sv3035 (sv3035 [208.43.198.72]) by smtp.postjobfree.com with SMTP; Fri, 8 Jun 2012 20:04:07 -0400 Message-ID: MIME-Version: 1.0 From: "PostJobFree Notification" To: 1@dennisgorelik.com Date: 8 Jun 2012 20:04:07 -0400 Subject: Please confirm your email address Content-Type: multipart/alternative; boundary=--boundary_107_ffa6a9ea-01dc-40f5-a50c-4c3b3d113f08 ----boundary_107_ffa6a9ea-01dc-40f5-a50c-4c3b3d113f08 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Please open this link in your browser to confirm your email addre= ss: =0D=0Ahttp://www.postjobfree.com/a/c301718062444f96ba0e358ea8= 33c9b3 =0D=0AThis link will expire on: 6/9/2012 8:04:07 PM EST. =0D=0A ----boundary_107_ffa6a9ea-01dc-40f5-a50c-4c3b3d113f08 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu dD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij48L2hlYWQ+DQo8Ym9keT48ZGl2 Pg0KUGxlYXNlIG9wZW4gdGhpcyBsaW5rIGluIHlvdXIgYnJvd3NlciB0byBjb25m aXJtIHlvdXIgZW1haWwgYWRkcmVzczo8YnIgLz48YSBocmVmPSJodHRwOi8vd3d3 LnBvc3Rqb2JmcmVlLmNvbS9hL2MzMDE3MTgwNjI0NDRmOTZiYTBlMzU4ZWE4MzNj OWIzIj5odHRwOi8vd3d3LnBvc3Rqb2JmcmVlLmNvbS9hL2MzMDE3MTgwNjI0NDRm OTZiYTBlMzU4ZWE4MzNjOWIzPC9hPjxiciAvPlRoaXMgbGluayB3aWxsIGV4cGly ZSBvbjogNi85LzIwMTIgODowNDowNyBQTSBFU1QuPGJyIC8+DQo8L2Rpdj48L2Jv ZHk+PC9odG1sPg== ----boundary_107_ffa6a9ea-01dc-40f5-a50c-4c3b3d113f08--
Update 1:
Here's HTML that is encoded into base64:
<html><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"></head>
<body><div>
Please open this link in your browser to confirm your email address:<br /><a href="http://www.postjobfree.com/a/c301718062444f96ba0e358ea833c9b3">http://www.postjobfree.com/a/c301718062444f96ba0e358ea833c9b3</a><br />This link will expire on: 6/9/2012 8:04:07 PM EST.<br />
</div></body></html>
Update 2:
The reason why HTML is base64 encoded is because I use C# MailMessage to AlternateView to add both plain text and HTML versions of email:
https://stackoverflow.com/questions/44777/sending-a-mail-as-both-html-and-plain-text-in-net
http://msdn.microsoft.com/en-us/library/system.net.mail.mailmessage.alternateviews.aspx
Update 3:
Changing from base64 encoding (default in MailMessage C# class) to SevenBit encoding did not help.
At least not in development environment, when I'm sending links with "localhost" in them.
Here's the email rejected as phishing suspect:
Delivered-To: 24@dennisgorelik.com
Received: by 10.112.84.98 with SMTP id x2csp72117lby;
Sat, 9 Jun 2012 15:16:37 -0700 (PDT)
Received: by 10.60.28.37 with SMTP id y5mr11589839oeg.35.1339280196971;
Sat, 09 Jun 2012 15:16:36 -0700 (PDT)
Return-Path: <noreply@postjobfree.com>
Received: from smtp.postjobfree.com (smtp.postjobfree.com. [208.43.198.72])
by mx.google.com with ESMTP id qk9si7300498obc.155.2012.06.09.15.16.36;
Sat, 09 Jun 2012 15:16:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of noreply@postjobfree.com designates 208.43.198.72 as permitted sender) client-ip=208.43.198.72;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of noreply@postjobfree.com designates 208.43.198.72 as permitted sender) smtp.mail=noreply@postjobfree.com; dkim=pass header.i=@postjobfree.com
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns;
d=postjobfree.com; s=postjobfree.com;
h= received:message-id:mime-version:from:to:date:subject:content-type;
b=MT47O2t6ibFcQKArmtx1vWeppQk1noTpazu2I8cQtT9k8aBgSgG0eCTfgMIBm4Hhw
ienz58tHV8t2IbftHPY2NdD8uaWMm7vsPmZC4MYECfHeMkgz/H5/SqpPIcbodnGtp
0kvyijSuB3ZRf81+mZUid9zzIcGVAZy+UdTlBQ9zA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=postjobfree.com; s=postjobfree.com;
h=content-type:subject:date:to:from:mime-version:message-id;
bh=iEOndDXrxsEIf7PWPR7Mg8nS7FdoL0hyooPO8HHf7ms=;
b=sPF/JTndeASFWWRuFh+gGLmLOwPApdN7fQJm0Uz39EtY6C+y0dXqQmYlLOryZszgO
qyKBzOLCMMdrSdmVERS+ui7gegparxw3TwTXa37YHcHO8Zwr/0lfjE0ho9ofITfqV
V59H1v0mVLdBAwvVTN6Rl0qNUwmZRc9jHkQOPDtZE=
Received: from quad (c-67-191-103-186.hsd1.fl.comcast.net [67.191.103.186]) by smtp.postjobfree.com with SMTP;
Sat, 9 Jun 2012 18:16:29 -0400
Message-ID: <20120609221620c0254cdabdf44680bb2217bfab121481@smtp.postjobfree.com>
MIME-Version: 1.0
From: "PostJobFree Notification"
<noreply@postjobfree.com>
To: 24@dennisgorelik.com
Date: 9 Jun 2012 18:16:24 -0400
Subject: Please confirm your email address
Content-Type: multipart/alternative;
boundary=--boundary_0_421e5237-be5a-40a2-ba77-32fcb2856bdf
----boundary_0_421e5237-be5a-40a2-ba77-32fcb2856bdf
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Please open this link in your browser to confirm your email addre=
ss: =0D=0Ahttp://localhost/PostJobFree/a/054a67e4284a4976bc44e864=
a85f767a =0D=0AThis link will expire on: 6/10/2012 6:16:13 PM EST=
. =0D=0A
----boundary_0_421e5237-be5a-40a2-ba77-32fcb2856bdf
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<html><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"></head>
<body><div>
Please open this link in your browser to confirm your email address:<br /><a href="http://localhost/PostJobFree/a/054a67e4284a4976bc44e864a85f767a">http://localhost/PostJobFree/a/054a67e4284a4976bc44e864a85f767a</a><br />This link will expire on: 6/10/2012 6:16:13 PM EST.<br />
</div></body></html>
----boundary_0_421e5237-be5a-40a2-ba77-32fcb2856bdf--
Update 4:
After we redid our email formatting similar to CopyHacker Letter designed by MailChimp (see that answer below) – it significantly improved email deliverability (+ improved readability).
I guess deliverability improved because we now avoid some potentially spammy words such as "link".
Best Answer
Mailchimp have an excellent article on How To Avoid Spam Filters
Update: Ok, seeing as I got slammed for just giving this link (to be fair its contents probably wouldn't solve your problem here), I've added more specific to what you're sending.
Here's an example of a nice please confirm your email from CopyHackers:
Subject: CopyHackers Newsletter: Please Confirm Subscription
Body: