I recently purchased and set up a new domain to send emails with Google Apps but noticed many of my emails are going to spam. I ran it through the isnotspam.com spam report and got this report. This report was quite confusing because it marks me as "neutral" or "not spam" and I have a low spam level yet I have a "X-Spam-Flag" of yes. How did this occur and is there something I can do about this?
Other possible factors:
1) We have a DKIM and SPF record set up with Mandrill that is used to send automated emails from a separate account
2) The domain I am sending from (ovidlife.com) is set up as an ALIAS of an old domain I used to use (agentalk.com) because I'm on the legacy version of Google Apps for Business.
This message is an automatic response from isNOTspam's authentication verifier service. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at .
Thank you for using isNOTspam.
The isNOTspam team
==========================================================
Summary of Results
==========================================================
SPF Check : neutral
Sender-ID Check : neutral
DomainKeys Check : neutral
DKIM Check : neutral
SpamAssassin Check : ham (non-spam)
==========================================================
Details:
==========================================================
HELO hostname: mail-qk0-f175.google.com
Source IP: 209.85.220.175
mail-from: lingke.wang@ovidlife.com
Anonymous To: ins-eu0b0wy1@isnotspam.com
---------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result: neutral
ID(s) verified: smtp.mail=lingke.wang@ovidlife.com
DNS record(s):
ovidlife.com. 3600 IN TXT "v=spf1 include:spf.mandrillapp.com ?all"
----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result: neutral
ID(s) verified: smtp.mail=lingke.wang@ovidlife.com
DNS record(s):
ovidlife.com. 3600 IN TXT "v=spf1 include:spf.mandrillapp.com ?all"
----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=lingke.wang@ovidlife.com
Selector=
domain=
DomainKeys DNS Record=
----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: neutral (message not signed)
ID(s) verified: header.From=lingke.wang@ovidlife.com
Selector=
domain=
DomainKeys DNS Record=
----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-19)
Result: ham (non-spam) (02.8points, 10.0 required)
pts rule name description
---- ---------------------- -------------------------------
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
* trust
* [209.85.220.175 listed in list.dnswl.org]
* 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 1.0000]
* 0.1 HTML_MESSAGE BODY: HTML included in message
X-Spam-Status: Yes, hits=2.8 required=-20.0 tests=BAYES_99,BAYES_999,
HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.1
X-Spam-Score: 2.8
To learn more about the terms used in the SpamAssassin report, please search
here: http://wiki.apache.org/spamassassin/
==========================================================
Explanation of the possible results (adapted from
draft-kucherawy-sender-auth-header-04.txt):
==========================================================
"pass"
the message passed the authentication test.
"fail"
the message failed the authentication test.
"softfail"
the message failed the authentication test, and the authentication
method has either an explicit or implicit policy which doesn't require
successful authentication of all messages from that domain.
"neutral"
the authentication method completed without errors, but was unable
to reach either a positive or a negative result about the message.
"temperror"
a temporary (recoverable) error occurred attempting to authenticate
the sender; either the process couldn't be completed locally, or
there was a temporary failure retrieving data required for the
authentication. A later retry may produce a more final result.
"permerror"
a permanent (unrecoverable) error occurred attempting to
authenticate the sender; either the process couldn't be completed
locally, or there was a permanent failure retrieving data required
for the authentication.
==========================================================
Original Email
==========================================================
From lingke.wang@agentalk.com Wed May 06 00:28:30 2015
Return-path: <lingke.wang@agentalk.com>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
s15387396.onlinehome-server.com
X-Spam-Flag: YES
X-Spam-Level: **
X-Spam-Report:
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
* trust
* [209.85.220.175 listed in list.dnswl.org]
* 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 1.0000]
* 0.1 HTML_MESSAGE BODY: HTML included in message
X-Spam-Status: Yes, hits=2.8 required=-20.0 tests=BAYES_99,BAYES_999,
HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.1
Envelope-to: ins-eu0b0wy1@isnotspam.com
Delivery-date: Wed, 06 May 2015 00:28:30 -0500
Received: from mail-qk0-f175.google.com ([209.85.220.175])
by s15387396.onlinehome-server.com with esmtp (Exim 4.80.1)
(envelope-from <lingke.wang@agentalk.com>)
id 1Yprsk-0006cc-2m
for ins-eu0b0wy1@isnotspam.com; Wed, 06 May 2015 00:28:30 -0500
Received: by qkhg7 with SMTP id g7so121155672qkh.2
for <ins-eu0b0wy1@isnotspam.com>; Tue, 05 May 2015 22:28:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
:to:content-type;
bh=BuYjUCScdfsZH82/Fy62ARKDF+0/iZqYNLJE5KWQaSk=;
b=IZBBisLWuhGveNuUsNP+2ipe7QQjzUhXm1Kjqk9/SH5OYr5DrkmeGkqSDxXufRBX3N
HtPmbHdgr4tCNGD4x+/Ygne9M/V0uCJ77R1FD+RhkuiQwAl2fKbYCneCMEq59J6Phnme
og0FTCJXpj1WgjjMSxDdgHIH0gLB3F5gzxSb04m+Hi3eAOhRk00IY/TqyMUDxb6MkdSD
Qs91RhiMdUICRZ3/HutAX/CXacjaXg1aPrXh6j2EAmjnBwp9zY48oGvXxex+h3gZyl3o
Xr4UmCL1Qhmvs2iwc3dXcf5xh4Hd6iFaYRqHFziHTly51xGybVACCl+89X46K8JCN4rp
fm1Q==
X-Gm-Message-State: ALoCoQlcBFG9lQd+Z/xiYc5ON7jyWUnGor2+GNck6D72IUkPkp+bgeQNrVQJWotBee/nFCtjM5HB
X-Received: by 10.55.43.83 with SMTP id r80mr63695418qkh.80.1430890102691;
Tue, 05 May 2015 22:28:22 -0700 (PDT)
MIME-Version: 1.0
Sender: lingke.wang@agentalk.com
Received: by 10.229.215.132 with HTTP; Tue, 5 May 2015 22:28:02 -0700 (PDT)
X-Originating-IP: [171.66.144.28]
From: Lingke Wang <lingke.wang@ovidlife.com>
Date: Tue, 5 May 2015 22:28:02 -0700
X-Google-Sender-Auth: bAYPIBN9rjuXHKp9e-iguZxogf8
Message-ID: <CABS-Rt-B-ercSAMM5d2YM7M203_qQW11X0LrMg3fQm4SC+ph0A@mail.gmail.com>
Subject: test email
To: ins-eu0b0wy1@isnotspam.com
Content-Type: multipart/alternative; boundary=001a1147af3448aa9d0515631032
--001a1147af3448aa9d0515631032
Content-Type: text/plain; charset=UTF-8
test email
--
Best,
Lingke
--001a1147af3448aa9d0515631032
Content-Type: text/html; charset=UTF-8
<div dir="ltr">test email<br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Best,<div>Lingke</div></div></div>
</div>
--001a1147af3448aa9d0515631032--
Yes I've checked and users are definitely not spamming. It's a very new domain so there's barely been any messages sent out…
I did receive an odd email a few days ago that one of the accounts of the primary domain (ovidlife.com is an alias for agentalk.com) had some breach. Though upon checking, I saw nothing – ie no messages sent or anything.
The following is an automated security notification from Google about your domain accounts.
It has come to our attention that some of your user accounts might have been compromised and are being used to send spam from your domain: agentalk.com
The following users in your Google Apps domain appear to be affected:
lingke.wang@agentalk.com
We have disabled the users in a way that they can be recovered by the admin. Please follow the actions below before you re-enable these users.
Best Answer
Have you checked if users don't actually spam ?
I encountered a similar problem and it was user-related, not actually technical.
After enforcing an antivirus policy, there wes no more spamlisting.