5

I have a postfix SMTP server on Ubuntu. I have valid SPF and DKIM records, as verified by the email header my customer received.

Authentication-Results: spf=pass (sender IP is XXX.XXX.XXX.XXX) smtp.mailfrom=mydomain.com; hotmail.com; dkim=pass (signature was verified) header.d=mydomain.com;hotmail.com; dmarc=bestguesspass action=none header.from=mydomain.com;

However, the email falls into junk only in Outlook / Live.com / hotmail. The Spam Confidence Level (SCL) is 5 (spam).

X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-PCL: 2

The FAQ of SCL asks me to join 3rd party ReturnPath Certification Program to verify each email sent, but the certification program is very expensive.

Is there any alternatives to lower the SCL score? Does adding DMARC record help?


Update:

  1. DNS is configured correctly, including A, MX, PTR records.
  2. The server IP address is not on DNSRBLs (blacklist)
  3. Not enough sending volume to calculate Sender Score in http://www.senderscore.org
  4. No fake header. The mail is sent via PHP library SwiftMailer

This question is not about generic spam filter-fighting strategy; it's about Microsoft's Spam Confidence Level (SCL).

6
  • Possible duplicate of How to send emails and avoid them being classified as spam?
    – MadHatter
    Commented Jan 13, 2017 at 7:40
  • @MadHatter Not a duplicate, added explanation.
    – Raptor
    Commented Jan 13, 2017 at 7:51
  • 1
    As I see it, you've already been told what you have to do to deal with this particular, proprietary, spam filter - but you don't want to go the certification program route because of cost. So all your other options are standard anti-spam-labelling ones, which are covered in our canonical answer. That said, I'm only me; four other suitable users would have to agree with me to close this question, and that may not happen. Even if it does, you may get some good answers first. So don't panic just because I think as I do!
    – MadHatter
    Commented Jan 13, 2017 at 7:56
  • I should add that I think you've significantly improved your question by telling us what you've tried so far, so I have removed my downvote.
    – MadHatter
    Commented Jan 13, 2017 at 7:57
  • Thanks @MadHatter. Hope someone can answer this question. Desperate.
    – Raptor
    Commented Jan 13, 2017 at 8:01

1 Answer 1

5

Here's what helped me:

  1. Make sure that SPF and DomainKeys / DKIM are setup and working (DMARC might help you)

  2. Try disabling IPv6 when sending mail (I had the problem with postfix that the HELO headers didn't work correctly with ipv6 and the mail got sent to spam

  3. Make sure that your server supports TLS / SSL encryption for sending mail

  4. Even if all of the above points are met and email reputation test return 100% trust levels, microsofts darn system might still send your mail to spam. Since their support isnt very helpful (it's an array of some automatic emails) you either need to wait until the system updates its database or ask your recipients to add your mail address to their contacts.

Same goes for Google and co as well

3
  • 1. done , 2. confirmed both sides are communicating using IPv4 , 3. how does this relate? I thought encryption is optional , 4. okay. Last, does the certification program help?
    – Raptor
    Commented Jan 13, 2017 at 9:09
  • @Raptor I can't speak for SCL, but other spam-fighting techniques (eg greylisting) regard TLS - particularly with a third-party-signed certificate - as a strong indicator of ham. Few botnets implement TLS at all, and I'm not aware of any that distribute a properly signed keypair.
    – MadHatter
    Commented Jan 13, 2017 at 9:40
  • Updating to use a third-party signed certificate dropped an SCL from 5 to 1 for me. That's the ballgame.
    – Tom
    Commented Mar 22, 2018 at 7:41

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .