Kay lives here

working with the web

Stop cfmail messages being flagged as spam

I used to maintain a private wiki for my bookmarks. That let me annotate and group related links together but there were obviously things that weren’t great about it: mostly that it couldn’t really be machine parsed without a bit of a headache so it was just a wiki, I couldn’t use that information elsewhere. Along came del.icio.us which is just the greatest thing ever. I started using that and stopped using my wiki completely.

But, there were still a lot of information in that wiki which I wanted to get into del.icio.us, so this holiday break I’ve been checking all those wiki links and putting the ones that are still relevant into del.icio.us. I’ve come across one entry that was some notes rather than links, taken from some CFTalk postings I think. I want to preserve these for future use so I’m gonna post them here: how to stop cfmail messages from being flagged as spam. If you have any more tips please post them in the comments!

  • Send message to checker@arp3.com
    This spam assassin tool will return a report on your message, by email. I’m sure there’s other ways of doing this too – I used a form based service to check the message text recently. Or you could send the message to a spam assassin-enabled account and look at the headers upon arrival.
  • SPF tags in DNS entries:
    http://spf.pobox.com/wizard.html
    http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx
    SPF is the Sender ID Framework, something Microsoft it trying to implement I think. I haven’t read into it a great deal but according to the second link, the idea is you create a SPF record for your DNS domain which says “I only send mail from these machines”. You then add this DNS record to your domain’s DNS configuration. What I haven’t worked out yet is who pays attention to this DNS information. Probably not many people as yet!
  • Change cfmail mailerid=”Microsoft Outlook, Build 10.0.3416″
    Because apparently spammers don’t use Outlook. Makes sense I guess.
  • Change cfmail from='”#mailoutSender#” <#mailoutSenderEmail#>’
    Apparently this makes the sender look more like a real account.
  • Required headers that cfmail doesn’t include by default:
    • <cfmailparam name=”Message-Id” value=”<#createUUID()#@yourdomain.com.au>”>
    • <cfmailparam name=”Reply-To” value=”#get_mailout.mailoutSenderEmail#”>
    • more info on message-id and reply-to: http://www.faqs.org/rfcs/rfc2822.html
      – section 3.6
    • <cfmailparam name=”MIME-Version” value=”1.0″>
  • Finally, for more info on mime versions see http://www.faqs.org/rfcs/rfc2045.html – section 4.

2 Comments

  1. Have you checked this against a CFMX 7.0 email? I’m looking at an email my system sent to me and it includes these headers (among others):

    Message-ID:
    X-Mailer: [some stuff I put in here]
    Mime-Version: 1.0
    Content-Type: text/html; charset=UTF-8
    Content-Transfer-Encoding: 7bit

    Looks like this has sorted itself out? But the reply-to and mailerid is still a good thing to provide.

  2. FWIW, using that particular build of Outlook (3416) will trigger SpamAssassin to flag it:

    1.7 OUTLOOK_3416 Claims to be sent by an unusual build of Outlook (3416)
    0.0 FORGED_OUTLOOK_TAGS Outlook can’t send HTML in this format
    3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outloo