Kay lives here

working with the web

ColdFusion_icon

Stop cfmail messages being flagged as spam

Posted 6 years, 5 months ago by Kay

1339909_81006199

I used to main­tain a pri­vate wiki for my book­marks. That let me anno­tate and group related links together but there were obvi­ously things that weren’t great about it: mostly that it couldn’t really be machine parsed with­out a bit of a headache so it was just a wiki, I couldn’t use that infor­ma­tion else­where. Along came del.icio.us which is just the great­est thing ever. I started using that and stopped using my wiki completely.

But, there were still a lot of infor­ma­tion in that wiki which I wanted to get into del.icio.us, so this hol­i­day break I’ve been check­ing all those wiki links and putting the ones that are still rel­e­vant into del.icio.us. I’ve come across one entry that was some notes rather than links, taken from some CFTalk post­ings I think. I want to pre­serve these for future use so I’m gonna post them here: how to stop cfmail mes­sages from being flagged as spam. If you have any more tips please post them in the comments!

  • Send mes­sage to checker@arp3.com
    This spam assas­sin tool will return a report on your mes­sage, by email. I’m sure there’s other ways of doing this too — I used a form based ser­vice to check the mes­sage text recently. Or you could send the mes­sage to a spam assassin-enabled account and look at the head­ers upon arrival.
  • SPF tags in DNS entries:
    http://spf.pobox.com/wizard.html
    http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx
    SPF is the Sender ID Frame­work, some­thing Microsoft it try­ing to imple­ment I think. I haven’t read into it a great deal but accord­ing to the sec­ond link, the idea is you cre­ate a SPF record for your DNS domain which says “I only send mail from these machines”. You then add this DNS record to your domain’s DNS con­fig­u­ra­tion. What I haven’t worked out yet is who pays atten­tion to this DNS infor­ma­tion. Prob­a­bly not many peo­ple as yet!
  • Change cfmail mailerid=“Microsoft Out­look, Build 10.0.3416″
    Because appar­ently spam­mers don’t use Out­look. Makes sense I guess.
  • Change cfmail from=’”#mailoutSender#” <#mailout­SenderE­mail#>‘
    Appar­ently this makes the sender look more like a real account.
  • Required head­ers that cfmail doesn’t include by default:
    • <cfmail­param name=“Message-Id” value=”<#createUUID()#@yourdomain.com.au>”>
    • <cfmail­param name=“Reply-To” value=”#get_mailout.mailoutSenderEmail#”>
    • more info on message-id and reply-to: http://www.faqs.org/rfcs/rfc2822.html
      – sec­tion 3.6
    • <cfmail­param name=“MIME-Version” value=“1.0″>
  • Finally, for more info on mime ver­sions see http://www.faqs.org/rfcs/rfc2045.html — sec­tion 4.

2 Comments

Leave a reply →

  1. Brian
    June 20, 2007 at 3:12 am

    Have you checked this against a CFMX 7.0 email? I’m look­ing at an email my sys­tem sent to me and it includes these head­ers (among others):

    Message-ID:
    X-Mailer: [some stuff I put in here]
    Mime-Version: 1.0
    Content-Type: text/html; charset=UTF-8
    Content-Transfer-Encoding: 7bit

    Looks like this has sorted itself out? But the reply-to and mai­lerid is still a good thing to provide.

  2. Brian
    August 3, 2007 at 8:59 am

    FWIW, using that par­tic­u­lar build of Out­look (3416) will trig­ger Spa­mAs­sas­sin to flag it:

    1.7 OUTLOOK_3416 Claims to be sent by an unusual build of Out­look (3416)
    0.0 FORGED_OUTLOOK_TAGS Out­look can’t send HTML in this for­mat
    3.1 FORGED_MUA_OUTLOOK Forged mail pre­tend­ing to be from MS Outloo