Reasons For Rejected Emails¶
Antispam verifies, if the sender's server is configured correctly. Any incorrect settings, which may indicate a spammer's server, increase the value of the antispam score (explained below).
Here is an overview of the basic correct settings for mail server, which will increase the probability of successful email delivery and not having email rejected by antispam filter:
The mail server has a valid forward (A) and reverse (PTR) DNS record for its IP address:
$ nslookup testmailserver.vshosting.cz
Name: testmailserver.vshosting.cz
Address: 192.168.50.25
$ nslookup 192.168.50.25
25.50.168.192.in-addr.arpa name = testmailserver.vshosting.cz.
The mail server's HELO is a valid FQDN (https://en.wikipedia.org/wiki/FQDN), which matches the forward (A) DNS record for the server's IP address:
$ telnet testmailserver.vshosting.cz 25
Trying 192.168.50.25...
Connected to testmailserver.vshosting.cz.
Escape character is '^]'.
220 testmailserver.vshosting.cz ESMTP
The IP address of the mail server is not blacklisted. To verify that, you can use for example the MXToolbox web service: http://mxtoolbox.com/blacklists.aspx
The sender's domain (the part after the @ sign) has an SPF record set correctly.
Sender's emails are signed using DKIM.
The sender's domain (the part after the @ sign) needs not to match the FQDN of the mail server and it usually does not!
Methods of email evaluation by antispam system¶
The antispam system evaluates whether the email is a solicited HAM message or an unsolicited SPAM message based on a spam score. A lots of tests are included in the calculation of the score - for example valid DKIM signature and valid SPF record reduce the score, on the contrary, common SPAM words such as penis, sex, discount, win, etc. increase the score.
In addition to the rules, the score also includes the result of testing with a statistical filter (Bayes), which is based on a comparison with a database of samples of word frequency, phrases and sentences. It determines the probability of an email being SPAM or HAM and increases or decreases the spam score accordingly.
The overall score also includes rules evaluating whether the sender's mail server's behavior is technically correct. And last but not least, it checks if the sender's email address or the mail server's IP address is on a lists of known spammers (blacklists).
Other elements that increase the spam score are blacklisted links (URI blacklists) in the body of the email, images contained in or linked from the body of the email, and the naming or content of attachments typical for SPAM.
The antispam system is to a certain extent combined with antivirus protection, which either removes the virus / malware from the email or if it can not be removed, it rejects the email.