The curious case of Google tagging all mails as spam
Gmail is one of the most reliable and reputable mail services. So it piqued our tech team when our billing division reported that Google seemed to think our server is a spam source.
We routinely keep track of all spam black lists, and were quite sure that the server reputation was not affected. The mails that were sent to other major providers like Yahoo, Hotmail, etc were not affected. Only Google was sending all our mails to the spam folder.
Hire Bobcares Linux Server Administrators
Get super reliable servers and delighted customers
The email header analysis
OK. So, it could be because of the recent HTML changes in the invoice, right? We needed to test that, and sent a plain text mail to our Gmail account. It still landed in the spam box. Hmm..
It was time for a more methodical analysis of mail headers.
The mail heders as we saw it is shown below:
Google was recording the following two SPF related errors in the mail headers.
Received-SPF: softfail (google.com: domain of transitioning firstname.lastname@example.org does not designate 2a01:c0:2:105:xxxx:xxxx:xxxx:xxxx as a permitted sender) client-ip=2a01:c0:2:105:xxxx:xxxx:xxxx:xxxx;
Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning email@example.com does not designate 2a01:c0:2:105:xxxx:xxxx:xxxx:xxxx as a permitted sender) firstname.lastname@example.org
It meant that the IPv6 IP 2a01:c0:2:105:xxxx:xxxx:xxxx:xxxx was not present in the SPF record of mydomain.com, and therefore Google was interpreting our mails as un-authorized mails. So, it was clear that Google was communicating with our server in IPv6, and not IPv4.
The root cause identification
Hmm.. How did that happen?
We didnt purposefully enable IPv6 in our server. It was a CentOS server with cPanel installed in it. IPv6 support was not due in cPanel until version 11.40, which wont be considered stable for at least the next 2 months. We had enabled IPv6 in a few of our servers, but not on this server.
Discussions in Google product forums noted that Google responded in IPv6 communication only if the ISP initiated IPv6 communication first. So, it definitely looked like our server started it. After a bit of searching, found that Exim is now enabled with IPv6 and gave higher priority to IPv6 addresses if it is present. So, it seemed like Exim looked for an IPv6 address for Gmail SMTP servers, got one, and promptly initiated an IPv6 connection.
Solving our spam problem
cPanel forums suggested the use of disable_ipv6 directive to disable IPv6 in Exim, but that step seemed retrograde. So, we chose the better option of enabling IPv6 support in our SPF records, and updated it as below:
mydomain.com. TXT “v=spf1 +a +mx +ip4:xxx.xxx.xxx.xxx/29 +ip6:2a01:c0:2:105:xxxx:xxxx:xxxx:xxxx ~all”
A couple of test mails later, we confirmed that Google no more sees our mail as spam.
Our SMTP server was fully IPv6 ready!
About the author
Visakh S is a senior software engineer at Bobcares. He has extensive experience in managing technical support teams of web hosting companies and data centers. He is passionate about systems engineering, and loves to get his hands dirty on systems automation. His free time is spent reading books and being with his family.