Can you help fix my domain’s email?

[Update 12-30-20: Fixed!! See below]
Can you help fix my domain’s spam reputation problem? I’m happy to pay for professional help.

Whenever I send email to a new person at gmail from my domain name, Lee.org, it falls into their spam folder. After they mark my email as “not spam”, recipients can receive further emails.

This is probably happening because, until July 2018, my domain was being used by spammers to send junk mail. I have since fixed the email settings (SPF, DMARC, DKIM, Google Postmaster Tools) to keep spammers from spoofing my domain but the reputation damage has been done! Mail hosts apparently still don’t trust me! My domain (Lee.org) is definitely not generating any spam and the volume of email sent is very light, there is only one user, me!

Do you have any suggestions as to how to fix my email reputation problem?
I found some random coders on fiverr.com that might help but I’m reluctant to give all my passwords to random people on the internets!

Update 12-30-20:
I wrote to Dreamhost and they responded, essentially, “Sorry about that, we fixed the thing that you couldn’t have possibly known was broken. You’re good now”

Some time ago, we started using a service called MailChannels to help us with our incoming and outgoing spam filtering. It looks like for some reason, your SPF record hadn’t been updated to authorize MailChannels, so, considering your DMARC settings, normal messages being sent from DreamHost were being marked as spam. I apologize about this, I’ve taken the correct steps to fix this and it should help with your outgoing messages not being marked as spam in the future.

I sent a few emails to friends (thanks Kayte and Carol!) and yeah, lee.org is now sending emails to not-spam-folders again! Hurray!

4 Comments

  1. Rob says:

    Mr Sonko,

    You have NOT fixed your issue. I received two emails in the last couple of days from “info@lee.org” that seem to be phishing scams. One arrived, as shown below, at 12:29am (Eastern) Monday, and there was another one at 12:49 this morning.

    So if you’re not a scammer, then you’re a fool.

    For your information, I’ve pasted the text of the emails (both were the same) below. And in case you ARE the scamming asshole trying to cover your tracks, I didn’t give you my actual email above.

    *****
    MR. CHRISTOPHER TOWE.
    Mon 2021-01-04 12:29 AM
    Good day.

    Thanks, how are you doing today? Hope you are doing very fine?

    I am newly transferred from the London Heathrow International Airport United Kingdom to Bangor International Airport here in the United States of America for an important official inspection duty. During our investigation, I discovered abandoned Metal Trunk boxes. The details of the consignment boxes including your name and the official documents from the United Nation office in London are tagged on the Metal Trunk boxes. Please note that I have paid for all the necessary legal documentation charges on your behalf and will be delivering your consignment boxes to your contact address by tomorrow evening. But I will share it 75% to you and 25% to me.

    Please your current contact address, Full Name, Telephone Number, and your nearest local airport are highly needed to avoid delay in locating you upon my arrival at your local airport, all communication must be held extremely confidential. I can get everything concluded within 2-3 hours upon your acceptance and proceed to your address for delivery. But I must get assurance from you concerning my 25% before I will proceed.

    MR. CHRISTOPHER TOWE.
    Director Airport Inspection Officer United Nations.
    Bangor International Airport.
    287 Godfrey Blvd, Bangor, ME 04401,
    United States.

  2. Lee says:

    Hey Rob, I’m not a spammer, really.
    I’d love if you could send me the full email headers of those spams. You could post it to me here. That will help me diagnose the problem.

  3. Rob says:

    OK, here you go. I actually do believe you, but since (if) the bad guy can get into your email, I don’t want you to have my real address, in case he can find it there. The suspicious email arrived at a hotmail account I have. I selected “View”->”Message Source”, and the resulting text is pasted below:

    Received: from AM5EUR02HT040.eop-EUR02.prod.protection.outlook.com
    (2603:10b6:a03:33a::24) by BYAPR19MB2375.namprd19.prod.outlook.com with HTTPS
    via SJ0PR03CA0019.NAMPRD03.PROD.OUTLOOK.COM; Mon, 4 Jan 2021 05:29:14 +0000
    Received: from AM5EUR02FT039.eop-EUR02.prod.protection.outlook.com
    (2a01:111:e400:7e1c::41) by
    AM5EUR02HT040.eop-EUR02.prod.protection.outlook.com (2a01:111:e400:7e1c::473)
    with Microsoft SMTP Server (version=TLS1_2,
    cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3721.20; Mon, 4 Jan
    2021 05:29:12 +0000
    Authentication-Results: spf=fail (sender IP is 189.114.65.44)
    smtp.mailfrom=lee.org; hotmail.com; dkim=none (message not signed)
    header.d=none;hotmail.com; dmarc=fail action=oreject
    header.from=lee.org;compauth=none reason=450
    Received-SPF: Fail (protection.outlook.com: domain of lee.org does not
    designate 189.114.65.44 as permitted sender) receiver=protection.outlook.com;
    client-ip=189.114.65.44; helo=grupoa-service.com.br;
    Received: from grupoa-service.com.br (189.114.65.44) by
    AM5EUR02FT039.mail.protection.outlook.com (10.152.9.27) with Microsoft SMTP
    Server id 15.20.3721.20 via Frontend Transport; Mon, 4 Jan 2021 05:28:59
    +0000
    X-IncomingTopHeaderMarker:
    OriginalChecksum:8E94808EC36B9F86AE435BDC858D15B5FA4233FFAAF565D431B87D76A4831138;UpperCasedChecksum:C75D95E413BD875A3C572DB03692590391C16DDE26D755147091780540C39989;SizeAsReceived:782;Count:16
    Received: from User ([10.3.1.253]) by grupoa-service.com.br with Microsoft SMTPSVC(8.5.9600.16384);
    Sun, 3 Jan 2021 21:43:52 -0300
    Reply-To:
    From: “MR. CHRISTOPHER TOWE.”
    Subject: MR. CHRISTOPHER TOWE.Director Airport Inspection Officer United Nations.
    Date: Mon, 4 Jan 2021 01:43:46 +0100
    Content-Type: text/html;
    charset=”Windows-1251″
    Content-Transfer-Encoding: 7bit
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    Bcc:
    Return-Path: info@lee.org
    Message-ID:
    X-OriginalArrivalTime: 04 Jan 2021 00:44:01.0018 (UTC) FILETIME=[B19E1DA0:01D6E232]
    X-IncomingHeaderCount: 16
    X-MS-Exchange-Organization-ExpirationStartTime: 04 Jan 2021 05:29:11.7972
    (UTC)
    X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
    X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
    X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
    X-MS-Exchange-Organization-Network-Message-Id:
    6a937fb1-0e5a-4fe8-d4ba-08d8b071aae6
    X-EOPAttributedMessage: 0
    X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
    X-MS-Exchange-Organization-MessageDirectionality: Incoming
    X-MS-PublicTrafficType: Email
    X-MS-Exchange-Organization-AuthSource:
    AM5EUR02FT039.eop-EUR02.prod.protection.outlook.com
    X-MS-Exchange-Organization-AuthAs: Anonymous
    X-MS-Office365-Filtering-Correlation-Id: 6a937fb1-0e5a-4fe8-d4ba-08d8b071aae6
    X-MS-TrafficTypeDiagnostic: AM5EUR02HT040:
    X-MS-Exchange-EOPDirect: true
    X-Sender-IP: 189.114.65.44
    X-SID-PRA: INFO@LEE.ORG
    X-SID-Result: FAIL
    X-MS-Exchange-Organization-PCL: 2
    X-MS-Exchange-Transport-Forked: True
    X-MS-Exchange-Organization-SCL: 0
    X-Microsoft-Antispam: BCL:0;
    X-OriginatorOrg: outlook.com
    X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jan 2021 05:28:59.4902
    (UTC)
    X-MS-Exchange-CrossTenant-Network-Message-Id: 6a937fb1-0e5a-4fe8-d4ba-08d8b071aae6
    X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
    X-MS-Exchange-CrossTenant-AuthSource: AM5EUR02FT039.eop-EUR02.prod.protection.outlook.com
    X-MS-Exchange-CrossTenant-AuthAs: Anonymous
    X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
    X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5EUR02HT040
    X-MS-Exchange-Transport-EndToEndLatency: 00:00:14.9666878
    X-MS-Exchange-Processed-By-BccFoldering: 15.20.3721.024
    X-Microsoft-Antispam-Mailbox-Delivery:
    abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;psp:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000282)(90000117)(90005022)(91005020)(91035115)(9000001)(9010001)(9030002)(9050020)(9100272)(5061607266)(5061608174)(2017053107075)(4900115)(2008001094)(2008000189)(2008010094)(2008019284)(2008120284)(8390226)(8383139)(8376100)(98390106)(58390106)(8391040)(4920090)(6355004)(4950131)(4990090)(9140004);RF:JunkEmail;
    X-Message-Info:
    qoGN4b5S4yrmAeNVLAMFDmwSy0inAUPKv2fUpNgs/NN7xWEAQQP71oTY196BNFX7jiCOGLkwXHdq/YKTkAHkiah3TvHUOCbf6l/8r/mfQcrVVecZbOnWk0TvjzAQBcCNeBK3ACeZxHp7YHG22bayIAWkd7II27vUDcjOjI2b/Au4M03y7FQ68bb7g3OqjBelwKcZVl2NnFdIT9kYVfqg1g==
    X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
    X-Microsoft-Antispam-Message-Info:
    =?windows-1251?Q?dNAdCS8T+qrMax423weahbrbLL60xT/F+c7GmBfq861yEmBDzDlPABoF?=
    =?windows-1251?Q?ir5ZFVxkDGPFAPUSgqN1q5sz7ZC7Ryaob4TsjvQ8AuhgcI0VbDcvGqkw?=
    =?windows-1251?Q?GneO5m1L5So0vp3jw2G4CePRAu9GJUeLC5fD3rJwc5pO7MNjBbPuOtDY?=
    =?windows-1251?Q?VHMLkvya1EsWJvMahI06Sfl2rPhB1g3eetDz4qVS60d3Skk86FKFpZDi?=
    =?windows-1251?Q?E5+U+ZjE3AYzK4DmYxEK/VqmyzglrXMoISQspVlUWevvPWG49XAqpxLs?=
    =?windows-1251?Q?o0VTWahVXRiUxrvp6eZ4qFcJNJnOfjK+azKqChPk+yIxjQF5k9HwK/gp?=
    =?windows-1251?Q?13Xqz22zjEG/3dEKW7oWoCHC551pr6i/ICaJKIduPG69cy+Ndx7lh3gM?=
    =?windows-1251?Q?LXiQylakEe4/pCajEeuR/As4iW8GVVTuphcAQti7GUi/bsdLZQ3PRhum?=
    =?windows-1251?Q?SuAFMuCnpalbR4uZOKBLBBjhMfwollCzlU3iM089v2kRcz83RKtUBTGF?=
    =?windows-1251?Q?OyZzsc6kqafoGoTlz9Io2fzWKmdJYsDXYZwk1VelIwwT+byvQO521lUe?=
    =?windows-1251?Q?JxuNN8niC65rIhq/9VMyWQajv+ffMVzV+FbXIl2bwYh+TqVAxHwlOLHr?=
    =?windows-1251?Q?F+uL4joJtT8c8+AycdO4o7ZTI9EG3SStaT+F3HJj84LFDwsas0vpk0m0?=
    =?windows-1251?Q?KdnfunaStwcvdJyityV1oWizsE1N7I59icTgIkwMre76+Q454Am/mPDQ?=
    =?windows-1251?Q?uUQu0amcnhWnaKy1GU2MtZ+uWo4J4ikgrVmCTJvgZhGhihl8zX4Ntrep?=
    =?windows-1251?Q?H49lX/Y7+qiXPR8ho72YzRbO2ZqaRxq5EK4gLXYxE32suBF2o9v9syI1?=
    =?windows-1251?Q?p8TArn/z3EeA6fmvOprW4Ep/nS1LdVQLCucb5ynak/cc1H5rTydqXMNr?=
    =?windows-1251?Q?RIDZ22frdJ9UW7EgSWViVwO9OrXnVY/YmWiwsji+PWuMiHmlNRI0hdrV?=
    =?windows-1251?Q?BxTOH4p16xMaR/tuU2hxDqvbUkeMuATaVOJSn+auU0EhbZmFeFrTNm/O?=
    =?windows-1251?Q?ttO/5YOaaLKHKv4uvlP+KI/dF/9XQSwOwr6cEOWAPTLV/JUYo8BGicDC?=
    =?windows-1251?Q?tf26Iw9z+rMWUGZK/mrG0atb54vLjXhBElem7jWkccI8xg=3D=3D?=
    MIME-Version: 1.0

    Good day.

     

    Thanks, how are you doing today? Hope you are doing very fine?

     

    I am newly transferred from the London Heathrow International Airport United Kingdom to Bangor International Airport here in the United States of America for an important official inspection duty. During our investigation, I discovered abandoned Metal Trunk boxes. The details of the consignment boxes including your name and the official documents from the United Nation office in London are tagged on the Metal Trunk boxes. Please note that I have paid for all the necessary legal documentation charges on your behalf and will be delivering your consignment boxes to your contact address by tomorrow evening. But I will share it 75% to you and 25% to me.

     

    Please your current contact address, Full Name, Telephone Number, and your nearest local airport are highly needed to avoid delay in locating you upon my arrival at your local airport, all communication must be held extremely confidential. I can get everything concluded within 2-3 hours upon your acceptance and proceed to your address for delivery. But I must get assurance from you concerning my 25% before I will proceed.

     

     

    MR. CHRISTOPHER TOWE.
    Director Airport Inspection Officer United Nations.
    Bangor International Airport.
    287 Godfrey Blvd, Bangor, ME 04401,
    United States.

  4. Lee says:

    I took a look at the headers and I can see that I -did- do my part! Read this section:

    Authentication-Results: spf=fail (sender IP is 189.114.65.44)
    smtp.mailfrom=lee.org; hotmail.com; dkim=none (message not signed)
    header.d=none;hotmail.com; dmarc=fail action=oreject
    header.from=lee.org;compauth=none reason=450
    Received-SPF: Fail (protection.outlook.com: domain of lee.org does not
    designate 189.114.65.44 as permitted sender) receiver=protection.outlook.com;

    That says hotmail let this mail through to you even though it failed SPF, failed DMARC, and that lee.org requested that such failures should be rejected. Those failures mean that Hotmail knew the mail definitely didn’t come from lee.org! I did all I could do.

    And I looked into that “action=oreject”. According to this site “oreject or o.reject: Stands for override reject. In this case Microsoft 365 uses this action when it receives a message that fails the DMARC check from a domain whose DMARC TXT record has a policy of p=reject. Instead of deleting or rejecting the message, Microsoft 365 marks the message as spam.” sooooooo. Either your Microsoft server or the server at Hotmail intentionally didn’t delete it as I asked but they marked it as spam. But you still saw it. Hmm!

    Thanks very much for sending the headers along. You’d do well to tell Hotmail something like “Please don’t put mail that fails SPF and DMARC with a ‘reject’ tag in the MX record, it’s so stupidly obviously spam!”

    Best regards

Leave a Comment

Do not write "http://" or "https://" in your comment, it will be blocked. It may take a few days for me to manually approve your first comment.