Alert emails flagged as spam

  • Resolved dbais

    (@dbais)


    7 years, 10 months ago

    I’ve just installed the Securi plugin on a test site which needed some plugin updates. Securi sent out a bunch of alerts as expected. But some of them were flagged by the ISP handling the outgoing email as spam – although others were sent OK.

    I asked the ISP why and they reported the following:

    The error code provides the following reasons for rejecting the email:

    DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
    HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words

    MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
    TO_NO_BRKTS_HTML_ONLY To: lacks brackets and HTML only

    Removing either DATE_IN_PAST or HTML_IMAGE_ONLY_24 should allow for a successful message.

    –ends–

    I’ve got a live site hosted by the same ISP where I want to use the plugin. But it’s not going to work too well if alerts are being blocked.

    Any idea why that’s happening and how it might be fixed?

    https://wordpress.org/plugins/sucuri-scanner/

Viewing 7 replies - 1 through 7 (of 7 total)
  • yorman

    (@yorman)

    7 years, 10 months ago

    Thanks for the information, I will modify the code to fix that issue, then release the changes with the next version of the plugin. Thanks for your patience.

    yorman

    (@yorman)

    7 years, 10 months ago

    Can you confirm if “DATE_IN_PAST_96_XX” is referring to the “Date:” mail header? If yes then the issue is probably in the timezone settings of your website because when the plugin sends an email it uses the built-in functions provided by WordPress that rely on PHPMailer, the plugin doesn’t sets any header besides the “Content-Type” used to force the rendering of HTML code.

    Regarding “HTML_IMAGE_ONLY_24” there is only one image in the email, and that is the logo that sits in the top-right corner of the template. I don’t understand how is that an issue considering that the image is hosted in your own website, it should not be considered spam, nor malicious. The message you got says that “removing either DATE_IN_PAST or HTML_IMAGE_ONLY_24 should allow for a successful message” so we can consider “HTML_IMAGE_ONLY_24” as a false/positive.

    If the issue with “DATE_IN_PAST_96_XX” can’t be fixed by modifying the timezone from the general settings, then the only option left is to deactivate the option to receive email alerts in HTML, that way the plugin will send everything in plain text which should be considered valid (not spam) by your ISP.

    Thread Starter dbais

    (@dbais)

    7 years, 10 months ago

    Still trying to get some useful feedback from the ISP re yorman’s reply.

    Meanwhile I tried turning off the html alerts option. But when I save the change it’s reset each time.

    If I manually change the option in the database it does seem to stop messages being caught up in the spam filter. But as soon as I click save on the alerts settings page it reverts to being turned on again.

    Is there a bug in the form that saves this option?

    yorman

    (@yorman)

    7 years, 10 months ago

    Yes, it’s a bug; I already fixed it here [1] you can install the development version of the plugin [2] to get the patches for that error.

    [1] https://github.com/sucuri/sucuri-wordpress-plugin/commit/b56f361
    [2] https://github.com/sucuri/sucuri-wordpress-plugin/archive/master.zip

    Thread Starter dbais

    (@dbais)

    7 years, 10 months ago

    Thanks

    The patch has resolved the bug with emails always being set to html and test alerts are now coming through. I just applied the single patch rather than the full latest development version.

    But I’m still not seeing alerts for changes in WordPress even though I have all the alert options selected (except html email.)

    The changes are being logged in Sucuri. But I’m just not seeing the alert emails. I’ve tried both the wordpress email and native PHP email options.

    I’ve added an email on a different domain to the notification list to check the possibility that it’s still down to the spam filter. But unless gmail has it’s own set of filters doing the same thing as my normal ISP then it doesn’t seem to be spam filter related. And even if it was spam filter related the ISP does send a rejected email alert – which hasn’t been happening.

    So it looks like the emails aren’t actually going out.

    Have I missed somthing in the settings or is there a problem?

    yorman

    (@yorman)

    7 years, 10 months ago

    Thanks for additional information, I am re-opening this ticket so I can investigate the issue. I will update this thread when I find the root of the problem and/or the solution to it. Thanks for your patience.

    yorman

    (@yorman)

    7 years ago

    We have decided to set the content-type for all email alerts as “text/plain” rather than “text/html” by default. Many email providers flag messages with suspicious HTML code. Also, if the origin of the message is a blacklisted server or a server with an flagged IP address then the email providers will also mark the message as malicious even if it is not. The switch to HTML to plain text will help alleviate the problem.

    Marking as resolved, feel free to re-open if the issue persists.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Alert emails flagged as spam’ is closed to new replies.