It seems all notifications from Wordfence (e.g. about users locked out) get sent to my junk box automatically in mac mail.
They are sent to my gmail account. I actually have spam filtering turned off in mac mail, it seems it’s only the Wordfence notifications to gmail that are doing this.
Does anyone know why this might be happening? How to fix it? Thanks
I’ve read this on an Apple support forum. Can you please try adjusting the Junk settings and let me know if it helps?
Mark messages as junk or not junk
In the Mail app on your Mac, select a message.
Do one of the following:
If Mail incorrectly marked the message as junk: Click Move to Inbox in the message banner or click the Not Junk button in the Mail toolbar (or use the Touch Bar). Mail moves the message to your Inbox.
If Mail failed to mark the message as junk: Click the Junk button in the Mail toolbar (or use the Touch Bar). Mail moves the message to the Junk mailbox.
Each time you confirm a message as junk or not junk, the junk mail filter improves so Mail can better identify junk mail.
Please let me know.
- This reply was modified 2 years, 1 month ago by WFGerroald.
I just checked that and junk settings are not enabled. Also there is no “Not Junk” button in the toolbar (or in the list of possibly available buttons to customise it) So it’s a bit of a mystery.
What OS version are you using?
Seeing you’re receiving them in the other accounts it seems to be specific to Mac Mail. If you can share your OS version I can do some more digging as I’d like to help with this. But you may also open a support request with Apple for their thoughts. I strongly assume there’s a setting(s) contributing to this.
Please let me know.
OS is Mojave
I have just checked some older ones (from when I did have a spam rule in Mac Mail)
The other accounts emails are domain emails but I notice now that some of them were going into the junk folder correctly. I say correctly because my junk marking rule for those was set in Spamassassin to mark ++++ spam score as spam. The Wordfence notifications were usually +++ or ++++ which I think you have to admit is high.
Here is an example of the spam bar score on one of my domain emails notifications that went via spamassassin on the server:
Date: 19 Jun 2020 02:15:11 -0400 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: Yes, score=4.5 X-Spam-Score: 45 X-Spam-Bar: ++++ X-Spam-Report: Spam detection software, running on the system "cp1.mattwservices.uk", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: This email was sent from your website "Pete Thomas" by the Wordfence plugin. Wordfence found the following new issues on "Pete Thomas" (1 existing issue was also found again). Alert generated at Friday 19th of June 2020 at 07:15:09 AM Content analysis details: (4.5 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.4414] 0.8 KAM_COUK Scoring .co.uk emails higher due to poor registry security. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: wordfence.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [184.108.40.206 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.1 HTTPS_HTTP_MISMATCH BODY: No description available. 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 1.4 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words 1.1 KAM_REALLYHUGEIMGSRC RAW: Spam with image tags with ridiculously huge http urls -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag X-Spam-Flag: YES Subject: ***SPAM*** [Wordfence Alert] Problems found on petethomas.co.uk
However this does not explain the gmail one, because those (I presume) go direct to my inbox an=t mac mail so do not go via spamassasin on my server.
Aha! This is very helpful information. SpamAssassin, as you know is controlled by your email hosting provider. The score does seem high, but I’m not certain of what metrics they use to create the score.
In light of the new information, I did a little digging. Unless your email server is hosted on your own server, you’ll need to contact whoever manages your email to see if you can whitelist Wordfence.
This would mean modifying the configuration files for SpamAssassin, such as
/etc/mail/spamassassin/local.cf. There may also be a setting in your hosting control panel to do this, your host will know.
I do find it odd that it does arrive at the Gmail, but not Mac Mail. Though I still believe reaching out to your host or what service manages your emails is the best next step to whitelist the Wordfence notifications.
Please let me know how it goes.
Yes I can whitelist wordfence raeally, I don’t think I should have to.
Other emails with a spambar of ++++ really are spammers trying to sell me real estate opportunities.
One part of it I know is because it is being sent from my site obviousl;y, and as you can see for some strange reason spamassassin gives .co.uk a 0.8 (KAM_COUK).
This seems absurd bot obviously not your fault.
Anyway, I still think I shopuld not have to whitelist Wordfence – there must be something Wordfence can do to stop the emails appearing spammy.
I’ve spoken with the Team about this.
The emails are originating from your site/mail server. The options are to either whitelist Wordfence, or speak with hosting to see if there’s a server/site configuration issue contributing to this, and address it. This is likely going to be a Spamassin/Apache configuration issue. If these notifications were being reported as spam we’d have seen many more reports. However, there have only been a few over years and whitelisting Wordfence resolved it.
Please let me know how it goes.
- The topic ‘Wordfence notifications marked as spam’ is closed to new replies.