Sending from Fastmail Alias --> Gsuite Enhanced Scanning = Phishing?

audelair · 15 Feb 2022, 04:09 PM

So I've been doing some testing with Fastmail's deliverability to other providers.

I noticed that sending from an alias (or random username at my hosted domain... i.e. if you have *@yourdomain.com as an alias) has a tendency to end up being marked as phishing in Gmail's inbox if it is a Google Workspace account that has "Enhanced Pre-Delivery Message Scanning" turned on in the admin settings. Sending to regular Gmail seems to be OK. The SPF/DMARC/DKIM all pass and nothing in the headers seems to indicate the alias is problematic. But somehow it just gets marked as spam.

I then tried my Cloudron email server where I use Amazon SES credentials as an SMTP relay to send mail. I turned on Masquerading (so I can send from arbitrary usernames within my domain). Sending similar types of messages to Google Workspace all delivered no problem.

Somehow, it seems Amazon SES doesn't get flagged for phishing while Fastmail's does, despite doing essentially the same thing (sending from a random user within the domain). DMARC and SPF have the same settings.

Has anyone noticed this? It could be that Google Workspace's enhanced scanning is overzealous, but the difference in behavior between SES and Fastmail seems to indicate that Gmail expects this from SES but not from Fastmail?

Terry · 15 Feb 2022, 05:07 PM

I had the same thing with M/s I was using terry@myowndomain.com but a lot of mail never arrived, went back to a fastmail.com domain and everything was much better.

JeremyNicoll · 15 Feb 2022, 11:33 PM

Surely for an incoming mail to be flagged as phishing there would need to be something in its content that looks like a phish?

What happens if your test mails are only plain text (so no html, commonly used to make mails look like they came from some organisation when in fact they didn't), and have totally innocent text in them?

audelair · 16 Feb 2022, 01:21 AM

Quote:

Originally Posted by JeremyNicoll

Surely for an incoming mail to be flagged as phishing there would need to be something in its content that looks like a phish?

What happens if your test mails are only plain text (so no html, commonly used to make mails look like they came from some organisation when in fact they didn't), and have totally innocent text in them?

The test emails were plain text and had very innocent subject and body text. I was pretty thorough with making sure they looked like regular correspondences.

Quote:

Originally Posted by Terry

I had the same thing with M/s I was using terry@myowndomain.com but a lot of mail never arrived, went back to a fastmail.com domain and everything was much better.

Microsoft's spam filter is too aggressive, from what I found. However, in this case, I'm not concerned so much about receiving mail (I can turn off the Google Workspace enhanced filtering), rather than concerned about the deliverability of my own emails.

Terry · 16 Feb 2022, 05:32 AM

My main problem was using terry I change it and it improved but not 100% the other part was my domain name it had a funny spelling.
I just parked my domain and use fastmail now.

We god fed up with phoning some people and asking did you get our email....they would reply no, told them to check their junk mail oh yes its here...

15 Feb 2022, 04:09 PM	#1
audelair Essential Contributor Join Date: Feb 2004 Posts: 271	Sending from Fastmail Alias --> Gsuite Enhanced Scanning = Phishing? So I've been doing some testing with Fastmail's deliverability to other providers. I noticed that sending from an alias (or random username at my hosted domain... i.e. if you have *@yourdomain.com as an alias) has a tendency to end up being marked as phishing in Gmail's inbox if it is a Google Workspace account that has "Enhanced Pre-Delivery Message Scanning" turned on in the admin settings. Sending to regular Gmail seems to be OK. The SPF/DMARC/DKIM all pass and nothing in the headers seems to indicate the alias is problematic. But somehow it just gets marked as spam. I then tried my Cloudron email server where I use Amazon SES credentials as an SMTP relay to send mail. I turned on Masquerading (so I can send from arbitrary usernames within my domain). Sending similar types of messages to Google Workspace all delivered no problem. Somehow, it seems Amazon SES doesn't get flagged for phishing while Fastmail's does, despite doing essentially the same thing (sending from a random user within the domain). DMARC and SPF have the same settings. Has anyone noticed this? It could be that Google Workspace's enhanced scanning is overzealous, but the difference in behavior between SES and Fastmail seems to indicate that Gmail expects this from SES but not from Fastmail?

15 Feb 2022, 05:07 PM	#2
Terry The "e" in e-mail Join Date: Jul 2002 Location: VK4 Posts: 3,028	I had the same thing with M/s I was using terry@myowndomain.com but a lot of mail never arrived, went back to a fastmail.com domain and everything was much better.

15 Feb 2022, 11:33 PM	#3
JeremyNicoll Essential Contributor Join Date: Dec 2017 Location: Scotland Posts: 490	Surely for an incoming mail to be flagged as phishing there would need to be something in its content that looks like a phish? What happens if your test mails are only plain text (so no html, commonly used to make mails look like they came from some organisation when in fact they didn't), and have totally innocent text in them?

16 Feb 2022, 05:32 AM	#5
Terry The "e" in e-mail Join Date: Jul 2002 Location: VK4 Posts: 3,028	My main problem was using terry I change it and it improved but not 100% the other part was my domain name it had a funny spelling. I just parked my domain and use fastmail now. We god fed up with phoning some people and asking did you get our email....they would reply no, told them to check their junk mail oh yes its here...