I always like to write blog posts based on feedback I see inside our support center to help customers solve common issues faster.
I’ve noticed an increase in tickets involving emails being flagged as spam (i.e. when you send an email from your hosting account, it either ends up in the recipient’s spam box or is returned to sender) so I wanted to explain this and help provide steps to prevent this going forward.
Where Does Spam Come From?
Spam is annoying and I think we can all agree no one likes to see it in their inbox.
It’s likely you noticed the “Buy Viagra” emails in the past or in recent months emails from individuals claiming they’ve compromised your email account and have compromised your web cam and threaten to send “private video” to your contacts unless you send them Bitcoin.
In the early/mid 2000s spammers would simply purchase a hosting account under an alias, carry out their spam, and then move on.
Nowadays web hosts, such as NameHero, have many fraud measures in place that prevent such signups.
Therefore to carry out spam, these malicious individuals have gotten more creative, compromising legitimate hosting accounts, and using them to send their scammy emails.
This is one of the main objectives to compromise one’s WordPress install; to gain access to the hosting account to send spam.
Once a spammer compromises a legitimate hosting account they’ll sometimes “spoof” the email so it appears it’s coming from someone else.
Why Is A Message Flagged As Spam
Email service providers want to eliminate Spam from their platform. It’s not only annoying but also poses a big security threat to networks.
Therefore when an email is received, there are many things that are automatically checked:
- IP Blacklisting – When a server receives an email, most will check IP databases and look to see if a specific IP has been “flagged” for sending Spam in the past.
- Proper Authentication Records – Along with the IP check, inbound email servers will also check the domain from the incoming message to ensure proper authentication records are in place. This prevents things such as spoofing.
- Email Formatting – A lot of Spammers will use broken english or other characters in their message that can help detect malicious emails.
If an email you’re sending matches any of the above three points it will most likely be flagged as Spam.
Why A Legit IP Gets Blacklisted
By default, when you signup for web hosting, your account is placed on a “shared” IP address meaning many different websites are using the same IP.
For example, let’s say I purchase a Plus Cloud Web Hosting account with the domain keydiets.com. When its setup on our cloud, it’s going to share an IP address with many other websites on the node.
If just one of these websites fails to update their WordPress, uses weak wp-admin credentials, or uses weak credentials on an email account, a spammer can compromise and send out malicious emails.
At NameHero we have many proactive measures in place to prevent this including a dedicated security team that’s specifically looking for such activity 24x7x365.
While we’re able to prevent most, some are able to slip through, and while we mitigate them quickly, it only takes a couple emails to get an IP blacklisted.
I expand on this on another post you can read here: The Problem With Email And Shared Hosting
Using A Dedicated IP Address
The most common solution to prevent IP blacklisting is to order a dedicated IP address with your web hosting account for $29.95/year (about $2.50/mo).
Using a dedicated IP address on your domain gives the appearance to the outward Internet that you’re on a dedicated server.
Since it’s not shared with any other website, you don’t have to worry about other websites that have failed to update WordPress, are using weak security credentials, etc.
Most of our customers that rely on their emails being delivered will chose to go this route.
Our Corporate Hero Reseller package comes with a free dedicated IP address that is used for all accounts created under the package. Meaning only your primary domain and the customers you setup share that IP.
We’ve found this greatly helps such situations! You can also always add additional IPs for the cost above.
Setting Up Proper Authentication Records
IP aside, there are some email authentication records that should be configured with your DNS so incoming email servers can validate the emails are legitimate:
- rDNS – Reverse DNS records allow the inbound email server to check the IP and ensure a legitimate domain is attached to it. If there is no domain attached to the IP, it’s a red flag. By default all IP addresses at NameHero will include this record to the server’s hostname. While this is certainly better than not having a record, it’s not as good as having it attached to the actual domain. With a shared IP address, that’s not possible, so a reason to have a dedicated IP.
- DKIM – DomainKeys Identified Mail is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam. Proper records tell the inbound mail server the email is legitimate.
- SPF – Sender Policy Framework is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam. As with DKIM, proper records also inform the inbound mail server the email is from the actual owner of the domain; hence is legitimate.
By default, cPanel sets up these records automatically as long as your DNS resolves to NameHero (i.e. using our nameservers).
You can easily check these records by going to cPanel -> Email Deliverability:
From here, you can see if any problem exists:
This screenshot tells us there is an issue with the rDNS record. If you click on “manage” it will provide specific details:
For this example, the website keydiets.com is using a shared IP address, hence the rDNS record points back to the hostname.
While this doesn’t mean all emails are going to end up in Spam, some maybe blocked depending on the configuration of an inbound mail server.
The solution to correct this is to have a dedicated IP address with your domain set as the rDNS.
If you have a dedicated IP, our team has to manually set the rDNS record on the network level, which you can have completed by logging a new support ticket.
The DKIM record should always be “valid.” If it’s not, you should make necessary corrections.
Inside of cPanel -> Email Deliverability -> Manage you can verify this and also automatically make changes to correct it (as long as you’re using our nameservers):
As you can see in this example, the record is present and no further action is required.
If you’ve recently migrated your account from another web host, you may need to correct this. Additionally, if you’re using a third-party DNS provider such as Cloudflare or Easy DNS, you’ll need to login to their control panel and add this text record manually.
Just like the DKIM record, the SPF should always be “valid.” If not, you may run into email deliverability issues, and should take necessary steps to correct:
If you’re using our nameservers and created the account with us (i.e. not migrated) it should be automatically set.
If you’ve migrated from another web host or are using third-party DNS, you may need to make necessary changes. Thankfully this interface inside of cPanel makes things pretty easy.
Additionally, if you’re sending mail from external sources (i.e. third party software vendors, Gmail, Yahoo, etc.) you may need to customize this record to let inbound mail servers know it’s you and not someone spoofing you.
This can easily be completed by clicking the “Customize” link below the “Value” field:
Some of these settings can get a bit confusing, therefore I recommend clicking the question mark icon beside each to get a full explanation of what each one means.
Additionally, you should always consult/refer to whatever third-party application you’re using to get their suggestions. Most will tell you exactly what you need to add.
Check Your Email Formatting
If you’re sending bulk emails (i.e. more than a couple people at once) you should check your formatting to make sure it doesn’t appear to be Spam.
Fairly often we’ll see some customers sending 100% legitimate emails to their customers but their formatting is poor and it’s coming off as Spam (sometimes even being flagged by our security team).
I’ve published an article onside our Knowledgebase where I go into more detail about How To Increase Your Email Deliverability.
In short, there are many tools out there, such as Mail-Tester, where you can actually send your email to them and they’ll tell you rather it looks like Spam or not.
It’ll also verify the records mentioned above, helping you cover all your bases.
Finally, it’s very important to take security measures to ensure your account is secured to prevent it from being compromised, rendering all the work completed useless.
As mentioned above, spammers will often compromise legitimate hosting accounts as they know they can easily “inbox” their scams from accounts with proper records setup.
Along with our real-time malware scanning, automatic software patching, and dedicated security team, there are some very simple things you can do:
- Keep WordPress/software updated – You always want to be running the latest version of WordPress including your plugins and themes. Our automatic patching will “buy” sometime if updates cannot be made immediately, but they should be conducted within a reasonable amount of time.
- Use secure passwords – If you can remember your password, it’s not secure. You should use the password generator inside of cPanel to create FTP, email, and other accounts (including your wp-admin login). Use a password manager such as LastPass or 1Password to keep track of them all.
- Scan your computer regularly for viruses – Most viruses on computers include key loggers to try and compromise such accounts. Keeping your computer clean is also a big step for security.
If you complete these three things on a regular basis, you’ll rarely ever have a security event on your hosting account. Unfortunately so many customers will ignore this until it’s too late. Don’t let that be you!
How To Prevent Emails From Going To Spam
I’ve filmed a video on our Official YouTube Channel where I explain all of this in detail and also show examples of setting up correct records:
Feel free to ask any questions below! As always, our team is standing by 24x7x365 to assist you with any of this!
Ryan Gray is the founder and CEO of NameHero, one of the fastest growing independent web hosts in the United States. Ryan has been working online since 1998 and has over two-decades experience in Internet Entrepreneurship.