It was my understanding that the Mautic feature for “email is valid” performed a test on the email to verify the domain has an MX record etc and basic formatting testing for the email address. Am I missing something.
From the perspective of your thread here, I do understand email very well. What domain are you sending from via AWS?
My domain is saudeplena.org, at least this one is the most problematic one. There are a few other domains on the same Mautic account, but with lesser volume. I have a second mautic account with the domain abundanthealth.info, it sends from the same AWS account to a list of 1200 emails, and I have no problems at all with the email reputation.
I can see that you have an SPF record that has no reference to SES / AWS. This will be part of the problem.
This domain is a redirect right now. That is not good.
The more hops you have in your domains, the worst it is.
Mautic will make the first one if you use click tracking. Than you redirect again. No good.
Yes, Amazon SES is not in the SPF record of saudeplena.org. When I configured Amazon SES it requires a subdomain, so I configured it at mail.saudeplena.org. They asked me to put the following SPF record for mail.saudeplena.org: v=spf1 include:amazonses.com ~all
Do I need to include this in the SPF of saudeplena.org as well?
if you put in https://www.saudeplena.org/ there should be no redirect.
I noticed, that many corona virus related websites have issues with inboxing. You might have the same issue. (Plz don’t ask why, I’m just sharing my observations.)
Are you messages coming from the @mail.saudeplena.org. or @saudeplena.org. ?
Because if you are using the subdomain for configuration of SES, then you need to send from that subdomain. Or it will go to junk.
Yes there are all kinds of issues with Corona. The keyword is blocked on Pinterest, and Google surely has its way of handling that too. I got my list with the Coronavirus Immunity Challenge. By the way, I did the same in English. Just in English I have 1200 contacts, and in Portuguese I got almost 8000 signups. Not sure if the list size influences. And after the challenge, I actually stopped talking much about corona, and focused on other health issues. So I hope they are not penalizing me for something of 4 months ago.
I am just wondering, I was reading on some place that sloppy HTML can trigger SPAM filters. I used the blank template to start my email, but I have seen that they are not responsive on mobile. Fonts are quite small when I open emails on mobile phone. Could that influence somehow SPAM scores?
The From email is martin@saudeplena.org.
But I looked into the email source code, in the return path is something like this:
Return-path: 010001751871b0fd-a15b950a-b2fe-4979-bda3-fbe17a4f56c6-000000@mail.saudeplena.org
So looks like it recognizes here mail.saudeplena.org as the sending domain. And I did DMARC monitoring for a month, with thousands of records resolving correctly. I assume therefore that SPF and DKIM is working correctly. But if there is somebody more experienced than me, I would like to know whether I should add to the Amazon SES domain to the SPF of the main domain as well.
Emails can have a from address, and a reply to address. Splitting these (having different ones) will increase the likelihood that your mail is identified as spam.
This may be the root cause.
Adding include:amazonses.com. to the other SPF will not hurt you, but it will also not likely fix this.
Try testing to send via the someone@mail.saudeplena.org with that as the sending email and reply to email. Test if that is the cause.
Remember that if you are testing to Gmail, they also rate on content, so it is hard to tell exactly why a message is gong to junk. Plus they have various kinds of junk and will grade content on things like tracking images that mautic use. So best to test to some location other than gmail.
This is a bit difficult to grasp, but here is the thing, SPF is used to specify which IP
addresses and/or servers are allowed to send emails from a particular domain.
Stressing it again, “it specifies which IP are allowed to send emails from a certain domain”
For example, if you have the following SPF value:
“v=spf1 a mx ip4:709.33.44.22 ~all”
This is saying all hosts listed in the MX records are allowed to send emails for your domain (any other domain is not allowed), and all other hosts are disallowed
ip4:709.33.44.22 is the IP address of the mail server or domain that’s authorized to send an email for that domain.
~all - the “all” tag tells the receiving server how it should handle all messages sent from a domain, if it sees a domain in the header that’s not listed in the SPF record. The
tilde (~) with the ‘a’ is a soft fail, this would mark a server that is not listed in the SPF
as spam, you can use -a for a flat out rejection.
v=spf1 include:amazonses.com ~all
In the case of amazon, you make sure are adding the SPF values in every domain you wanna send as, if you want to send as foo.bar.com you add the value in the foo.bar.com records.
If you only wanna send with bar.com, you add the SPF value in the bar.com.
If you added the value in foo.bar.com, and you are sending it from bar.com, it would most likely end up in spam.
So, the TL;DR is SPF Records For Primary Domain doesn’t apply to subdomains and vice versa. you need to have separate SPF records for each subdomain you wish to send mail from.
and I agree with @davidfinley
I think I have a good understanding how SPF works. Just on the subdomains I was not completely clear. And does it depend on the from email address or the return path to determine which SPF record is used? Also do you say that with the soft fail the receiver may not send a fail in the DMARC report, but consider the email as SPAM? Because I have run the DMARC analysis for quite a while. Just checked, the last 2 weeks I have 6000 DMARC feedback records sent via Amazon SES that are 100% compliant on SPF and DKIM. I know the records are mainly from GMail and Yahoo, seems that Hotmail does not return any DMARC records.
OK, this is an interesting point. Just I have already that many contacts that have saved my email address martin@saudeplena.org. I wonder whether things are not going worse when I switch to a new email address.
My favors with GMail for the moment have improved, but yes the thing about the tracking image I have seen already a warning in the Mautic settings. Anybody has experience whether tracking pixels and tracking redirects are really hurting SPAM rating in a significant way? It is something so widely used, so I am just wondering.
At the moment I am concerned about my razor score that is consistently bad, and I have no success that far to fix it.
SPF is a delivery configuration, so it is looking at the domain or sub domain that the email is generated FROM. Nothing to do with return path.
A soft fail will trigger as a soft fail to any software being used for monitoring inbound messages for spam. What happens after that is a matter for the mail spam filter administrator. Some systems will add a weighting to the message (variable and set by admins). A weighting addition to say for example some shitty content, and or a tracking image might be enough to trip it over the custom set trigger to put it in junk. Additionally some systems like outlook.com use AI and a bunch of black box stuff to look at spam. Who knows exactly how it is done, but definitely soft failing for SPF is undesirable.
Remember too that the soft fail setting is just a suggestion that basically says… “Ok I have set up SPF but don’t really know what I am doing, so don’t block this if I screwed up the settings.” Technically soft fails are for testing, and hard fails should be set for SPF when used correctly and in conjunction with DKIM.
There is a lot of advise around the net saying to set soft fails. These are usually from orgs that publish basic data on how to configure for their services. They really are not advise on how to configure and reliable email system. Kind of internet repetition.
I have tested with the mautic tracking image and found that it was almost impossible to get gmail to put the content in “inbox” usually it was classified as “promotional”. But not Junk when correctly configured.
Content was the tipping point to get it to “inbox” but it was unreliable at best. Send it once and you get a different result second time. Impossible to predict.
By Razor score, are you talking about Razor2 Black List? I am a little confused to the reference?
Yes, SpamAssasin gives me 2 complains in relation to Razor2:
2.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
I found this here yesterday?
The technology behind it is called MJML. Here the details:
Basically it guarantees that the email templates are mobile responsive. I have seen that the templates I used in Mautic are not really mobile responsive. Are there other mautic templates that are able to resolve that problem? Or is it worthwhile to use this technology here? How much difference will it make to use well coded mobile responsive templates?
Thank you, I also found the solution to this problem here! 
We use custom coded emails with tracking pixel in it and they go to gmails inbox all the time.