Verification Email treated as dangerous by GMail

  • When a user registers on our site with a Gmail address, Google is treating the verification mail sent from the plugin as a phishing threat – marking it with the warning label “This message seems dangerous”

    Other emails sent from WooCommerce or the theme itself are fine, and this may be because they have branding and more content included. Such customisation is not possible using the free version of the plugin.

    Additionally our domain has SFP and DKIM authentication already set up.

    How can we overcome this problem?

Viewing 15 replies - 1 through 15 (of 15 total)

  • Hi @simonjonharding,

    I apologize for any inconvenience you may be experiencing.

    I have escalated this with our development team. They will get back to you as soon as they can.

    Kind regards,
    Moshtafizur

    Plugin Contributor Pablo Pacheco

    (@karzin)

    Hi @simonjonharding ,

    Besides DKIM and SPF, you could try to verify your account with DMARC as well.

    And Maybe, there is some other setting of ours you could try.?

    • Change “Advanced > Encoding options > Encoding method” to “HashIds

    This will make the verification link smaller, and maybe the deliverability of the emails could go up.

    This is a link with a list of recommendations you could also try:
    https://www.safetydetectives.com/blog/solved-this-message-seems-dangerous-what-should-you-do/

    Thread Starter simonjonharding

    (@simonjonharding)

    Thanks for your repsonse.

    The problem with the free version of this plugin is lack of context in the default message.
    I have improved deliverability to GMail by editing the PHP files to add the website name in both the subject and message.

    I strongly suggest that, given you dont seem to want to allow the free version of the plugin to use the Woocommerce message format (which would solve most of these issues due to the branding provided), you at least add a variable to include the WordPress site name in both subject and message. Otherwise its just a random “click this link” message as far as Google is concerned.

    I get that you dont want to give too much away in the free version and wish to hold certain elements for the pro version, but this deficiency in terms of one of the biggest mail providers out there is major flaw in the free version.

    +1 – experiencing this despite DKIM & SPF authorized transactional email sending via AWS SES that works for all other system emails.

    Plugin Contributor Pablo Pacheco

    (@karzin)

    Hi @squarecandy and @simonjonharding ,

    Thanks for your feedback. I just wanted to let you know that I just released a new version (2.6.5) with 2 new variables that can be used on the emails:

    • %site_title%
    • %site_url%

    From my tests, it does seem that if they’re used with the Email template option set as Plain, they can help with email deliverability, avoiding Spam. Let me know if it helps.

    Thread Starter simonjonharding

    (@simonjonharding)

    @karzin

    The addition of the new variables is great – but because you have not made the use of these default in the email template it does not really help those of us using the free version of the plugin.

    The free version does not allow editing of email content in WordPress back end admin – meaning that we cannot use the new placeholders and still have to edit the php file “class-alg-wc-ev-emails.php” to use the new variables. This is effectively no different from having to edit the file to manually add the site name as text.
    Additionally, this has to be re-edited every time the plugin is updated.

    Please add an option to use the new variables for all users (including free version) or simply add %site_title% to the core emails php file in every occurrence where “account” is used in order for the improvements to be permanent. i.e. “account” becomes “%site_title% account”.

    Adding the placeholder “%site_title%” to the Activation email > Email subject would be a good idea as well.

    So it would be “Please activate your %site_title% account”.

    We are also experiencing the activation email specifically going to the SPAM box. All other emails are fine.

    • This reply was modified 10 months, 2 weeks ago by gmoney9.
    Plugin Contributor Pablo Pacheco

    (@karzin)

    Got it.

    I just released a new version (2.6.6) with changes to the default Email Subject field. I’m following the same pattern from WooCommerce:

    [%site_title%]: Please activate your account

    You can click on the “Reset section settings” to get the new default value.

    Let me know if it helps.

    • This reply was modified 10 months, 2 weeks ago by Pablo Pacheco.

    Thanks!

    Couple of things for Activation email > Email content

    1. %site_title% does not work
    2. Can you add “billing_first_name”, “billing_last_name” placeholders please?
    Plugin Contributor Pablo Pacheco

    (@karzin)

    Anytime ??

    1- It doesn’t work in which way exactly? I only changed the default Email Subject, not the email content. So, if you’re using the free version, you won’t be able to use the %site_title% on the email content. Now, if that’s not the case, you’ll be able to use it and it should work.

    2- Right now we have %user_display_name% and %user_last_name%. Let me know if that would be enough.

    1. See here: https://i.imgur.com/5xLtmjd.jpg it doesn’t list the site name
    2. Not really. Because in registration for example, we use billing_first_name so for activation email, it would be good to have this so we can personalize it to help prevent emails going to spam.
    Plugin Contributor Pablo Pacheco

    (@karzin)

    1- Hum, can you please make sure that you have version 2.6.6? I just tested it here and it should work

    2- Ok

    Plugin Contributor Pablo Pacheco

    (@karzin)

    2- I’m sorry. I’m not sure if I can get billing_first_name or billing_last_name. That info comes from an order and the activation email doesn’t have a relation to it.

    Thread Starter simonjonharding

    (@simonjonharding)

    @gmoney9 – I would appreciate you starting your own thread about further plugin personalisations, rather than hijacking my thread about deliverabililty to GMail.

    @karzin – you seem to be suggesting that no changes to email content can be made to the default template and that only customising using the paid for version can utilise your new variables.
    This does not solve the original point I raised.
    Deliverability to GMail in particiular needs specific reference to the hosts site in both the email subject AND email content.
    This is why I suggested including %site_title% in the email template – meaning in both the email subject and email content.
    This can be achieved simply by changing any reference of “account” to “%site_title% account”. Without this, the problem will persist and I will simply have to continue editing the php file with every release of the plugin.

    This is not about personilisation of the email content – its about ensuring deliverability of the basic email, without embilishments, to GMail users.

    Plugin Contributor Pablo Pacheco

    (@karzin)

    Thanks @simonjonharding ,

    That makes sense. Please, update the plugin to version 2.6.7 I Just released.

    The new default email subject:
    [%site_title%]: Please activate your account

    The new default email content:
    <p>Please <a href="%verification_url%" target="_blank">click here</a> to verify your email on <a href="%site_url%" target="_blank">%site_title%</a>.</p>

    That should do the trick.

    You can click on the “Reset section settings” to get the new default value.

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Verification Email treated as dangerous by GMail’ is closed to new replies.