Wordfence e-mails regularly in spam

Notably, some of the sites are more susceptible to be affected than others, but we typically use the same hosting/service provider, and it’s a mixed bag — so I doubt hosting is the underlying cause (and if it is, it’s something that’s not exposed to us).

Hi @ellmanncreative, thanks for getting in touch!

The emails from WordPress/Wordfence should be coming from wordpress @ yoursitename . com and are getting sent to your junk mail folder by Gmail. Make sure to create a filter or click “Report not spam” to add emails from your website to the list of safe domains so you get emails consistently.

As this is not directly a Wordfence issue and would apply to any emails coming from your WordPress site or domain, it may be worth reaching out to your hosting provider to see if they have any ideas (such as reverse PTR record settings.) They may have solved similar issues for other customers on the same environment so should know what to check for you.

Thanks,

Peter.

Except other e-mails from my site and/or domain are not affected — only the Wordfence e-mails are. For instance, Sucuri alerts (which we also use) come through without issue.

I’m tired of clicking “not spam”, been doing this for months.

Interestingly enough, Sucuri is using the e-mail we’ve set WordPress up with (Mail SMTP), while Wordfence seems to be using an imagined wordfence@ mailbox, which doesn’t exist on any of our hosts.

Wait, wait, wait…

This needs investigation, but we haven’t set all installations with Post SMTP. I would need to check if the alerts that’re classed as “spam” are perhaps all coming from the installations where we have NOT done that… Additionally, wherever we’ve set Post SMTP, Wordfence is correctly using that configured e-mail and, from what I recall, those seem to be fine…

Please stand by as I investigate this over the next few days.

• This reply was modified 3 years, 8 months ago by ellmann creative.

So, on messages that get classed as spam, we’re seeing this:

score=7.409 tagged_above=-10 tests=[ALL_TRUSTED=-1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HK_RANDOM_ENVFROM=0.626, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635, MIME_HTML_ONLY=0.1, NAC_869=1, NAC_REMOVAL=1, TO_NO_BRKTS_HTML_ONLY=1.999, URI_WPADMIN=2.799] autolearn=disabled

That seems like a pretty high result, and the fact that it’s being tagged as “multiple domains” is a direct result of sending via PHPMailer/mail() instead of having a designated account for it (it then goes through the system with two e-mails — one being wordfence@, the other being the mail for our hosting’s account).

Seems that it coming from WP-ADMIN and being HTML_ONLY are also major contributors here.

Here’re another two:

X-Spam-Flag: NO
X-Spam-Score: 1.875
X-Spam-Level: *
X-Spam-Status: No, score=1.875 tagged_above=-10 tests=[ALL_TRUSTED=-1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HK_RANDOM_ENVFROM=0.626, NAC_869=1, NAC_REMOVAL=1] autolearn=disabled

X-Spam-Flag: NO
X-Spam-Score: 1.986
X-Spam-Level: *
X-Spam-Status: No, score=1.986 tagged_above=-10 tests=[ALL_TRUSTED=-1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HK_RANDOM_ENVFROM=0.626, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, NAC_869=1, NAC_REMOVAL=1, T_REMOTE_IMAGE=0.01] autolearn=disabled

Unfortunately I’ve no clue what NAC or NAC_REMOVAL is, because all searches lead me to N-Acetylcysteine and nipple-sparing breast cancer removal…

Also note: these are set as “X-Spam-Flag: NO” but they still end up in GMail’s “Spam” folder.

Hi @ellmanncreative, thanks for all the information.

Despite understanding you state having less trouble with Sucuri emails, this still presents as a Gmail/general email issue rather than anything Wordfence is doing wrong as a plugin. I understand this has been frustrating but we have a very large number of active plugin users receiving multiple emails every day who aren’t reporting the same issue.

I strongly believe setting a filter will be more effective than clicking “Report not spam” for a personal solution to make sure Gmail recognises emails from Wordfence and your domain in general as acceptable to send straight to your inbox.

For judging why Google scores the emails so highly for spam, we are sadly not privy to their decision-making process or algorithm. We are also in the same position for tools like reCAPTCHA when Google decides whether a website visitor is human. There may be settings within Post SMTP that might assist the trustworthiness of the emails, or steps you can take such as creating an active mailbox for the wordfence@… address itself.

I trust with Gmail’s filters and considering mailboxes/Post SMTP settings, you can come to a solution that removes the frustration of manually moving the emails.

Thanks,

Peter.

For the record, while adding a rule to prevent emails being sent to spam does indeed work, I still get a big, fat grey banner about how this message isn’t in spam because I specifically added a rule for it.

Just wanted you to know that your email messages, when not coming from a rock-solid trusted source, are considered “spammy” by Google. And to be honest, I can kinda see why — HTML-only content, no content boundaries, and it claims to be related to WordPress/has wp-admin links… it sure looks like spam and/or phishing on paper. Service providers have flagged ‘spam’ for less in the past.

Just letting you know, so that you could perhaps look into how to possibly improve upon this, instead of hiding behind “we’re not responsible for Google”. I doubt you can eliminate the problem, but perhaps you could alleviate it? Maybe adding a text-only component to the e-mails would be enough to drop the detection rates just below the spam threshold?