FS#147 : Marked as SPAM by Filters - Email from security@alwaysdata.com

Status Closed
Assigned To

cbay
Private

Attached to Project: Security vulnerabilities
Opened by mic13alw37dat - 03.04.2025
Last edited by cbay - 04.04.2025

FS#147 - Marked as SPAM by Filters - Email from security@alwaysdata.com - Signup on your security page

Hi,
Notification from Flyspray (Registration on security.alwaysdata.com) - Email from security@alwaysdata.com - Marked as SPAM by Filters
(the title had a character length limit)

Repro steps:
Register on your Security site https://security.alwaysdata.com using Gmail.
Receive email titled 'Notification from Flyspray' with 'confirmation code' from Security vulnerabilities security@alwaysdata.com Find this in SPAM folder with warning from Gmail about SPAM

POC:
Mentioned message found in SPAM folder.
On the gray background 'Why did this message go to Spam? The message is similar to those detected by our spam filters.'

It is at least reputation damage.
Makes communication difficult and may prevent the reporting (registration) of security issues.

References:
https://support.google.com/mail/answer/1366858?hl=en OWASP Top Ten 2013 Category A5 - Security Misconfiguration https://cwe.mitre.org/data/definitions/933.html https://cwe.mitre.org/data/definitions/815.html

PS. Can show a screenshot (POC), but can not see here image upload.

Best regards,

Closed by cbay
04.04.2025 07:20
Reason for closing: Invalid

Comments (5)
Related Tasks (0/0)

mic13alw37dat commented on 03.04.2025 23:00

PS. The best to use in Repro steps section - your Gmail address with alias:

youraddress+alias@gmail.com

cbay commented on 04.04.2025 07:20

Hello,

Is your report that Gmail incorrectly marked an email as spam? That's neither a security issue, nor even an issue on our side.

Kind regards,
Cyril

mic13alw37dat commented on 04.04.2025 07:42

Hello, whose problem is it that your email is marked as spam during the first interaction - registration? Reason - possible misconfig. King regards,

cbay commented on 04.04.2025 07:45

That's not a security issue. Besides, can you show us the misconfig?

mic13alw37dat commented on 04.04.2025 08:16

Short note - Misconfig is a security issue.
In this case I'm pretty sure that it was not a happy path / intended to send message from you flagged as spam.

I was surprise as x3 records are correct there - fine.
You have to make your own internal investigation, as I reported a bug - blackbox, no see your configs. I suppose it can be connected with invalid title or message format / content, you have to check deeper if you don't want to send spam as first message to the recipient.

"In most cases, it is up to the sender to improve their email configuration to increase the chance of delivery to the inbox."

and
"If an email ends up in your Gmail SPAM folder, it could be due to both Gmail and issues on the sender’s end. Here are the main factors:

1. Factors on Gmail’s side (Gmail Spam Filters)
Gmail uses advanced algorithms and artificial intelligence to filter emails. Here are some of the reasons why Gmail might mark an email as spam:

Sender history – If a domain or email address has sent spam before, Gmail might mark subsequent messages as suspicious.

User reports – If many users mark emails from a particular sender as spam, Gmail starts automatically classifying them as junk.

Message content – Gmail analyzes the content and may mark an email as spam if it contains words that are typical for spam (e.g. “100% guaranteed”, “free money”, etc.).

Suspicious attachments – messages with executable files (.exe) or scripts may be blocked.

Links to suspicious sites – if the email contains links to sites that are flagged as phishing or dangerous, it may end up in spam.

2. Factors on the sender's side (Email configuration issues)
If the email is not properly configured, Gmail may treat it as suspicious. Here are the main problems:

Missing or incorrect SPF, DKIM and DMARC records – these are the basic mechanisms for email authentication. Failure to configure them correctly increases the chance that the message will be marked as spam.

Sending mass emails – if messages are sent in large quantities without proper configuration (e.g. no opt-in list), Gmail may treat them as spam.

The sender's server is blacklisted – if the sender's email server has been reported as a source of spam, Gmail may block messages from that domain.

Sender uses free email addresses (e.g. @gmail.com) for mass mailing – professional emails should come from their own domain.

Incorrect email header – lack of correct metadata can cause spam to be flagged."

Kind regards,

	Tasks related to this task (0)

Loading...

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task