Spam investigation and email reputation check
We are investigating emails which were marked as spam by Cloudmark's service Cloudmark Authority Engine (CMAE). We want to find out if they are false positives. When an user ask to investigate why a single mail was marked as spam, our approach is currently:
- basic checking (i.e. SPF, DKIM, FCrDNS, DNSBL etc.)
- check the mail from address/domain on apivoid.com (https://www.apivoid.com/tools/email-reputation-check/) manually to check whether the mail address seems fishy
I know there are a lot factors that come into play when detecting spam (i.e. SPF, DKIM, blocklists, mail header check, content check, custom rules etc.).
We observed that apivoid's service often states "Suspicious Domain" (i.e. "Returns true if domain is suspicious, i.e known spam or parked."; see https://docs.apivoid.com/) when analyzing the from address. Then we report this observeration to the user with the explanation "you might have sent mails in the past which recipients could marked as spam. please ensure the opt-in of your recipients and be sure they can unsubscribe". Often users then stated they used to send newsletters once a month to a bunch of addresses (without opt-in).
When checking those suspicious domains in any domain block lists (i.e. https://www.spamhaus.org/dbl/) there are no matches. At the moment our current guess is that only massive spam domains land in domain block lists and apivoid.com is good at detection minor spam cases (maybe through the use of spam traps).
My questions:
- Can somebody confirm the observations above?
- Does anyone have insight how apivoid is so accurate (at least for our cases) with its email reputation check?
- Does somebody know an equivalent service for email reputation check?
