Does Mail.ru have anti-spam magic algorithms?

If you or your customers have a mailbox on mail.ru, be prepared for trouble.

A bit of history

Historically, mail.ru mail was not particularly popular with IT people and techies, as was the company itself. But recently the company has changed for the better, the guys gathered and made an excellent mail service, switched to HTTPS, even successfully transferred mail to UTF-8. Recently, another “Cloud” was made free of charge at 1TB , and even changed the license agreement to it. Well, a lot of things happen to them well. But

"We will not talk about the bad, but we better do it"

Quotes of great men :)

Back to the present

All administrators who have a “website / blog / forum” have heard about problems with delivering letters to mailboxes for mail.ru users, I don’t justify them, because in most cases they have poorly configured MTA, no DKIM signatures, no correct PTR record , and all their letters "successfully" fall into spam. ("Successfully" without sarcasm). But the antispam team decided not to dwell on such primitive checks as valid DKIM digital signatures, PTR reverse records, domain and outgoing server “trustness” and much more that use free services with outdated antispam system (eg. Yandex, Google, Yahoo), antispam team refused these checks, and began to use real magic!

The approximate algorithm of the outdated anti-spam filter

')

And now the secret algorithm Meilru

Why all this?

On one working day, we had a lot of calls and complaints from customers on our small project, the impossibility of registering, the impossibility of recovering the password, but we learned all the tragedy of this situation only after a couple of days, when absolutely all the work (productive) stopped. By a scientific method, we found out that our domain was in the magic black list. It is the domain in the body of the letter , from the domain of the letter go with a bang, but if in the body of the letter there are mentions of the domain, then the letter goes immediately to / dev / null. Notifications from the site were sent via AMAZON SES trust with valid signatures, domain and server trust, including mail.ru itself. The reputation of our domain on postmaster.mail.ru is 0.5, this is a very good indicator (the less the better) if you do not specify in the body of the letter, the domain then the letters are excellent, and only in the inbox.


Great service to check how good your emails are. mail-tester.com

Please believe that there was no spam and no mailings at all (otherwise I would not have written this post), I sent up to 50 emails per day from the site, mostly registration notifications with a token for confirmation, a password reset link, and notifications customers about the arrival of their goods in the mail, as well as the actual responses from the support service.

What difficulties have brought us and customers:

• The registration on the site (the double opt-in mechanism) in the body of the letter has completely stopped the link with a one-time token for confirmation, the letter is rejected by the mail.ru server.
• Unable to recover password (for the same reason)
• Order notifications do not come with reference to the goods. (fixed by removing the link)
• customer support by email has ceased. Customers put in the letter a link to the product and ask a question about this product, and such a letter, respectively, mail.ru does not allow them to send.
• The already existing correspondence branches stopped, the previous correspondence is usually quoted in the body of the letter (and there is a link to the product, or in the signature on the site), and most importantly, the client does not understand why he cannot write to us.

It’s good that I don’t use their mail myself, so all non-customer mail work is excellent. It is sad that the region with which we work, 95% uses mail mail.

Why not do this?

At a minimum, there is a SPAM folder, and if the mailbox considers the letter to be spam, then why doesn’t it put in this folder, but reject it without even letting it go to its magic anti-spam filter? After all, if something went wrong with the server or site, while administrators are repairing, you can tell the client by phone that we have delivery difficulties, so please check the SPAM folder and there you will find a link to confirm registration or to recover your password.

!

What if you have a mailbox on your mail, you earned and forgot that you have several old domains / sites that are about to be renewed, but you don’t worry because you know that any registrar will send you over 9000 reminders like:

"We remind you that the expiration of the domain" example.com "expires ...

which you unfortunately will not receive, because the mailor knows better whether you need to renew such a domain or not. What if the administrator sent a letter of “abuse” from government agencies or other enterprises, where the letter contains a link to the page that’s the reason for this claim is never it will not come to him.

Why did the filter work?

I have only one conjecture. On the day a few hours earlier, before the domain got under the filter, the developers installed the "Share" button on the site from classmates, and accordingly we tested it, first on localhost, then on test server, then on production, my tape was spammed domain, including non-working links (of the type of testenvsite.work/url/) well, I vseravno, I tested and forgot, I have no friends who would click on them and go over them.

Results

• What do you think, is such a spam policy a mailru company?
• Why did not provide a quick response to the case of a false positive filter (they always are), because so you can paralyze for a long time the work of a large service.
• Ideally, when a filter is triggered, send a letter to the administrator with a warning that his letters will be completely rejected if he does not solve the problem (which one?) Within N days, and is currently sent to spam.
• Why such a priority is the domain name in the letter, and the complete ignoring of all other factors? After all, even if I write to pupkin@kermlin.ru myself with valid DKIM or god@sky.com and mention the domain name, their letters will not come: (

This is not a rare case, they introduced or twirled the filter around February 2014, since this month the network has been full of similar topics with complaints, and there are no solutions at all. Since February, many have not yet resolved the issue, we have so far been deciding for the 3rd week, it feels like they specifically give tike otlezhatsya 4-5 days, and only then answer, and then without specifics.

Why Mail.ru

Fighting spam is really not an easy job. Spam in the CIS is very popular, mainly due to the fact that spammers feel impunity. Mail.ru is the leader in terms of the number of clients in the CIS, in some regions the absolute leader, respectively, mail.ru is most susceptible to attack by spammers, who are constantly improving their mailings (technically), sometimes much better than honest and ordinary webmasters.
Other mail services also have false alarms, and I think that their% is not less than Mail.ru, but they are hardly noticeable against the background of Mail.ru’s leadership.
I think they need to upgrade their support, for example, add new employees.

UPD: Hooray! domain unlocked, now we and our users are happy.

On the same day, the representatives of the Mail team contacted me, understood the situation, admitted their mistake and promptly eliminated the problem, despite the fact that it was a day off.