Hey Community!
Today I have sent myself two mail messages with the same content from my personal mail account (ProtonMail with a custom domain and activated functions SPF, DKIM & DMARC) to my outlook.de address. The configuration of SPF & DMARC looks like this:
Spf:
v=spf1 include:_spf.protonmail.ch mx
DMARC:
v=DMARC1; p=quarantine; rua=mailto:xxx@X .xxx; pct=100; aspf=s; adkim=s
The first one landed in the junk folder. The second (around 4 minutes later) in the inbox. I'm now trying to find out why this is so but have some difficulty in correctly interpreting some of the header data. At least I have noticed some things that are likely to be relevant information. I used the comparison feature of Notepad++ for this:
1. All mail authentication techniques (SPF, DKIM & DMARC) were transmitted and correctly recognized.
2. The mail message classified as junk by Outlook on the web is missing the entries "X-MS-Exchange-ATPSafeLinks-Stat" and "X-MS-Exchange-ATPSafeLinks-BitVector".
3. Right after the entry "X-Microsoft antispam mailbox delivery" the expression "OFR:SpamFilterAuthJ" exists in the junk mail header but missing in the other mail.
4. Both messages were sent as "text only" mails - however, the entries in the header are different.
Left: Header data of the non-filtered mail / Right: Header data of the mail classified as junk
1.
2.
3.
4.
My first impression: Especially the first two points looking suspicious. Why were the entries "X-MS-Exchange-ATPSafeLinks-Stat" and "X-MS-Exchange-ATPSafeLinks-BitVector" deleted or not transferred? Are these missing entries the reason why the first mail was marked as junk?
I am thankful for every feedback.
fommio