Yeah and seems like the big providers don't like self hosted emails. I know someone who runs a hosting company using cPanel and his clients email go to spam a bunch even though not spammy emails, his answer is to just pay extra for Google Apps and that running a email server is too complicated. Not sure how true that is... For my own future projects I plan to run everything in containers, Node, etc so not PHP/MySQL so still need to host the email somewhere, kinda hate the idea of paying a third party and wonder how they would handle shared inboxes(like piping email to a script like you can with a cPanel server). Probably other email solutions though to look into though but haven't looked into it too much yet but kinda hate how we have to rely on large providers it seems for email.
Then sounds like people running WordPress or support help desk scripts with contact forms forwarding to their Gmail, etc is a problem too... Those services think your server is the source of spam.
But maybe it's worth paying for a third party email server for your staff and also a service with APIs for programmable sending/receiving since you don't want emails to customers like password resets, receipts, etc going to spam. I noticed even when I mark someones emails as not spam they keep going to spam, I don't check my spam daily but sometimes they have to send me a IM to let me know they emailed them...
I feel like might be forced paying though instead of self handling email. Kinda feels like giving the mafia some extortion money for protection though in away. Plus email is a bit broken in the first place, open and all is great but opens itself up to abuse to spammers and scammers.
Hosting company cPanel servers are a bit of a special case though. I've run these before and once customers start installing WordPress it can be a matter of hours before a bad plugin gets turned into a spam bot. It's at a point where blocking port 25 outbound is a responsibility imo.
WordPress contact forms are routinely abused - I regularly see forms where enter a victim as "my address" and then it helpfully copies the message to the spam recipient. There's always a web designer who wants it this way for UX reasons, even when I shown how it's abused.
Yep, contact forms in WordPress but even non WordPress sites too. Then of course if you got a plugin to detect brute forces, seem like WordPress sites get ton of them! Probably because you can detect if a site runs WordPress or not, so bots use that.
Sounds like the only solution to contact form spam might be rate limiting and/or captchas but even bots can bypass captchas too unless you use one like Google reCaptcha maybe but sucks your system has to rely on third party services then.
Oh wow, I was under the assumption that Google Apps(Now called G-Suite but I always remember it as the original) kinda gave you a guarantee if sending to other Gmail people and probably other big providers like Microsoft, Yahoo, etc would trust Google more too.
I'm far from shipping from what I'm working on though, but before going live want to get email setup for the main company website and product website for me and future staff, then want to be able to send email's for notifications, password resets, etc and then also have scripts receive and parse emails for replies to put into a database for the support portal part of the product ___domain but getting ahead of myself. Not sure if the product site would have users to people or just be all scripted sending/receiving while the main site is mostly emails hosted for humans.
I think one strategy would just run a mail server and have a script download the emails to the database and delete them, since doubt many solutions support a more of a webhoook type setup.
