CiviMail flagged URI_WP_HACKED_2 by SpamAssassin (#76) · Issues · Development / Mailing

CiviMail flagged URI_WP_HACKED_2 by SpamAssassin

Overview

CiviCRM emails were reported as going to the Spam folder in Gmail. I did some digging with mail-tester.com and found that SpamAssassin is dinging my mailings -1.629 points for the code URI_WP_HACKED_2.

I did some more digging and found this is likely caused by the WP REST API that was integrated into Civi in 5.25. I'm currently running 5.27.0.

Things I have done that have not resolved the issue:

I have installed the cv-rest-mailing plugin located here: https://develop.tadpole.cc/plugins/cv-rest-mailing
I have also ran my site against MalCare which returned a Clean rating.
I have disabled the plugin WP Mail SMTP.
I have disabled tracing of opens and click throughs.

I have confirmed that this is occurring on 3 of my clients sites all running Civi 5.27.0 with Mosaico.

I have confirmed this on sites that are running gSuite as their email provider as well as sites that are running a local mail exchanger.

The following two Stack Exchange questions are open with no resolution. I confirmed with Heather O. that she is still facing difficulty.

Reproduction steps

Create a new group called SpamTesting
Create a new individual named Spam Tester
Add Spam Tester to the Group SpamTesting
Give the individual Spam Tester the email address corresponding to https://www.mail-tester.com/
Create a new mailing or reuse an existing mailing.
Add SpamTesting as a recipient group.
Send the mailing immediately
Click check your score on Mail-Tester.com

Current behaviour

Many CiviCRM mailings are going to spam after upgrading to 5.27.0. Please see attached image.

Expected behaviour

Emails should not be getting flagged as a hacked WordPress site.

Environment information

Mail Server : gSuite
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
CiviCRM: _Master/5.27.1
PHP: 7.3.14
CMS: WordPress 5.4.2
Database: _MySQL 8.0.18
Web Server: _Apache 2.4.41

Comments

Overview
----------------------------------------
CiviCRM emails were reported as going to the Spam folder in Gmail. I did some digging with mail-tester.com and found that SpamAssassin is dinging my mailings -1.629 points for the code URI_WP_HACKED_2.

I did some more digging and found this is likely caused by the WP REST API that was integrated into Civi in 5.25. I'm currently running 5.27.0.

Things I have done that have not resolved the issue:
- I have installed the cv-rest-mailing plugin located here: https://develop.tadpole.cc/plugins/cv-rest-mailing
- I have also ran my site against MalCare which returned a Clean rating.  
- I have disabled the plugin WP Mail SMTP.  
- I have disabled tracing of opens and click throughs.

I have confirmed that this is occurring on 3 of my clients sites all running Civi 5.27.0 with Mosaico.

I have confirmed this on sites that are running gSuite as their email provider as well as sites that are running a local mail exchanger.

The following two Stack Exchange questions are open with no resolution.  I confirmed with Heather O. that she is still facing difficulty.

- https://civicrm.stackexchange.com/questions/35064/civimail-tracked-links-in-wordpress-site-are-marked-down-by-mail-tester?r=SearchResults&s=3|14.7395
- https://civicrm.stackexchange.com/questions/36244/spamassassin-marking-mailings-as-compromised-wordpress-site?r=SearchResults&s=1|42.5634

Reproduction steps
----------------------------------------
1.  Create a new group called SpamTesting
2.  Create a new individual named Spam Tester
3.  Add Spam Tester to the Group SpamTesting
4.  Give the individual Spam Tester the email address corresponding to https://www.mail-tester.com/
5.  Create a new mailing or reuse an existing mailing.  
6.  Add SpamTesting as a recipient group.  
7.  Send the mailing immediately 
8.  Click check your score on Mail-Tester.com

Current behaviour
----------------------------------------

Many CiviCRM mailings are going to spam after upgrading to 5.27.0.  Please see attached image.  
![SpamAssassin Score](/uploads/f5b1c7397916bc4c45ad2d10d89fcd2f/KrY6G_1_.png)

Expected behaviour
----------------------------------------
Emails should not be getting flagged as a hacked WordPress site.

Environment information
----------------------------------------

* __Mail Server__ :  gSuite
* __Browser:__ Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36
* __CiviCRM:__ _Master/5.27.1
* __PHP:__ 7.3.14
* __CMS:__ WordPress 5.4.2
* __Database:__ _MySQL 8.0.18
* __Web Server:__ _Apache 2.4.41

Comments
----------------------------------------

Edited Aug 04, 2020 by brendanspaar

To upload designs, you'll need to enable LFS. More information