I have a customer that is a paying user of Google Workspace and he occasionnaly reports that mails from my self-managed gitlab instance ends up classified as SPAM (“phishing”).
I have checked the headers - DMARC, SPF, etc. are all PASS and valid.
Google Mail’s classification seems to be based on the message content.
Is there anything I can do about this (change message contents, avoid references to external images, etc.)?
I looked for other messages on this forum, but I think they are not really related as in my case DMARC, SPF, etc is fine and the mails are genuine system messages, not users abusing of the platform.
Since you’ll need to provide your own MTA / mail relay in SMTP settings | GitLab, I’d check wether its domain is on a spamlist with high scoring, or otherwise wrong configuration leading to low trust rankings.
The problem isn’t Gitlab here, otherwise everyone who is sending emails from their own Gitlab servers would have this problem.
There can be many reasons for this, some of which @dnsmichi has already mentioned. If the domain is newly registered, this can also be a problem. Perhaps the Gitlab server is relaying messages on behalf of the domain, and the IP has not been added to the SPF record as being allowed to send emails on behalf of your domain. Difficult for anyone to confirm whether that is the case without being actually able to know what the domain is, and/or see the email configuration for the Gitlab server. So these are things you want to be checking first.
Google can also be more problematic for spam classification than others and you may wish to also look at integrating DKIM signing for emails sent from your domain as well.
I used to run postfix on my Gitlab server and allow it to send emails for my domain in it’s SPF record, but I would still sometimes get emails classified as spam. I now reconfigured Gitlab so that the SMTP settings in /etc/gitlab/gitlab.rb now use my actual mailserver with a login and it sends via that. I could have configured postfix to send via my main mailserver that way as well.
Once you sort out the SMTP configuration you shouldn’t have these problems anymore.
Thank you for this feedback - I have suggested to try to configure this in Google Workspace.
I am using my domain registrar & email provider’s SMTP server. The SMTP configuration is fine and the SPF/DMARC/DKIM headers are not marked as failing.
I checked my domain on mxtoolbox and it is not showing blacklists issues.
My other mails sent through my email client arrive normally in the destination mailbox.
Does the sender address exist on your mail server? Your screenshots shows as sending from git@yourdomain? So does an email account exist for that? Or are you sending as git@yourdomain, but authenticating with a different email address/password combination?
