Warnings in Webmail: This message is suspicious

When I send an email to myself from Webmail it is being flagged as suspicious

I have DKIM and SPF setup. I have also tested with other domains and it shows the same warning.

The domain is: appdorks.com

Could it be because I have multiple SPFs in there?



  • Yes, we have added that feature in the webmail interface for inbound messages that may have a suspicious message traits, more information on that can be found on the knowledge base.

  • Even when I send to same users on the domain?

  • So I am clear, are you saying that messages sent from the domain appdorks.com internally, or to other recipients on our system, are sowing the suspicions indicator in the recipient's webmail interface?

  • Yes exactly.

  • Can you fire us over a test email to support at thexyz.com?

  • For sure, sent.

  • I see, one moment while I review the message in that mailbox to see what may have caused that suspicious flag to be applied.

  • Looking at the authentication information in the header, it appears the message failed DKIM signature verification - so I am clear, when (or how long ago) was the DKIM key record added to the domain's DNS settings?

  • I am looking at that also...

    I just generated a new DKIM key and added it with 300 TLS.

    It has been verified.

    What do you use to check DKIM?

  • There are two different systems that are in place to perform checks on DKIM, the initial check when the record is added to the domain's DNS settings to verify that it is in place in the Control Panel so that DKIM message signing can be enabled on our SMTP servers for the outbound messages sent from the domain.

    The second system that is in place, is in place on our gates that receive the records to perform a public facing check, unfortunately what can happen (which is what appears to what occurred in the first test message) is that the record can be verified in the Control Panel via that system so that DKIM message signing is enabled but the DNS information has not propagated to all of the gates on our system, which can result in these false positive "this message is suspicious".

Sign In or Register to comment.