Issue 421-4.7.28 error when sending mail to Google server

[Joopjr]

Since 8:20 UTC my mail gets rate limited by Google with the following message in the mail log: "Our system has detected an unusual rate of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28 users from spam, mail sent from your IP address has been temporarily 421-4.7.28 rate limited. Please visit 421-4.7.28 Prevent mail to Gmail users from being blocked or sent to spam - Gmail Help to 421 4.7.28 review our Bulk Email Senders Guidelines."

I've looked at the link but I'm pretty sure I'm no bulk sender.

Facts:
* I'm running a Virtual Linux Server.
* The server has a dedicated IP address.
* According to MX Toolbox our IP isn't blacklisted.
* I'm using PHP Mailer and Postfix to send mail.
* I've a SPF and DMARC record for the sending domain.
* According to the mail log I've send 106 mails with a Google server as a Relay (My mail log runs from 16 aug 2 am till 18 aug 12 pm = 34 hours).
* Outgoing mails from my server with a Google Relay are deferred, incoming mails from a Google server don't pose any problem.

I doubt that 106 email in 34 hours (3.1 every hour) is enough to trigger the "Bulk Email Senders" message. Is it possible that something is sending mails from my IP without it showing in the mail log on the server? Or are there any other possibilities why I'm getting this error?

 

[mow]

And, did you try the Google Postmaster tools?

 

[Joopjr]

I've added my domain to the Google Postmaster tools, but there is no new data because the domain was freshly added.

Most of the Postmaster Tools dashboards will only display data when there’s a sizable daily volume of email traffic (up to the order of hundreds) coming from your Authentication Domains and/or certain other conditions, in place to prevent abuse.

You may see a "No data to display" error message on the IP and Domain reputation dashboards. This may happen when your reputation is too low to show a value. Learn how to improve your email delivery rate.

To show data, some of the dashboards, like Spam Rate and Feedback Loop, need your emails to be authenticated by DKIM.

I've also created a post on the Google Community. They verified that my IP/server is not acting as an open relay and there are no issues with the domain Internet records. The problem with the deferred messages started on the 18th of aug at 8:20 AM and seems to end on that same day at 8:58 PM. The problem made a comeback this morning at 8 am.

In my mail log (spanning 20 hours) there is a total of 156 occasions where the Google MX server was used (this includes the retrying for the deferred messages). I'm not sending massive amounts of mails and my server is not an open relay (therefore no-one else can send mail using my IP address), what could be the problem?

 

[weltonw]

Unfortunately, I can only speculate what's wrong. Spam filters are black boxes, especially Gmail.

I doubt that 106 email in 34 hours (3.1 every hour) is enough to trigger the "Bulk Email Senders" message. Is it possible that something is sending mails from my IP without it showing in the mail log on the server? Or are there any other possibilities why I'm getting this error?

Sending 3.1 messages/hr only shouldn't get an IP rate limited. However, from what I've seen, these rate limits are done on a IP reputation basis. If your IP has a history of sending "good" email, you typically are less likely to be rate limited, versus if you don't have any history or have a poor reputation. I've seen 200 + emails relayed to GMail in minutes with no problem, but also a couple emails in hours create issues.

You mention 106 in 34 hours. Is that all at once? Or scattered?

Is it possible that something is sending mails from my IP without it showing in the mail log on the server?

Assuming you can trust your logs and your system is secure, it's not possible if you have your own IP.>

Who/what are you sending the emails to/for? A server sending Nigerian Scam emails will get treated very different than real, conversational emails.

If everything is all legitamate and proper, your best bet it to wait and send emails slowly at first to build up IP reputation. SenderScore.org is a good place to check.

 

[Joopjr]

You mention 106 in 34 hours. Is that all at once? Or scattered?

Scattered, small sample:
Aug 16 (from 02 am)
11:11:48
11:11:49
11:11:56
11:11:56
11:11:57
11:12:00
11:12:01
14:13:42
14:13:44
15:15:04
16:54:35
18:40:14
18:53:33
18:53:37
21:35:12
21:35:16
21:38:09
21:38:09
Aug 17 (till 12 pm)
00:04:31
00:04:31
08:15:06
08:15:06
08:15:06
08:15:06
08:15:08
08:15:09
08:17:06
08:17:08
08:17:12
11:06:13
11:06:13
11:44:04

My IP is active for multiple years now (more than 5) and my domain with the associated mail sending is online for almost 5 years. The domain is active as a news agency. Due to the fact that speed is key for selling images and videos it's important that we can send our press releases as soon as possible (and that they arrive at the other end as soon as possible).

Normally a single press release will be send to approximately 6 recipients, this can increase up to 15 recipients for larger news stories (all in a span of a couple of seconds). I think about 50% of them use a Google hosted mail server. These are all separated mails to the media too address them personally, we don't put everyone in the BCC of a single mail. All these mails have multiple photos attached of the associated news event.

 

[mow]

Do your mails often get marked as junk / moved to the junk folder by the recipients?