Gmail suspicious link popup


#1

My domain is: conciliae.fr
My domain provider is: 1&1
I can login to a root shell on my machine (yes or no, or I don’t know): yes.

We have a website with a valid SSL Certificate delivered by Let’s Encrypt: conciliae.fr.
We send emails with an account activation link. When a Gmail user clicks on the activation link, Gmail displays a popup: “Suspicious link. This link leads to an untrusted site. Are you sure you want to proceed to conciliae.fr?”

We have looked for answers on several forums, but we have found nothing helpful.
Looks like the issue disappears after a while, like it was the case on this Let’s Encrypt Topic: Gmail displaying Suspicious link popup on links to site with Letsecrypt cert.
We also tried all the advices given on this forum: https://productforums.google.com/forum/#!topic/apps/xSV6J-Nmkmc.

On several forums we saw that it probably comes from the SSL Certificate we have, that’s why we publish the question here.

Because of this message we lose all our Gmail users (50% of all the inscriptions requests we have). This is a very problematic issue.
Would be great if someone could help us with this problem.


#2

It’s most probably not linked to your certificate.

Did you follow the others advices?

Specifically:

  1. Messages sent from accounts or IP addresses that have sent other spam messages.
  2. If the email/domain is unauthenticated.
  3. Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.
  4. Check the message headers to make sure the “from” header isn’t showing an incorrect name.
  5. Further, I’d recommend you please try authenticating your domain using the steps below: 1. Go to postmaster.google.com. […]:

#3

Hi,

Besides certificate issue (which would display in browser as “this site is not secure” or “invalid certificate”), as @tdelmas said, it could also be “dkim issue” “spf issue” “dmarc issue” “email content issue (content being identified as email spam, junk, hacking etc)”.

Those issue are more complex than certificate, since you would need to identify those one by one…

From my experience with all (junk) email stuff, this site might gave you some help…
https://mxtoolbox.com/deliverability

(Please focus on the dkim / spf / dmarc)

If that’s not the issue (if you correctly configtured all three above), try check the real contents.

Thank you


#4

Hi @Conciliae

your ip-address 37.59.98.202 is on one blacklist:

https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3Aconciliae.fr&run=networktools

That may be the problem.

But loading https://37.59.98.202/ - there is the certificate conciliae.fr, www.conciliae.fr shown. Do you have a dedicated server?


#5

Thank you all very much for your responses.
I followed all your advices, but the problem is still persisting.

@stevenzhu
I never heard about DKIM, SPF and DMARC before (my bad!). I spent my day on it. I eventually set them up correctly (mxtoolbox displays results about them as successful).
Maybe the propagation of the related DNS entries may take some time that is the origin of the problem for now?
We simplified the content at most. Now the email has only some text and a link (https://www.conciliae.fr/emailvalidation).

@tdelmas
Gmail used to classify our email as spam but it’s not the case anymore. Could it be the origin of the problem?
Regarding the point 4 (If the email/domain is unauthenticated), now DKIM, SPF and DMARC were correctly set up. Is there something else to do?
For the rest of these points, everything is done (the domain is authenticated to Gmail, like described in the point 7).


#6

@JuergenAuer
I read somewhere that FABELSOURCES is obsolete and not used anymore. As a precaution, I requested the removal of our IP address from the blacklist. The IP address isn’t blacklisted anymore and sadly it doesn’t solve the problem :(. Could it come also from the time the information needs to propagate?

I don’t know what to do anymore. Maybe if I wait some time the problem will be solved.
I will keep you updated. Feel free to reply if you have new ideas.
In any case, thank you all a lot.


#7

Hi,

Could you try to sent a test email to test@stevenz.net with some dummy contents that normally get the error message(after all things propergated)?

In that way I could test if all things are working properly…

Thank you


#8

I’m sorry, I’m not an email expert, but as far as I know you did the right things, and I don’t think about anything more right now.


#9

Hi @stevenzhu,

I juste sent you the email (after a waiting time of 24 hours).

Thank you for your help.


#10

Hi,

Your SPF validation failed… (but all other things look good)

Your site is fine… But the IP you used to sent emails was listed on 3 chinese blacklists…

I’m still not sure what happened… since Google purely think your site is suspecious…

Thank you


#11

Hi @stevenzhu,

It’s weird because on our side SPF is marked as passed by Gmail:

SPF was the only service our domain provider proposed to configure automatically for us. I will try to contact them tomorrow.

Indeed, when the email contains a link for another site (like https://youtube.com) the popup isn’t displayed.

Thank you.


#12

Did you find any proper solution to this? this is something really nasty, would like to know more.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.