My outgoing mail from this service have a SPAM score of 6/15 (lower is better).
Score is calculated in this way:
- HTML_SHORT_LINK_IMG_1 (2): remote content (links to images stored in my Bitwarden instance)
- MISSING_MIME_VERSION (2): “MIME-Version” header is missing from MIME message
- MIME_BASE64_TEXT_BOGUS (1): there is text encoded in base64 that does not contain any 8bit characters
- MID_CONTAINS_FROM (1): “Message-ID” contains “From” address
- MIME_BASE64_TEXT (0.1): there is text encoded in base64
- MIME_GOOD (-0.1): Content part is ok
- Other 0 score parameters
An example mail looks like this (can’t attach text file):
Return-Path: <bitwarden@example.org>
Delivered-To: user@example.org
Received: from example.org
by ExampleORG with LMTP
id vb74Jh1//19FEwAAUprYAg
(envelope-from <bitwarden@example.org>)
for <user@example.org>; Thu, 14 Jan 2021 00:15:41 +0100
X-Original-To: <user@example.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.org;
s=r; t=1610579738;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:content-type:content-type;
bh=+pJwRCrL5OCaYf+yFOX4GlJSm5M1hWaImHBTUSQkJm8=;
b=TzK5HcwFTdrplC/thCZmJLqnw5iDOvidfmoJBcx+wRgM2pr9ha8RcdBrBLoqGcIoNahbfn
DqL/2VYP1Bt2dPaAgGvTKI9s7ijB3GsYirHVJI8Dvs+1HUHlei6vbmNh4kB5/+VVaqNLA5
TTfT6Wt4S1ZT6f9s44NWmtIP5zrNG1jWc4onyCsUJOFt21U/CauzVo5at5YUFeJH5VV5pe
VkWSGpGOyZDD4+nLm7QN4fyou1wc15yCUa0h5MbbDr9qPuNv5BcbdfSyZuOATQD1yuQ2ZM
5f3Xe83PPVj/GgjhNzpLl/lBDvhSn2MxF5XcDUwt8CUWHxemAxKAsI6/AEr5SA==
Message-Id: <1e90339fa1c844109dd9b5341e091ffd.bitwarden@example.org>
To: user@example.org
From: Bitwarden | ExampleORG <bitwarden@example.org>
Subject: New Device Logged In From Browser
Date: Wed, 13 Jan 2021 23:15:36 GMT
Content-Type: multipart/alternative; boundary="_Part_1e90339fa1c844109dd9b5341e091ffd_"
X-Spam: Yes
--_Part_1e90339fa1c844109dd9b5341e091ffd_
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset=utf-8
WW91ciBhY2NvdW50IHdhcyBqdXN0IGxvZ2dlZCBpbnRvIGZyb20gYSBuZXcgZGV2aWNlLgoKKiBEYXRlOiBUaHVyc2RheSwgSmFudWFyeSAxNCwgMjAyMSBhdCAxMjoxNTozNiBBTSArMDE6MDAKKiBJUCBBZGRyZXNzOiAxMC4xMC4xMC4xMAoqIERldmljZSBUeXBlOiBCcm93c2VyCgpZb3UgY2FuIGRlYXV0aG9yaXplIGFsbCBkZXZpY2VzIHRoYXQgaGF2ZSBhY2Nlc3MgdG8geW91ciBhY2NvdW50IGZyb20gdGhlIHdlYiB2YXVsdCAoIGh0dHBzOi8vYml0d2FyZGVuLmV4YW1wbGUub3JnLyApIHVuZGVyIFNldHRpbmdzID4gTXkgQWNjb3VudCA+IERlYXV0aG9yaXplIFNlc3Npb25zLgoKPT09CkdpdGh1YjogaHR0cHM6Ly9naXRodWIuY29tL2RhbmktZ2FyY2lhL2JpdHdhcmRlbl9ycw==
--_Part_1e90339fa1c844109dd9b5341e091ffd_
Content-Transfer-Encoding: base64
Content-Type: text/html; charset=utf-8

--_Part_1e90339fa1c844109dd9b5341e091ffd_--
Not related to SPAM, but how can setting “SMTP_DEBUG=true” show password? Aren’t they encrypted client side?