Waarom beland mail van configureerde e-mailgroep vaak onterecht in SPAM folder?

Ik heb een E-mailgroep op mijn eigen domein (beheerd in de mijn.freedom.nl omgeving) welke geconfigureerd staat naar twee @freedom.nl mailboxen. Mail naar de e-mailgroep beland regelmatig onterecht in de SPAM folder.

Hieronder de volledige X-Soverin-Spam-Result (waarbij privacy gevoelige gedeeltes zijn geredigeerd):

X-Soverin-Spam-Result: default: False [7.97 / 15.00];
	SPAM_FLAG(5.00)[];
	S_DOMAIN_PROB_0_75(3.00)[];
	S_OK(-2.00)[];
	FORGED_RECIPIENTS(2.00)[m:%%%REDACTED%%%@huize-zwet.nl,s:%%%REDACTED_USER1%%%@freedom.nl,s:%%%REDACTED_USER2%%%@freedom.nl];
	PHISHING(0.50)[%%%REDACTED_REMOTE_DOMAIN%%%->mlsend.com];
	DMARC_POLICY_ALLOW(-0.50)[%%REDACTED_REMOTE_DOMAIN%%%,none];
	FORGED_SENDER(0.33)[hallo@REDACTED_REMOTE_DOMAIN,SRS0=RwFC=QD=mlsend.com=bounce-131656514005894337a475212@soverin.net];
	R_SPF_ALLOW(-0.20)[+ip4:%%%REDACTED_IPV4%%%:c];
	R_DKIM_ALLOW(-0.20)[%%%REDACTED_REMOTE_DOMAIN%%%:s=litesrv,mlsend.com:s=litesrv];
	ZERO_FONT(0.11)[1];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	MANY_INVISIBLE_PARTS(0.05)[1];
	MX_GOOD(-0.01)[];
	HAS_LIST_UNSUB(-0.01)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	ARC_NA(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FUZZY_BLOCKED(0.00)[rspamd.com];
	SUBJECT_HAS_QUESTION(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	HAS_REPLYTO(0.00)[hallo@%%%REDACTED_REMOTE_DOMAIN%%%];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_NEQ_ENVFROM(0.00)[hallo@%%%REDACTED_REMOTE_DOMAIN%%%,SRS0=RwFC=QD=mlsend.com=bounce-131656514005894337a475212@soverin.net];
	FROM_HAS_DN(0.00)[];
	TO_DN_EQ_ADDR_ALL(0.00)[];
	PRECEDENCE_BULK(0.00)[];
	ASN(0.00)[asn:211993, ipnet:185.233.34.0/24, country:NL];
	PREVIOUSLY_DELIVERED(0.00)[%%%REDACTED%%%@huize-zwet.nl];
	DKIM_TRACE(0.00)[%%%REDACTED_REMOTE_DOMAIN%%%:+,mlsend.com:+];
	MISSING_XM_UA(0.00)[];
	REPLYTO_EQ_FROM(0.00)[]

Ik kan geen uitleg vinden wat de scores betekenen, wat is bijvoorbeeld FORGED_RECIPIENTS(2.00)?

Ik kende forged recipients nog niet, maar google wist me te vertellen dat het bij meerdere BCC adressen kan triggeren:
when sending Mails with lots of BCC recipients and rspamd recognizes FORGED_RECIPIENTS it adds … FORGED_RECIPIENTS(2.00)[mailadress1 at one.domain,mailadress2 at second.domain…] … to the header of the mails.

Laat de mail verzender een of twee adressen per message verzenden.
(kam makkelijk in een MTA geregeld worden).

Ik heb hier nog twee voorbeelden. Deze komen niet van mailinglijsten o.i.d. Bericht van de bol.com en ee password reset mail van Spotify:

Bol.com:

Return-Path: <SRS0=wkC3=QP=verkopen.bol.com=eccd25a4-9ea4-43b8-8988-854d6b5e90b7@soverin.net>
Delivered-To: %%REDACTED_USER2%%freedom.nl
Received: from mx.soverin.net ([10.10.4.101])
    by storage.soverin.net with LMTP
    id xZIyCRn96Wbp5CAAGAUnpw
    (envelope-from <SRS0=wkC3=QP=verkopen.bol.com=eccd25a4-9ea4-43b8-8988-854d6b5e90b7@soverin.net>)
    for <%%REDACTED_USER2%%freedom.nl>; Tue, 17 Sep 2024 22:05:13 +0000
Received: from forward.soverin.net (forward.soverin.net [IPv6:2a10:de80:1:4092:b9e9:229b:0:1])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
    (No client certificate requested)
    by mx.soverin.net (Postfix) with ESMTPS id 4X7bS75trPzvS;
    Tue, 17 Sep 2024 22:05:11 +0000 (UTC)
Authentication-Results: mx.soverin.net;
    dkim=pass header.d=verkopen.bol.com header.s=verkopen header.b=RHeG3X6P;
    dmarc=pass (policy=quarantine) header.from=verkopen.bol.com;
    spf=pass (mx.soverin.net: domain of "SRS0=wkC3=QP=verkopen.bol.com=eccd25a4-9ea4-43b8-8988-854d6b5e90b7@soverin.net" designates 2a10:de80:1:4092:b9e9:229b:0:1 as permitted sender) smtp.mailfrom="SRS0=wkC3=QP=verkopen.bol.com=eccd25a4-9ea4-43b8-8988-854d6b5e90b7@soverin.net"
Received: from mx.soverin.net (unknown [10.10.4.74])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    key-exchange X25519 server-signature RSA-PSS (4096 bits))
    (No client certificate requested)
    by forward.soverin.net (Postfix) with ESMTPS id 4X7bS74WrDz10q2
    for <%%REDACTED%%huize-zwet.nl>; Tue, 17 Sep 2024 22:05:11 +0000 (UTC)
Received: from pro-mail-smtp-003-vip5.bol.com (pro-mail-smtp-003-vip5.bol.com [185.14.168.133])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
    (No client certificate requested)
    by mx.soverin.net (Postfix) with ESMTPS id 4X7bS72yrSzvS
    for <%%REDACTED%%huize-zwet.nl>; Tue, 17 Sep 2024 22:05:11 +0000 (UTC)
Authentication-Results: mx.soverin.net;
    dkim=pass header.d=verkopen.bol.com header.s=verkopen header.b=RHeG3X6P;
    spf=pass (mx.soverin.net: domain of eccd25a4-9ea4-43b8-8988-854d6b5e90b7@verkopen.bol.com designates 185.14.168.133 as permitted sender) smtp.mailfrom=eccd25a4-9ea4-43b8-8988-854d6b5e90b7@verkopen.bol.com;
    dmarc=pass (policy=quarantine) header.from=verkopen.bol.com
Received: from pro-mail-smtp-003-aip29.bolcom.net (pro-mail-smtp-003-buffer.bolcom.net [10.128.1.66])
    by pro-mail-smtp-003-vip5.bol.com (Postfix) with ESMTP id 003DCB002426
    for <%%REDACTED%%huize-zwet.nl>; Wed, 18 Sep 2024 00:05:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verkopen.bol.com;
    s=verkopen; t=1726610711;
    bh=9VPTJUASpUKUTFJO/otKkgof4DRGHEZXrMP0vBiVASY=;
    h=Date:From:To:Subject;
    b=RHeG3X6PVNsiIIhF78Ggl6o219gkbyvrDO5H6THQ76uts4sN+c0nVYkBX6Luvpm92
    Wf/VitA+KoZWCgpYyJfqTO3knvdBh1zy12cwSznZMzy7wf6VcH63/eSPGoM3aVPKNO
    dKcrXotPtELXeqsX47dnsx5psT3LX/T1cR62Y3is=
Received: from pro-mail-cloudrelay-004.bol.com (pro-mail-cloudrelay-004.bolcom.net [10.128.20.31])
    by pro-mail-smtp-003-aip29.bolcom.net (Postfix) with ESMTP id 3E425D002DED
    for <%%REDACTED%%huize-zwet.nl>; Wed, 18 Sep 2024 00:05:10 +0200 (CEST)
Received: from aex-deploy-5c855c5c4-9r9c9 (unknown [127.0.0.6])
    by pro-mail-cloudrelay-004.bol.com (Postfix) with ESMTP id 34FF51800090
    for <%%REDACTED%%huize-zwet.nl>; Wed, 18 Sep 2024 00:05:10 +0200 (CEST)
Date: Wed, 18 Sep 2024 00:04:54 +0200 (CEST)
From: "%%REDACTED_SENDER%%" <noreply@verkopen.bol.com>
To: %%REDACTED%%huize-zwet.nl
Message-ID: <1671305793.2652.1726610710189@mail-cloudrelay.mail.pro.bolcom.services>
Subject: %%REDACTED_SUBJECT%%
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_Part_2650_391468958.1726610710186"
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.4 cv=EbjOQumC c=0 sm=1 tr=0 ts=66e9fd17 awl=host:18239
X-Soverin-Spam-Level: *
X-Soverin-Spam-Result: default: False [1.72 / 15.00];
    FORGED_RECIPIENTS(2.20)[m:%%REDACTED%%huize-zwet.nl,s:%%REDACTED_USER1%%freedom.nl,s:%%REDACTED_USER2%%freedom.nl];
    DMARC_POLICY_ALLOW(-0.50)[verkopen.bol.com,quarantine];
    FORGED_SENDER(0.33)[noreply@verkopen.bol.com,SRS0=wkC3=QP=verkopen.bol.com=eccd25a4-9ea4-43b8-8988-854d6b5e90b7@soverin.net];
    R_DKIM_ALLOW(-0.20)[verkopen.bol.com:s=verkopen];
    R_SPF_ALLOW(-0.20)[+ip6:2a10:de80:1:4092:b9e9:229b::1:c];
    MIME_HTML_ONLY(0.20)[];
    MIME_GOOD(-0.10)[multipart/mixed];
    MX_GOOD(-0.01)[];
    ARC_NA(0.00)[];
    MISSING_XM_UA(0.00)[];
    ASN(0.00)[asn:211993, ipnet:2a10:de80::/32, country:NL];
    RCPT_COUNT_ONE(0.00)[1];
    MIME_TRACE(0.00)[0:+,1:~,2:~];
    FUZZY_BLOCKED(0.00)[rspamd.com];
    HAS_ATTACHMENT(0.00)[];
    REDIRECTOR_URL(0.00)[sendgrid.net];
    FROM_NEQ_ENVFROM(0.00)[noreply@verkopen.bol.com,SRS0=wkC3=QP=verkopen.bol.com=eccd25a4-9ea4-43b8-8988-854d6b5e90b7@soverin.net];
    FROM_HAS_DN(0.00)[];
    NEURAL_HAM(-0.00)[-0.964];
    RCVD_COUNT_FIVE(0.00)[5];
    PREVIOUSLY_DELIVERED(0.00)[%%REDACTED%%huize-zwet.nl];
    TO_DN_NONE(0.00)[];
    RCVD_TLS_LAST(0.00)[];
    DKIM_TRACE(0.00)[verkopen.bol.com:+]
X-Cloudmark-Verdict: spam
X-CMAE-Score: 100
X-CMAE-Analysis: v=2.4 cv=EbjOQumC c=0 sm=1 tr=0 ts=66e9fd18
    p=-SBe4VvAAAAA:8 a=5mt8fOQDYxzdREgrYC6DOg==:17 a=1oJP67jkp3AA:10
    a=EaEq8P2WXUwA:10 a=fN10o2OVBXYA:10 a=g8TUdU_LZmEA:10 a=SSmOFEACAAAA:8
    a=3g80flMcAAAA:8 a=ttGeQjMJAAAA:8 a=CdiQOFsWAAAA:8
X-Cloudmark-Reporter: YNh1M/i2fQkAe1RT4SZ2k6+sYNc=

Spotify:


Return-Path: <bounces+1785577-37eb-%%REDACTED%%=huize-zwet.nl@em.spotify.com>
Delivered-To: %%REDACTED_USER2%%freedom.nl
Received: from mx.soverin.net ([10.10.4.102])
    by storage.soverin.net with LMTP
    id lvXgI9kX72a0vTYAGAUnpw
    (envelope-from <bounces+1785577-37eb-%%REDACTED%%=huize-zwet.nl@em.spotify.com>)
    for <%%REDACTED_USER2%%freedom.nl>; Sat, 21 Sep 2024 19:00:41 +0000
Received: from o7.em.spotify.com (o7.em.spotify.com [208.117.48.82])
    (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
    key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
    (No client certificate requested)
    by mx.soverin.net (Postfix) with ESMTPS id 4X9z9M1Whgzbx
    for <%%REDACTED%%huize-zwet.nl>; Sat, 21 Sep 2024 19:00:38 +0000 (UTC)
Authentication-Results: mx.soverin.net;
    dkim=pass header.d=spotify.com header.s=s1 header.b=bg1QTU3W;
    spf=pass (mx.soverin.net: domain of "bounces+1785577-37eb-%%REDACTED%%=huize-zwet.nl@em.spotify.com" designates 208.117.48.82 as permitted sender) smtp.mailfrom="bounces+1785577-37eb-%%REDACTED%%=huize-zwet.nl@em.spotify.com";
    dmarc=pass (policy=reject) header.from=spotify.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spotify.com;
    h=content-type:from:mime-version:subject:to:cc:content-type:from:
    subject:to;
    s=s1; bh=Jo8vyWEH+5OSKzqsCscsqTVEIjiw7IBKsAVB5cUwHMk=;
    b=bg1QTU3WWLYhD3fJuEzE4I/CusgwHU5G3hsqSZ+1Jy2Lf0NxCLjfwmuiFyQkJ74aA3Mr
    BMHovbg5EimcVsAZAAxCwM2qa/bLM8pvTyv7cdGi0J1qJEbP39H1RtdPN9ZbKryTcsX4Ul
    RQLOjFKJLGfac8RX3eozPlFb1drABeb2vm3hFS/1FwKOJP+d4RSq440FGc4a1fcS42UWvW
    lyhiXKFtef3Nmor+/sYuRmVME6BYUmVzvV8GB/be7hL1R64xIaTvN3xtBsjxxm3wiZQT7p
    ZB6c0/4bYTI9n3cOG12B6c1Ua2LVCdekP1K594NYt8jC+q94aQbwujRlnDIoU9dg==
Received: by recvd-65bdd88ff5-jvd4z with SMTP id recvd-65bdd88ff5-jvd4z-1-66EF17CE-37
    2024-09-21 19:00:30.770237943 +0000 UTC m=+781322.519999902
Received: from MTc4NTU3Nw (unknown)
    by geopod-ismtpd-7 (SG) with HTTP
    id f9gK8aTpR-iEFSWnGeJDug
    Sat, 21 Sep 2024 19:00:30.768 +0000 (UTC)
Content-Type: multipart/alternative; boundary=56136b41e1bb2ddf454c13ba7d80872b0c06ea9e2e964eb6284b4ed7bf1f
Date: Sat, 21 Sep 2024 19:00:30 +0000 (UTC)
From: Spotify <no-reply@spotify.com>
Mime-Version: 1.0
Message-ID: <f9gK8aTpR-iEFSWnGeJDug@geopod-ismtpd-7>
Subject: Weer toegang krijgen tot je Spotify-account
X-SG-EID:
    =?us-ascii?Q?u001=2EZD5aH33R6V7weoiTHIdZyDuP+A6pZLQL0nRW+xTj31Msb5xf5uAbZIKpG?=
    =?us-ascii?Q?ToelTWVR8rVonvMrj0NERWIakIdZIRsFW0r4FIS?=
    =?us-ascii?Q?UjM8y9VKTMeoLIsz2LPcv8z1MfWIqoEr20zUlK=2F?=
    =?us-ascii?Q?b6caklrR1IQ1YnIJOcXF7eOpHxEcrK342i0qE+P?=
    =?us-ascii?Q?XE8raRFXHeCrGHr98g9IyxxDjFkVWhMZEImkkZz?=
    =?us-ascii?Q?beSxGjQ9UBh2c0g3XhmGOA=3D?=
X-SG-ID:
    =?us-ascii?Q?u001=2ESdBcvi+Evd=2FbQef8eZF3BoMNuFmcP5rq+Py=2FzrrMdK4rtEj2suPbIVLVE?=
    =?us-ascii?Q?5AYNoH3vMYCGktzGeb4I3joAsEEeZiwJtPPhfFy?=
    =?us-ascii?Q?jfqayTUiItuKcyZarrewvEw=2F68Swpu=2FdRisBCGP?=
    =?us-ascii?Q?i0WrtziaFn0ZIZeTdkcnRaVEcLweNbRpNYwQOQ3?=
    =?us-ascii?Q?a0wxeUbHYcyZj=2FN8xCf5lEu0C0rBzuniYexN4Wf?=
    =?us-ascii?Q?41wv47HGfG9vD+5z1UUq8CcvwOVjAuzVNlggVrh?=
    =?us-ascii?Q?ax4Whz2HnJeGn+IFSOvEDH+zKbCaS67duoWRAIl?=
    =?us-ascii?Q?3nhPCPGochN4jzZSTHbo2TOQqtBqjpD=2FtUvn=2Fgd?=
    =?us-ascii?Q?YS4tfaHyQQtKYBEbR65aEM84BGobEefrf086L4q?=
    =?us-ascii?Q?m1uwljF9x2jVzFw?=
To: %%REDACTED%%huize-zwet.nl
X-Entity-ID: u001.Bqt4P4G2uDnqBUZHczWe5Q==
X-Soverin-Spam-Result: default: False [-2.71 / 15.00];
    WHITELIST_SPF_DKIM(-3.00)[spotify.com:d:+,spotify.com:s:+];
    DMARC_POLICY_ALLOW(-0.50)[spotify.com,reject];
    MV_CASE(0.50)[];
    MID_RHS_NOT_FQDN(0.50)[];
    FORGED_SENDER(0.30)[no-reply@spotify.com,bounces@em.spotify.com];
    R_SPF_ALLOW(-0.20)[+ip4:208.117.48.0/20:c];
    R_DKIM_ALLOW(-0.20)[spotify.com:s=s1];
    MIME_GOOD(-0.10)[multipart/alternative,text/plain];
    MX_GOOD(-0.01)[];
    TO_MATCH_ENVRCPT_ALL(0.00)[];
    ARC_NA(0.00)[];
    FROM_HAS_DN(0.00)[];
    RWL_MAILSPIKE_POSSIBLE(0.00)[208.117.48.82:from];
    ASN(0.00)[asn:11377, ipnet:208.117.48.0/21, country:US];
    MIME_TRACE(0.00)[0:+,1:+,2:~];
    MISSING_XM_UA(0.00)[];
    RCVD_TLS_LAST(0.00)[];
    FROM_NEQ_ENVFROM(0.00)[no-reply@spotify.com,bounces@em.spotify.com];
    NEURAL_HAM(-0.00)[-1.000];
    TAGGED_FROM(0.00)[1785577-37eb-%%REDACTED%%=huize-zwet.nl];
    FUZZY_BLOCKED(0.00)[rspamd.com];
    TO_DN_NONE(0.00)[];
    RCVD_COUNT_TWO(0.00)[2];
    RCPT_COUNT_ONE(0.00)[1];
    DKIM_TRACE(0.00)[spotify.com:+]
X-Cloudmark-Verdict: spam
X-CMAE-Score: 100
X-CMAE-Analysis: v=2.4 cv=EbjOQumC c=0 sm=1 tr=0 ts=66ef17d9 b=1
    p=fzyff2Gen9yoc3CkrG0A:9 a=kPda4FdYI8cKv0SffRNFhQ==:117
    a=kPda4FdYI8cKv0SffRNFhQ==:17 a=O76VCmqbo-wA:10 a=otRC33yBpwAA:10
    a=g8TUdU_LZmEA:10 a=WgwJIo3SAAAA:8 a=t-IPkPogAAAA:8 a=1XWaLZrsAAAA:8
    a=BFPSyBzdAAAA:8
X-Cloudmark-Reporter: eMsHaWiRGjfjvtcguOLgW8FxgI0=

Waarom belanden deze nu in de SPAM map? Hier zie ik helemaal geen indicatie deze deze boven de ingestelde score factor van ‘5’ komen.