Mjml: Using font-size: 0 triggers Rspamd and some ISP anti-spam

No need to reopen the issue, this has been replied here https://github.com/mjmlio/mjml/issues/1045#issuecomment-372969066

@iRyusa Yes I understand, but the other issue was only reporting it from a code review point of view, not a real world example. Mine is a real world example from today. If you prefer you can reopen the other issue.

For example, I cannot receive Mailjet transaction emails, they are soft rejected. This zero font size triggers ZERO_FONT, MANY_INVISIBLE_PARTS and BAYES_SPAM.

You can just apply a inline rule to replace all occurences of them if you need so.

<mj-style inline="inline">
  *[style*="font-size:0px"] { font-size: 1px !important; }
</mj-style>

As we said, we don't want to remove it because it's a fix for some webkit based clients with inline-block. If you're not really happy with that, you can just fork those components, remove the font-size:0 and you'll be fine.

Thanks, I didn't know the existence of this inline rule.

However I'm a little bit surprised by your answer because in the previous issue, @ngarnier said it was not a problem because it was not really triggering the anti-spam and was not affecting delivery, but here I showed that it's maybe not true anymore, even for Mailjet. So I didn't expect this kind of answer, but it's ok, I'll go fork it.

Let me clarify, here's how we see it:

• Pros of using font-size:0px: fixes rendering issues with common and popular webkit-based email clients
• Cons of using font-size:0px: _might_ add to the SPAM score of _some_ anti-SPAM filters

Like previously mentioned, we're not seeing any deliverability issues due to this style, either at Mailjet or in the community, so the pros largely exceed the cons.

About Rspamd specifically, flagging an email as spam for the sole usage of this style would be largely debatable. While I'm no expert at Rspamd, from what I can read in their documentation though, Rspamd is not doing this. Per their documentation:

soft reject: temporarily delay message (this is used, for instance, to greylist or ratelimit messages)

Finally, even if this style adds some points to the SPAM score, good practices will largely compensate to make sure the email makes it to the inbox. If you encounter issues making it to the inbox, I would rather recommend using an ESP whose main job is precisely email deliverability.

Understood. FYI when Rspamd flags as Soft reject, it will frequently send it to the spam folder just after. On this rule, Rspamd mitigate the ZeroFont exploit that is used to show some content to the anti-phishing system that is reading all characters, even the one with a font-size:0, and the real content shown to the user.

For example : Micro<span style="font-size:0;">pomme</span>soft.

Thanks again for your time!

Yep, the related exploit is totally understood, but what I'm challenging is rather the fact that this by itself should send an email to spam.

Thanks for sharing those details!

Rspamd does not solely flag an E-Mail as Spam if the ZERO_FONT rule is triggered.
However this will at +1 to your overall Score.

If your score passes a certain threshold (depending on individual configs of the mail providers) your email will be marked greylisted or even blacklisted. (iirc above 5 will greylist you | send mail to spam on default setting of rspamd)

So while not the only reason this is quite a big factor ( i.e forged sender will give you +0.3 points) and should, imho, be avoided if possible.

Please consider too that those spam detection rules are sometimes very loosely / will give you false positives.
Like some transactional mails from i.e. Amazon will have a score of 3 or even 4 (if you don't substract the standing/reputation of the IP/DKIM Whitelist which you as a small company usually don't have right away)

If you can with a reasonable amount of effort avoid a +1 on a spam score: please do

Again if this is your concern : https://github.com/mjmlio/mjml/issues/2062#issuecomment-713086135 there's a quick hack to get this done. We've never found any issue with spam score in our data related to MJML.

In fact the quick hack does not fully work, because it does not replace styles in conditionnal code <!--[if mso | IE]>.

Hi,

We invested a lot into building email templates on MJML only to have them rejected by the vendor we're using to send them. We pushed back but they were not willing to change their position on font-size: 0. I don't think this is an issue worth dismissing quite yet.