php email spam swiftmailer spam-prevention

Bypass Gmail's spam filter (mails sent with PHP from a shared host)

TL;DR

Mails sent from shared hosting (such as a cheap domain from Unoeuro or One.com) end up in spam. How to fix?

Details

I made a mail-system, that first generated a PDF-file (using FPDF), whereafter it sent the PDF-file as an attachment with PHP's Swiftmailer. This email was sent out to 130 people (as a 'one-of' invoice). But it landed in the spam-filter for almost everybody. I tried adjusting SwiftMailers header-settings, but without any luck. Even mails that I haven't sent to before (thoroughly tested). This was my initial setup:

function sendMailEt($toEmail, $toName, $invoiceNumber){

  $username = 'EMAIL-ACCOUNT1@THE-DOMAIN.DK';
  $pw = 'THE-PASSWORD';
  $from_company = 'FROM COMPANY';
  $subject = 'Thanks for signing up - COMPANY NAME';
  $sender_array = ['EMAIL-ACCOUNT1@THE-DOMAIN.DK' => 'Company name'];
  $body_text = 'A brief body, that explains that this is an invoice and that it has to be paid within 5 days. (written in danish)'
  $pdf_url = '/URL-TO-THE-PDF-FILE.pdf';

  require_once('includes/lib/swift_required.php');
  $transport = Swift_SmtpTransport::newInstance('mailout.one.com', 25)
    ->setUsername($username)
    ->setPassword($pw);    

  $mailer = Swift_Mailer::newInstance($transport);

  $message = Swift_Message::newInstance($from_company)
        ->setSubject($subject)
        ->setFrom($sender_array)
        ->setTo(array($toEmail => $toName))
          ->setBody($body_text)
          ->addPart($body_text, 'text/html')
          ->attach(Swift_Attachment::fromPath($pdf_url));
  $result = $mailer->send($message);
}

I also tried sending out the emails with PHP's native mail()-function, and then simply link to the invoice ( http://www.company-domain-name.dk/invoice/base64_encoded-name.pdf )... Same result (spam).

I tried writing the entire header myself. I've read a numerous amount of forums about what headers should include, but they all wrote different things. So I tried a few different things (both emails I had sent to previously and emails I hadn't)... Same result (spam).

Then I tried writing the header exactly as MailChimps does, in their header. That led me to this:

$headers = "Reply-To: Company name <UNUSED-EMAIL-ACCOUNT-FROM-DOMAIN@DOMAIN-NAME.DK>\r\n"; 
$headers .= "Return-Path: Company name <UNUSED-EMAIL-ACCOUNT-FROM-DOMAIN@DOMAIN-NAME.DK>\r\n"; 
$headers .= "From: Message from Company name <UNUSED-EMAIL-ACCOUNT-FROM-DOMAIN@DOMAIN-NAME.DK>\r\n"; 
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Sender: Message from Company name <UNUSED-EMAIL-ACCOUNT-FROM-DOMAIN@DOMAIN-NAME.DK>\r\n";
$headers .= "Content-type: text/plain; charset=\"utf-8\"; \r\n";
$headers .= "X-Mailer: PHP". phpversion() ."\r\n";

I send the mail like this:

mail($toName . '<'.$toEmail.'>', utf8_decode('Faktura på depositumet'), utf8_decode($someMessage), $headers);

... Same result (spam).

The webspace is with One.com, so I can't use PHPmailer (since that has to be installed, and that can't be done on one.com's servers). And I can't define a SPF with One.com.

All I want, is to be able to send emails that doesn't go to spam.

Questions

Is it because my header is off, or is it something 'deeper down'?
Does the Gmail-spam filter ban single email accounts (such as this@example.com) or does it ban entire domains (such as @example.com)?
Can one get a blacklisted email whitelisted somehow?

Additional comment 1 - Further attempts

I have now tried a further number of things:

I tried adding LoneWolfPR's returnpath, like recommended, and it didn't help.
I contacted One.com (the hosting company), and confirmed with them, that it isn't possible to set a SPF-record or a DKIM-record. It still isn't.
I considered setting up an 'unsubscribe'-link, with a link to a website with a form, but I didn't believe that approach. I mean - invoices are sent all the time, with e-mails. And why should you be able to unsubscribe an invoice?! Since that made so far from sense in my head, then I only tried it for about 20 minutes (obviously, without results).

My current email header (gotten from Gmail, by clicking the 'View original'):

Delivered-To: NEWLY-CREATED-GMAIL-ACCOUNT@gmail.com
Received: by 10.76.75.104 with SMTP id b8csp48728oaw;
        Sat, 16 Mar 2013 17:32:56 -0700 (PDT)
X-Received: by 10.152.116.45 with SMTP id jt13mr7897860lab.0.1363480376067;
        Sat, 16 Mar 2013 17:32:56 -0700 (PDT)
Return-Path: <XXX111@DOMAIN-NAME.dk>
Received: from mail-out2.b-one.net (mail-out2.one.com. [91.198.169.19])
        by mx.google.com with ESMTP id p10si4637427lbb.120.2013.03.16.17.32.55;
        Sat, 16 Mar 2013 17:32:55 -0700 (PDT)
Received-SPF: neutral (google.com: 91.198.169.19 is neither permitted nor denied by best guess record for domain of XXX111@DOMAIN-NAME.dk) client-ip=91.198.169.19;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 91.198.169.19 is neither permitted nor denied by best guess record for domain of XXX111@DOMAIN-NAME.dk) smtp.mail=XXX111@DOMAIN-NAME.dk
Date: Sat, 16 Mar 2013 17:32:55 -0700 (PDT)
Message-Id: <51450f37.6a0b700a.6239.5dbcSMTPIN_ADDED_MISSING@mx.google.com>
Received: from localhost.localdomain (srv18.one.com [193.202.110.18])
  by mail-out2.b-one.net (Postfix) with ESMTP id F3D0B10365
  for <NEWLY-CREATED-GMAIL-ACCOUNT@gmail.com>; Sun, 17 Mar 2013 01:32:53 +0100 (CET)
Received: from 85.218.159.219 by www.DOMAIN-NAME.dk via URL_TO_THE_SCRIPT.php with HTTP; Sun, 17 Mar 2013 00:32:53 +0000
To: RECIEVERS_NAME <NEWLY-CREATED-GMAIL-ACCOUNT@gmail.com>
Subject: EMAIL-SUBJECT
X-PHP-Originating-Script: 87486:NAME-OF-THE-SCRIPT-THE-E-MAIL-WAS-SENT-FROM.php
Reply-To: COMPANY NAME <XXX111@DOMAIN-NAME.dk>
From: Besked fra COMPANY NAME <XXX111@DOMAIN-NAME.dk>
MIME-Version: 1.0
Sender: Besked fra COMPANY NAME <XXX111@DOMAIN-NAME.dk>
Content-type: text/plain; charset="utf-8"; 
X-Mailer: PHP5.3.21

Solution

Solution: Use Mailgun (not tested) or Sendgrid (tested and works wonders!). There is a price-difference between the two, - but in short: Mailgun is good if you're small; Sendgrid is good if you're big.

Either that, - or send mails using MailChimps API or something. It's can't be fixed on shared hosts (most likely). The reason is below.

Explanation: I've later learned more about how shared hosts work. Imagine that several different sites are located on the same server (such as domain-1.org, domain-2.org and domain-3.org). That means that if domain-3.org sends a bunch of crap-emails, then Gmail (and other spam-filters) mark that IP-address as spam. So if domain-2.org then send out stuff, then that'll (probably) come from the some IP-address and therefore end up in spam. Shared hosts can't really do anything about it (and don't care, since so few people have this problem). And that is why it's so cheap.

Sendgrid and Mailguns IP-addresses are marked as 'fine' by all the spam-filters, and that's the service that you're paying for with them. They keep it that way, by monitoring how many emails you send out are being marked as 'spam'. If it's something like 5%-10% or something crazy low, then Sendgrid/Mailgun will block your account until you fix it (going through a long process, where you have to contact their customer service and do 1.000 hail-Mary's and all kinds of wierd stuff).

I heard that if you get your own server (which is way more expensive), and set up your own mail-server, then you have to be really careful, not to be marked as spam. Cause spam-filter are really tough nowadays...