Senderbase.org Poor Reputation
Posted on 2013-01-10
We have been getting some of our emails rejected because of Senderbase.org. I checked and we have a poor rating.
Here is an example of a failed email message we get bounced back:
SMTP error from remote mail server after end of data:
host mail.alwayscarebenefits.com [22.214.171.124]:
554 Transaction Failed Spam Message not queued.
A couple of months ago our email system (MailEnabled) got jacked and we sent thousands of spam emails. That has been resolved and everything was working ok, until several days ago. So I contacted Senderbase.org and here is the reply I received.
SenderBase uses a variety of techniques to determine what IP addresses are behaving highly suspiciously and are likely to have been compromised into sending spam or viruses. Your mail server is demonstrating suspicious behavior and we suggest that you investigate/fix the following:
* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain
To this end, one of the HELO string we are seeing "[192.168.1.3]" which is not an exact match to the PTR of the IP 126.96.36.199 (secureemail.ventureusenterprises.com). This contravenes RFC2821, section 188.8.131.52 which states, "These [HELO] commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available." I would suggest speaking with your provider about this if they are really using an improperly formatted HELO string.
I checked our HELO string and here is what it says:
Received: from secureEmail.company.com ([66.148.139.XXX]) by BAY0-MC2-F3.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Wed, 9 Jan 2013 13:49:33 -0800
Received: from smtpd by localhost.localdomain with local (Exim 4.71)
for email@example.com; Wed, 09 Jan 2013 15:49:32 -0600
Received: from Unknown (HELO secureEmail.company.com) (192.168.1.249)
by secureEmail.company.com (qpsmtpd/0.40) with ESMTP; Wed, 09 Jan 2013 15:49:32 -0600
Received: from ITPC ([192.168.1.1]) by company.com with MailEnable ESMTP; Wed, 9 Jan 2013 15:48:09 -0600
From: "person" <firstname.lastname@example.org>
Before the HELO string did not match the secureemai.company.com string. I made the change a couple of days ago and still have a poor rating.
I checked our reverse DNS and it is pointing to secureemail.company.com with the correct IP.
I checked MXToolBox and Secureemail.company.com is pointed to the correct IP
Im not being blacklisted anywhere.
What am I missing?