Solved

Senderbase.org Poor Reputation

Posted on 2013-01-10
1
1,270 Views
Last Modified: 2013-03-20
We have been getting some of our emails rejected because of Senderbase.org. I checked and we have a poor rating.

Here is an example of a failed email message we get bounced back:
SMTP error from remote mail server after end of data:
    host mail.alwayscarebenefits.com [24.249.137.213]:
    554 Transaction Failed Spam Message not queued.



A couple of months ago our email system (MailEnabled) got jacked and we sent thousands of spam emails. That has been resolved and everything was working ok, until several days ago. So I contacted Senderbase.org and here is the reply I received.

SenderBase uses a variety of techniques to determine what IP addresses are behaving highly suspiciously and are likely to have been compromised into sending spam or viruses. Your mail server is demonstrating suspicious behavior and we suggest that you investigate/fix the following:

* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain

To this end, one of the HELO string we are seeing "[192.168.1.3]" which is not an exact match to the PTR of the IP 66.148.139.130 (secureemail.ventureusenterprises.com).  This contravenes RFC2821, section 4.1.1.1 which states, "These [HELO] commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available." I would suggest speaking with your provider about this if they are really using an improperly formatted HELO string.


I checked our HELO string and here is what it says:

Received: from secureEmail.company.com ([66.148.139.XXX]) by BAY0-MC2-F3.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
       Wed, 9 Jan 2013 13:49:33 -0800
Received: from smtpd by localhost.localdomain with local (Exim 4.71)
      (envelope-from <person@company.com>)
      id 1Tt3We-0006X4-PI
      for user@hotmail.com; Wed, 09 Jan 2013 15:49:32 -0600
Received: from Unknown (HELO secureEmail.company.com) (192.168.1.249)
    by secureEmail.company.com (qpsmtpd/0.40) with ESMTP; Wed, 09 Jan 2013 15:49:32 -0600
Received: from ITPC ([192.168.1.1]) by company.com with MailEnable ESMTP; Wed, 9 Jan 2013 15:48:09 -0600
From: "person" <person@company.com>
To: <user@hotmail.com>
Subject:


Before the HELO string did not match the secureemai.company.com string. I made the change a couple of days ago and still have a poor rating.

I checked our reverse DNS and it is pointing to secureemail.company.com with the correct IP.

I checked MXToolBox and Secureemail.company.com is pointed to the correct IP

Im not being blacklisted anywhere.

What am I missing?
0
Comment
Question by:NoobNKC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 16

Accepted Solution

by:
grahamnonweiler earned 500 total points
ID: 38764231
You are not missing anything. Senderbase is looking at the entire header, rather than solely the final sending SMTP server. This type of filtering is somewhat excessive, as in the majority of corporate email environments, a private (local) IP address is likely to appear in the headers.

However, even with your changes, Senderbase.org will take its time to "eventually" remove your poor rating - but there is very little you can do to speed that process up.

If you have another public IP address that you can use to send outgoing SMTP from, then use that. If you do not have a spare IP address, then you could sign up for an SMTP Relay service until your IP is cleared.

Senderbase are notoriously quick to denote an IP as "poor" - but conversely ridiculously slow in removing them after the problem (if there ever was one) has been remedied.

Anyone relying on Senderbase as means of AntiSpam filtering should really consider a more reliable RDNSBL.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question