Link to home
Start Free TrialLog in
Avatar of tw525
tw525Flag for United States of America

asked on

Client tagged as spam

I went through this question in an earlier stage of this problem and unfortunately did not get the help I needed.  The issue is back and I'm taking a second stab at this.  However some new eyes look at it and can generate some helpful hints.  

I have a client that has a serious email issue.  There outbound email is being tagged as spam.  It's ending up in quarantines, junk mail folders or in some cases dropped or generates NDRs.    

We have changed the clients outbound domain name twice in an effort to resolve.  Every time we change the domain it improves for a month or two.  However, in both instances it has come back.

Initially the client was on Office365 when we noticed the problem.  As in an effort to trouble shoot this problem we moved them to Intermedia as their hosted mail provider.  The problem followed them there.

Their Outbound failures are not seen everywhere.  They can get through to 80-90% of their recipients.  However recipients hosted on GoDaddy, Comcast, Verizon, MRIS to name a few, as well as those that use McAfee as their anti spam are not cleanly receiving their mail.

The problem is it's difficult to see if an IP is on a blacklist.  Both O365 and Intermedia have numerous sender IPs.  I have looked at several messages that were successfully delivered, even those caught in quarantine.  When checking mxtoolbox and blacklistalerts, the IP usually isn't listed anywhere.

I had Intermida send me a weeks worth of outbound mail and looked through it myself.  I noticed only two messages in a weeks time that had more than 20 recipients.  Neither of those two look egregious.  Now this is a mortgage company, so most of the other mail looked legit, but is hard to determine from just a subject line.

So we turned our attention to the the organizations blocking the mail to see if they could shed some light.  This was a very difficult task as these companies don't want to share information that might clue me into how their systems work.  I pulled every resource available to me to try and get to the correct people at McAfee/MXLogic.  The only thing I learned is MXL reports that 40% of this clients mail is being tagged as spam by user.  40%!  that seems extremely high.  Based on what I saw from their outbound logs I don't see how 40% is coming from Intermedia.  But no organization blocking their mail will share why they are blocking.  Or at least they will not give me an example of an offending message, so i can see the headers and where it is coming from.

The only other oddity to this client is that this clients old IT service provider hosted this system on their in house exchange.  The client is worried that this old service provider is either intentionally or inadvertently causing this problem.  Without a smoking gun I can't rule this possibility out.  However the most recent outbound domain we created for this client is brand new.  It was never previously used or known by the old service provider.  So if they were sending out spam as the old domain name of this client, you would think that would not affect the new outbound domain.

This is a mortgage company, so the content of their legit mail may at times cover subjects that are the subject of spam.  However most of what I saw from their outbound logs looks like the majority of their mail are sent to specific users and cover specific loans.  I did not see much in the way of generic emails.  But I could only see the subject, not the content of the messages.

I could go on and on and am willing to do so if someone is interested to hear what we have tried and what we "think" we have ruled out.  However without the smoking gun, without an example of a message that was tagged as spam, I am completely in the dark.

So I guess my question is this.  If all these major mail organizations(hosts and spam filters) are keeping the curtain to the wizard tightly drawn, then how do I find out why this client is being targeted?  How can I find that smoking gun email.  MXL at one point mentioned ISP reports.  I'm not entirely clear on what an ISP report is nor how it's used.

The client doesn't send mail for their local LAN.  However I checked the IPs on their local LAN and none of those are listed on blacklists either.

Can a company name be blacklisted in someway?  I'm looking for similarities.  All domains are hosted by Network Solutions under the same account.  

Even though their SPF is clearly set, is it possible someone else is sending out spam as them?  Would this spammer need their current sender domain to affect them in this way?

I specifically asked the client not to tell anyone they had changed their outbound domain.  I was very clear on this so I doubt they told anyone of the change, although email savvy user might have noticed on their own.

I am looking for ideas.  Particularly ideas on how to get my hands on one of these offending email messages.  MXL claims they don't keep them.

Sorry for the long windedness.  This has been an on going battle since January.
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

The fact that moving hosting providers doesn't resolve the problem sounds to me that the problem lies more in what is being sent, rather then from where it is being sent.

If the recipients are marking the emails as spam, then is the company sending the emails following best practises in as much as allowing an unsubscribe option in the emails?

An alternative to sending emails out via their own servers is to send out via a 3rd party mailing solution such as mailchimp, then if the senders flag the emails as spam, it shouldn't affect their regular mails sent out that aren't marketing emails.

If you want some actual eyes on the potential problems, please have them send a test email to testmail @ sohomail.co.uk and let me know when one has been send so I can look out for it.

Thanks

Alan
You have ruled out originating IP and domain name so I would be temped to rule out you being blacklisted.  So sounds like content.  Send an email to stest at elcocorp.com and I will take a look also
Avatar of tw525

ASKER

I appreciate the offers to send test messages.  I very well may take you up.  However we noticed something on this most recent go around.  Things were running fine and then all the sudden three a chain of messages got stuck in quarantine.  The first message in that chain had a www link to the previous domain name.  Everyone after that responded to the message and had that link it.

I believe it was that link that got the message caught in the spam.  I will investigate and update you all.
No problems - here as and when you are ready.

Alan
Seems like you've been through a bunch with this and I can sympathise. We got blacklisted once and talking to the powers to be, it feels like a convicted bank robber asking a bank about their safe. Good luck...


I have had problems where emails were being rejected or marked as spam because the reverse lookup on the domain name did not match the sending domain name's IP address.
Just a thought...
Avatar of tw525

ASKER

Sodea,

Good thought on the rDNS.  Since the client uses Intermedia and O365 before that.  Wouldn't rDNS not be setup on their side, with their ISP?
rDNS is down to the provider and as you are hosted - this is something they will have setup (unless they are completely crap) and O365 isn't going to have that problem, so I wouldn't expect that to be the problem at all.
We used in hose software (ActiveCampaign) and never used O365 or Intemedia so you would have to look into how they set that up.
You mention changing domain names but said that they were all with the same provider, did you change your IP address with each domain change?

Even if you have everything completely correct from a technical standpoint, the mass email game is always a delicate balance on the line and a poorly constructed email will kill you as easy as any technical problem. You may want to see if you can get a sample of some of the emails being sent. See if you can find, or get a look at the settings or 'filter' settings in some of the major spam filtering software and compare with the emails.
ASKER CERTIFIED SOLUTION
Avatar of tw525
tw525
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of tw525

ASKER

At the end of the day we never found a smoking gun for this issue.  We simply found a solution/work around.  I would still love to hear options if anyone ever finds a way to evaluate why a legit organization is targetted as spam.  Feels like my client was tried and convicted without ever seeing an ounce of evidense.  Not that we would argue it, but if we could see what was being marked as spam, see the header and originating IPs we could better understand why they domain name was tarnished.

To this day if you even include one of their previous two domain names in your signature or the body of the message, it's tagged as spam.  I've never seen anything like it before.  Would appreciate finding that smoking gun for my own personal knowledge should anyone read this and have some helpful suggestions.