Email Getting Rejected But Not Blacklisted
A lot of our outgoing mail is getting rejected by recipient servers. I originally thought we were blacklisted but checking with all of the lists, it doesn't look like we are. We have virus checking on our spam filter and it is not seeing anything.
We are using Exchange 2007 and a Barracuda Spam & Virus Firewall.
Some of the return errors:
This message has been rejected due to content judged to be spam by the internet community??IB212 <http://x.co/crbounce>
554 Email rejected due to security policies - http://kb.mimecast.com/Mimecast_Knowledge_Base/Administration_Console/Monitoring/Mimecast_SMTP_Error_Codes#554
said: 554 Denied
Thank you for any help you can provide.
We are using Exchange 2007 and a Barracuda Spam & Virus Firewall.
Some of the return errors:
This message has been rejected due to content judged to be spam by the internet community??IB212 <http://x.co/crbounce>
554 Email rejected due to security policies - http://kb.mimecast.com/Mimecast_Knowledge_Base/Administration_Console/Monitoring/Mimecast_SMTP_Error_Codes#554
said: 554 Denied
Thank you for any help you can provide.
Test your connecting IP for all the outbound email traffic - http://mxtoolbox.com/blacklists.aspx
ASKER
Yes, we are scanning outgoing email through the spam filter.
I just checked all of the destination IPs and they appear to be clean.
Our spam filter is on-premise.
I just checked all of the destination IPs and they appear to be clean.
Our spam filter is on-premise.
ASKER
I checked with Mxtoolbox and I get all green checkmarks all the way down.
have you tried sending email from your corp account to hotmail and see if it gets delivered?
or this is a specific recipient domain who is complianing?
Do you have a actual NDR and message header info?
or this is a specific recipient domain who is complianing?
Do you have a actual NDR and message header info?
ASKER
Not all emails are getting blocked, only to a handful of domains. GoDaddy (secureserver) is one of them, I tried to whitelist with them and they say we are not currently blocked.
I do have several NDR messages. Here is one:
#< #5.0.0 X-Spam-&-Virus-Firewall; host presmtp.ex2.secureserver.n
Let me know if that is what you are talking about.
I do have several NDR messages. Here is one:
#< #5.0.0 X-Spam-&-Virus-Firewall; host presmtp.ex2.secureserver.n
Let me know if that is what you are talking about.
ASKER
Here is another:
#< #5.0.0 X-Spam-&-Virus-Firewall; host service109-us.mimecast.com
#< #5.0.0 X-Spam-&-Virus-Firewall; host service109-us.mimecast.com
552 This message has been rejected due to content judged to be spam by the Internet community.
The email message contains a link, attachment, or pattern caught by our filters as spam. Please include an option to opt out in your email messages. Then check your sending lists to ensure you are only sending to recipients who have selected to opt in to receiving your mail. If you feel this message has been flagged as spam erroneously, please be sure to obtain a copy of the original message attempting to be sent, and then contact support.
Source - https://support.godaddy.com/help/article/3568/dealing-with-email-bouncebacks
Are there any kind of special attachment or url in the bounced messages? Are all messages to godaddy failing?
The email message contains a link, attachment, or pattern caught by our filters as spam. Please include an option to opt out in your email messages. Then check your sending lists to ensure you are only sending to recipients who have selected to opt in to receiving your mail. If you feel this message has been flagged as spam erroneously, please be sure to obtain a copy of the original message attempting to be sent, and then contact support.
Source - https://support.godaddy.com/help/article/3568/dealing-with-email-bouncebacks
Are there any kind of special attachment or url in the bounced messages? Are all messages to godaddy failing?
Do you have correctly specified reverse DNS and SPF records?
ASKER
There are no special attachments or URLs. One of the emails had a basic 1 page PDF.
Another thing... it's not just limited to the recipient. If the sender (my co-worker) forwards the email to me, I can forward the email to the recipient without issue.
We have about 5 senders in the office today that just started having issues. Everyone else seems to be fine.
Another thing... it's not just limited to the recipient. If the sender (my co-worker) forwards the email to me, I can forward the email to the recipient without issue.
We have about 5 senders in the office today that just started having issues. Everyone else seems to be fine.
ASKER
Looks like Reverse DNS is correct, but maybe an issue with SPF?
spf:
Test Result
X SPF No Records No SPF records found More Info
OK SPF Record Deprecated There are no records of type SPF
OK SPF Invalid Syntax The SPF record is valid
OK SPF Multiple Records Less than two SPF records found
spf:
Test Result
X SPF No Records No SPF records found More Info
OK SPF Record Deprecated There are no records of type SPF
OK SPF Invalid Syntax The SPF record is valid
OK SPF Multiple Records Less than two SPF records found
Add your connecting IP for outbound email traffic in your SPF and that should make a difference or resolve this issue.
ASKER
I'm not exactly sure how to do that. It's the IT director (my boss) that handles the web hosting and he's not in the office.
Is that in the web host settings?
Is that in the web host settings?
Its a text file that sits in the dns if your dns his hosted then you will login into the portal and modify the text file.
Here is a url provided by microsoft on SPF record creation - http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Here is a url provided by microsoft on SPF record creation - http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
So this is not the cause of your issues. Focus on other things and you may take care of this later.
It looks that you don't have configured SPF records.
While it is good to have SFP records, it is better not to have them than have them mis-configured. They are saying from which servers can be sent mails with your domain. It is used to protect your domain from mail spoofing.
It looks that you don't have configured SPF records.
While it is good to have SFP records, it is better not to have them than have them mis-configured. They are saying from which servers can be sent mails with your domain. It is used to protect your domain from mail spoofing.
Were the problematic mails send to multiple recipients?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Some of the bouncebacks came from an email with many recipients while others came from emails with just one recipient.
I am having them try sending without their signature. (Our signature has several links embedded).
I am having them try sending without their signature. (Our signature has several links embedded).
ASKER
Joe - I think you solved it! If we remove their signature, the email goes through fine. So I started deleting parts of the signature one at a time to see when it would actually send.
***There was a small Google+ icon with an embedded bit.ly link. As soon as I deleted that, the email gets delivered every time.
***There was a small Google+ icon with an embedded bit.ly link. As soon as I deleted that, the email gets delivered every time.
Have you checked on your connecting IP's to see if they are listed on any RBL's or something?
Do you have a on-prem antivirus/antispam or is it hosted solution?