Our site is listed by Siteadvisor in the "Malicious Downloads" category. We've checked the site with Google webmaster tools, and it was reported clean. Sucuri reports the McAfee blacklist. Quttera reports clean. We've manually checked web pages for code injection. A week ago, I requested a site review at http://www.siteadvisor.com/sites/
. So far, it hasn't been de-listed (I don't know how long this normally takes).
MXToolbox had previously reported TRUNCATE blacklist, but now reports no blacklists. One point of interest is that it mentions there's no spf record, and the domain "May be an Open Relay". I've attached additional text at the bottom of this.
We do a monthly mass mailing to about 3,000 recipients, so it's possible we've been flagged as spammers. I wonder, though, if there's anything else going on. I didn't find an unusual volume of mail in our Exchange or McAfee SaaS reports. We've configured our Exchange server not to be used as a relay. Maybe our DNS config has a security hole. Not sure if I want to mess with spf records, though.
Any advice on what we should do next, apart from wait? Thanks.
During our diagnostics we attempt to simulate sending a message to a fake email address; firstname.lastname@example.org. We do this to try to detect if your server is an open relay, which means that it accepts mail to domains for which it is not responsible and then passes it along to the proper server. Your server responded with a 200 accepted code to our RCPT TO command. THIS DOES NOT MEAN YOU ARE OPERATING AN OPEN RELAY, only that you may be an open relay.