How to Get Off McAfee Siteadvisor Blacklist

Our site is listed by Siteadvisor in the "Malicious Downloads" category. We've checked the site with Google webmaster tools, and it was reported clean. Sucuri reports the McAfee blacklist. Quttera reports clean. We've manually checked web pages for code injection. A week ago, I requested a site review at http://www.siteadvisor.com/sites/. So far, it hasn't been de-listed (I don't know how long this normally takes).
MXToolbox had previously reported TRUNCATE blacklist, but now reports no blacklists. One point of interest is that it mentions there's no spf record, and the domain "May be an Open Relay". I've attached additional text at the bottom of this.

We do a monthly mass mailing to about 3,000 recipients, so it's possible we've been flagged as spammers. I wonder, though, if there's anything else going on. I didn't find an unusual volume of mail in our Exchange or McAfee SaaS reports. We've configured our Exchange server not to be used as a relay. Maybe our DNS config has a security hole. Not sure if I want to mess with spf records, though.

Any advice on what we should do next, apart from wait? Thanks.

From MXToolbox:
During our diagnostics we attempt to simulate sending a message to a fake email address; test@example.com. We do this to try to detect if your server is an open relay, which means that it accepts mail to domains for which it is not responsible and then passes it along to the proper server. Your server responded with a 200 accepted code to our RCPT TO command. THIS DOES NOT MEAN YOU ARE OPERATING AN OPEN RELAY, only that you may be an open relay.
LVL 2
rvfowler2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
You must close open relay mail server, especially check mail recipients and reject when recipient is not in your address list.
0
btanExec ConsultantCommented:
In fact, McAfee also advise on to check if a particular host is blacklisted by the McAfee Blacklist (RBL) service. It can be dependent on Spamhaus listing too. See https://kc.mcafee.com/corporate/index?page=content&id=KB53783

Likewise for SORBS (Spam and Open Relay Blocking System) provides free access to its DNS-based Block List (DNSBL). It has the list typically includes email servers suspected of sending or relaying spam, servers that have been hacked and hijacked, and those with Trojan infestations. See http://www.sorbs.net/delisting/overview.shtml

 can also check your relay on the TLS support with simulated cases e.g. Sender: Can you send secure email and any of unnecessary "open" Services: telnet to IMAP, IMAPS, POP, HTTP, etc. Sort of "giving" confidence we are that an email to the address would be sent securely
http://www.checktls.com/
Likewise can explore the TestService which basically does two things.
1- has a "template" for most Internet services that has the commands and arguments in the right order.
2- change the template and save your changes, so you can use it over and over without retyping.
It covers SMTP/SMTPS (email), and POP/POPS and IMAP/IMAPS (PC email).
http://www.checktls.com/perl/TestService.pl

Also maybe using the TrustedSource Query on http://www.trustedsource.org/ - when entering the IP into the query the result states that some of the "neighboring IP addresses" are considered High risk or Unverified.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.