I am not a happy bunny. Last year, while trying to buy a house, Symantec's MessageLabs decided to block my Estate Agent and my bank from receiving any emails from my personal domain. In the middle of a rather stressful house purchase, I had to swap my email addresses and convince the parties involved to all to use the new one.
This year, they're blocking me from contacting media organisations, potential clients, and the Houses of Parliament. What on Earth is going on?
Rather than run my own mailservers, I use Google Apps for business. I'm grandfathered in to their old, free plan.
Most of the time, my email goes through. Every so often - usually when I want to email a large company - I get the following NDR
Delivery to the following recipient failed permanently:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the
recipient domain example.com by cluster8.us.messagelabs.com. [184.108.40.206].
The error that the other server returned was:
553-Message filtered. Please see the FAQs section on spam
553-at http://www.messagelabs.com/support/ for more
553 information. (#5.7.1)
----- Original message -----
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
(Some details obfuscated).
I've tried contacting Symantec - but they refuse to help because I'm not their customer. They're very polite, but as I don't pay for their services, I'm stuck.
Unfortunately I cannot seem to locate your account on our systems. Please could you provide us with your MessageLabs account number or your account name so that we can raise a support ticket for you and address your query? If not, we have only support available for clients here.
Support Centre Administrator
I pointed out that I wasn't a customer but that my domain was being blocked by several companies which use their product.
Our best advice at this point would be to refer you back to example.com so that they may investigate and then liaise with Smyantec.cloud where appropriate to log a case with us to have further investigation.
We apologize for any inconvenience caused and feel that this is the best route for resolution.
So, no luck there.
The URL that they give in their bounce message doesn't actually provide any help. I eventually found this FAQ about Symantec's blocking.
Here are their suggestions - none of which apply to me!
I. Check if your sending IP is on any spam lists, search for “spam database lookup”. You are looking for any 3rd party lists that may have received spam from your mail server. If your IP address is on any of these block lists, please make a removal request as soon as possible, once removed please retry sending your mail.
Well, Google manages the IP address - so I suspect I share it with millions of others. Symantec don't actually provide a way to make a removal request.
II. Ensure your mail server is not open relay, search for “Email Open Relay Tester” and choose from any number of testers.
Again, I don't manager the mail server - but all the tests I've run indicate it's fine.
III. If your internet line is provided by DSL or Cable that shares IP’s with residential users, please ensure your mail server sends to your ISP’s smart host instead of direct to the internet. This reduces the potential of your email being detected in error as coming from a Trojan infected home user machine.
A fair suggestion - but this happens whether I send from home, work, or mobile. All on different IPs from different ISPs.
IV. Ensure the email you are sending does not contain any spam content (i.e. forwarded spam or ‘spamvertised’ URL’s).
Nope. I've tried with attachments, without attachments, replying to the original mails I'd been sent, creating new emails, plain text, HTML, no links. Rejected every time.
V. Ensure your mail server is configured correctly.
VI. Ensure you have no virus infected machines on your network that are being used to send spam through your mail server.
I run a pretty tight ship here 🙂
VII. Ensure you have no exploitable web scripts on your web servers that could be abused to send spam.
My domain - shkspr.mobi - doesn't appear to be infected with anything nasty.
VIII. Make sure any ‘opt-in’ newsletters contain an ‘opt-out’ link.
I'm not popular enough to send a newsletter 🙂
I've tried getting in contact with the IT departments where my mail is being blocked - but that's not always possible.
I'm trying to get hold of someone in Symantec to see if they can explain how or why my email address has ended up on their spam lists.
If any of you dear readers can shed any light on the matter - please let me know!
Ian from MessageLabs got in contact with me. I sent him some sample mails to see if they could shed any light on it.
As mentioned in the comments, I changed my SPF records for my domain name. That didn't resolve the issue.
I then added Google's DKIM information to my DNS. That did solve the problem. Now all my mail goes through correctly.
Remember, if you're using CloudFlare, you'll need to change the details with them - not your normal hosting provider!
In chatting with MessageLabs they've agreed that they need to make their rejection messages clearer so that users can understand why they've been blocked and how to resolve the issue.