Showing results for 
Search instead for 
Did you mean: 
Level 7

Not getting a response from false positives inquiry


We have sent email to, but we are not getting a response. A redacted version of our email appears below. We are quite anxoius to get this rectified as our customers businesses are being impacted.

We have already viewed the self help artocles on your site (such as We take the deliverability of our mail very seriously and we. We also take our IP reputation maintenence seriously. If there is anything we need to do to get delisted on your service please advise.



We are a Toronto, Ontario, Canada hosting and email provider. We recently started receiving customer complaints over bounced email messages. The common denominator in all of the bounces is a 554 Denied error from a server.

According to your website tool our IP address ( has a good reputation/minimal risk:

We are not on any other blacklists.

We take our IP reputation very seriously and have never tolerated UCE or spam of any kind. We don't allow customers to send bulk email. We work with them, where there is a need, on using services such as MailChimp or Constant Contact.

An example of one of the bounce messages is included below. It also shows the entire email content. I have also included the transaction log from our mail server for this piece of mail.

Can you please tell us why our customers emails are being blocked? This started about a week ago. We are getting dozens of these complaints daily.


Bounce Message and email content

-----Original Message-----

From: System Administrator [mailtoSmiley Frustratedystem Administrator]

Sent: Thursday, November 07, 2013 2:08 PM

To: xxxxxxxxxxxxxxxxxxx

Subject: Delivery Failure

Could not deliver message to the following recipient(s):

Failed Recipient: xxxxxxxxxxx

Reason: Remote host said: 554 Denied [CS]

[] (Mode: normal)

   -- The header and top 20 lines of the message follows --

Received: by via HTTP;

    Thu, 7 Nov 2013 15:07:13 -0500

From: "xxxxxxxx" <xxxxxxxxxxxxx>

To: <xxxxxxxxx>

Subject: Testing

Date: Thu, 7 Nov 2013 15:07:13 -0500

Reply-To: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Message-ID: <1c115da0$34c7830e$4707b6a1$>

MIME-Version: 1.0

Content-Type: multipart/alternative;


X-Originating-IP: []

This is a multipart message in MIME format.


Content-Type: text/plain;


Content-Transfer-Encoding: 7bit

Email content removed

Server log excerpt


Content-Type: text/html;

15:07:15 [83065] Delivery started for xxxxxxxxxxxx at 3:07:15 PM

15:07:30 [83065] Skipping spam checks: No local recipients

15:07:33 [83065] Sending remote mail for xxxxxxxxxxx

15:07:33 [83065] Initiating connection to

15:07:33 [83065] Connecting to (Id: 1)

15:07:33 [83065] Binding to local IP (Id: 1)

15:07:33 [83065] Connection to from succeeded (Id: 1)

15:07:33 [83065] RSP: 220 ESMTP mxl_mta-7.2.2-0 [2aed10f5c940.5380132.00-2030]; Thu, 07 Nov 2013 13:07:36 -0700 (MST); NO UCE, INBOUND

15:07:33 [83065] CMD: EHLO

15:07:33 [83065] RSP:

15:07:33 [83065] RSP: 250-SIZE 0

15:07:33 [83065] RSP: 250-STARTTLS

15:07:33 [83065] RSP: 250-SUBMITTER

15:07:33 [83065] RSP: 250-8BITMIME

15:07:33 [83065] RSP: 250 PIPELINING

15:07:33 [83065] CMD: MAIL FROM:<xxxxxxxxxxx> SIZE=1250

15:07:33 [83065] RSP: 250 Sender Ok

15:07:33 [83065] CMD: RCPT TO:<xxxxxxxxxx>

15:07:33 [83065] RSP: 250 xxxxxxxxxxx ok (RCPTMode: normal/deferred)

15:07:33 [83065] CMD: DATA

15:07:34 [83065] RSP: 354 Start mail input; end with <CRLF>.<CRLF>

15:07:34 [83065] RSP: 554 Denied [CS] [] (Mode: normal)

15:07:34 [83065] CMD: QUIT

15:07:34 [83065] RSP: 221 Service closing transmission channel [5380132.00]

15:07:34 [83065] Bounce email written to 947609883069.eml

15:07:34 [83065] Delivery for xxxxxxxxxxx to xxxxxxxxxx has completed (Bounced)

15:07:36 [83065] Delivery finished for xxxxxxxxxxxxxxx at 3:07:36 PM    [id:947609883065]

Message was edited by: infowan on 19/11/13 13:46:24 CST
0 Kudos
1 Reply
Level 12

Re: Not getting a response from false positives inquiry


When did you submit the example to saas_falsepositives? It can take up to 24 hours to process a false-positives complaint, and not all submissions result in a reset or clearing of the score that is causing the message to score high. If our Messaging Security team is seeing an active threat or spam campaign with the criteria causing these messages to be blocked, Messaging Security will not be able to clear that score.

I'm not able determine exactly what is causing your messages to be blocked, however I can tell you that they are receiving an extremely high spam score, at the Crtitical Spam Level, which is at or just below 100% probability spam. TrustedSource is only one small component of our filtering stack, there are many additional levels that are proprietary and not publicly searchable.

My advice for any organization sending inbound to McAfee SaaS Customers that have not received a response from Messaging Security is to either email saas_falsepositives with a request for an update (this mailbox is reviewed by individuals on the Messaging Security team, and is not an automated hopper), or, have anyone of the recipient organizations open a service request with their support team for their account. If you go through the latter option, they will need an example message with the to/from/date information.

0 Kudos