The 554 Denied error indicates the message scored high for spam based on one or more criteria, including but not limited to IP Reputation and/or Content matching spam fingerprints. This information is pulled from various sources, including propreitary filtering algorithms, information shared in data-sharing networks with ISP partners. There are multiple datapoints that can be causing an issue, and a reset of a spam score does not indicate any permanence as it can re-appear.
McAfee also does block connections from dynamic IPs, or IPs listed as dynamic by the ISP. Each message that is blocked or quarantined must be researched independently because they may or may not be triggering the same rule on the filter, so forwarding the NDR to firstname.lastname@example.org is the best option. Beyond that, any indended recipient's administrator can contact their SaaS support team to open a service request.
I submitted another false positive email and got the following repsonse:
Thank you for contacting McAfee Messaging Security.
We have adjusted the filters to allow messages to be delivered normally.
The relevant spam fingerprint was for the IP -**.**.**.**.
So moving our domain to a new subnet was the issue as suspected. Our assigned subnet is static, though perhaps viewed as dynamic? I know we had some lag with other recipients due to rdns mismatch, but those cleared up when stale records flushed. Neither IP nor FQDN are in any blocklists
In any event mail is flowing to recipients who use SaaS now.
Just to clarify, the SaaS product does not work in the same manner as traditional DNS Blacklists. The Product is looking for a combination of many items, ranging from IP Reputation and Content, to whether or not the IP is dynamic. The last item, dynamic IPs, are prevented from even connecting, where as Content (and an IP address can be identified as the unique content in a message header) is the most common trigger, followed by IP reputation. This is how a message may be blocked on McAfee for an IP but the IP not be blacklisted anywhere else.