Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
597 Views 5 Replies Latest reply: Sep 20, 2013 5:41 PM by Brad McGarr RSS
manning Newcomer 28 posts since
Jan 10, 2008
Currently Being Moderated

Sep 12, 2013 3:32 PM

Another sender getting NDRs with 554 Denied error

We recently (1 month ago) moved our domain from one IP subnet to another from a different ISP. More or less all went smoothly, except now we can't send to recipients behind McAfee Saas security. I reported this to Saas_falsepositives@mcafeesubmissions.com and was told it had been resolved, but it doesn't appear to be the case. And when I lookup our domain using the TrustedSource site it shows the correct IP for our MX record, but on the Associated IP Addresses tab it also shows an old IP we haven't used in ages listed for our MX A record.

 

So my question - where is this information being pulled from, and how long before stale records are flushed? DNS all appears to be correct, so I can't imagine reverse lookup is the issue, and we aren't on any RBLs. Does SaaS pull data from (now stale) ARIN entries?

 

thank you

  • Brad McGarr McAfee Employee 155 posts since
    Dec 4, 2012
    Currently Being Moderated
    1. Sep 20, 2013 10:50 AM (in response to manning)
    Re: Another sender getting NDRs with 554 Denied error

    Manning,

     

    The 554 Denied error indicates the message scored high for spam based on one or more criteria, including but not limited to IP Reputation and/or Content matching spam fingerprints. This information is pulled from various sources, including propreitary filtering algorithms, information shared in data-sharing networks with ISP partners. There are multiple datapoints that can be causing an issue, and a reset of a spam score does not indicate any permanence as it can re-appear.

     

    McAfee also does block connections from dynamic IPs, or IPs listed as dynamic by the ISP. Each message that is blocked or quarantined must be researched independently because they may or may not be triggering the same rule on the filter, so forwarding the NDR to saas_falsepositives@mcafeesubmissions.com is the best option. Beyond that, any indended recipient's administrator can contact their SaaS support team to open a service request.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information
  • Brad McGarr McAfee Employee 155 posts since
    Dec 4, 2012
    Currently Being Moderated
    3. Sep 20, 2013 4:29 PM (in response to manning)
    Re: Another sender getting NDRs with 554 Denied error

    Manning,

     

    Just to clarify, the SaaS product does not work in the same manner as traditional DNS Blacklists. The Product is looking for a combination of many items, ranging from IP Reputation and Content, to whether or not the IP is dynamic. The last item, dynamic IPs, are prevented from even connecting, where as Content (and an IP address can be identified as the unique content in a message header) is the most common trigger, followed by IP reputation. This is how a message may be blocked on McAfee for an IP but the IP not be blacklisted anywhere else.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information
  • frankm Apprentice 62 posts since
    Jan 10, 2013

    What would be nice to see, is a flow chart on how McAfee processes email.

  • Brad McGarr McAfee Employee 155 posts since
    Dec 4, 2012
    Currently Being Moderated
    5. Sep 20, 2013 5:41 PM (in response to frankm)
    Re: Another sender getting NDRs with 554 Denied error

    Frank,

     

    A graphical decription would not detail the levels of filtering and the filtering order, both because the detailed information is confidential and proprietary, but also because the order of the stack may be changed at any time during development process.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points