Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
456 Views 1 Reply Latest reply: Nov 20, 2013 10:55 AM by Brad McGarr RSS
infowan Newcomer 1 posts since
Nov 19, 2013
Currently Being Moderated

Nov 19, 2013 1:46 PM

Not getting a response from false positives inquiry

Hello,

 

We have sent email to saas_falsepositives@mcafeesubmissions.com, but we are not getting a response. A redacted version of our email appears below. We are quite anxoius to get this rectified as our customers businesses are being impacted.

 

We have already viewed the self help artocles on your site (such as https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=&aid=155) We take the deliverability of our mail very seriously and we. We also take our IP reputation maintenence seriously. If there is anything we need to do to get delisted on your service please advise.

 

Thanks

 

 

Hello,

 

 

We are a Toronto, Ontario, Canada hosting and email provider. We recently started receiving customer complaints over bounced email messages. The common denominator in all of the bounces is a 554 Denied error from a mxlogic.net server.

 

 

According to your http://trustedsource.org/ website tool our IP address (67.213.69.80) has a good reputation/minimal risk:

 

 

http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=67.213.69.80

 

 

We are not on any other blacklists.

 

 

We take our IP reputation very seriously and have never tolerated UCE or spam of any kind. We don't allow customers to send bulk email. We work with them, where there is a need, on using services such as MailChimp or Constant Contact.

 

 

An example of one of the bounce messages is included below. It also shows the entire email content. I have also included the transaction log from our mail server for this piece of mail.

 

 

Can you please tell us why our customers emails are being blocked? This started about a week ago. We are getting dozens of these complaints daily.

 

 

Thanks,

 

 

 

 

Bounce Message and email content

 

 

-----Original Message-----

From: System Administrator [mailto:System Administrator]

Sent: Thursday, November 07, 2013 2:08 PM

To: xxxxxxxxxxxxxxxxxxx

Subject: Delivery Failure

 

 

 

 

Could not deliver message to the following recipient(s):

 

 

Failed Recipient: xxxxxxxxxxx

Reason: Remote host said: 554 Denied [CS]

[803fb725.0.5380132.00-2030.8103616.p02c12m005.mxlogic.net] (Mode: normal)

 

 

 

 

   -- The header and top 20 lines of the message follows --

 

 

Received: by mail.infologistix.net via HTTP;

    Thu, 7 Nov 2013 15:07:13 -0500

From: "xxxxxxxx" <xxxxxxxxxxxxx>

To: <xxxxxxxxx>

Subject: Testing

Date: Thu, 7 Nov 2013 15:07:13 -0500

Reply-To: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Message-ID: <1c115da0$34c7830e$4707b6a1$@xxxxxxxxxxxxxxxxxxxx.ca>

MIME-Version: 1.0

Content-Type: multipart/alternative;

    boundary="----=_NextPart_000_0001_610E82DF.618A97C2"

X-Originating-IP: [99.240.186.66]

 

 

This is a multipart message in MIME format.

 

 

------=_NextPart_000_0001_610E82DF.618A97C2

Content-Type: text/plain;

    charset="us-ascii"

Content-Transfer-Encoding: 7bit

 

 

Email content removed

 

 

Server log excerpt

 

 

 

 

------=_NextPart_000_0001_610E82DF.618A97C2

Content-Type: text/html;

 

 

15:07:15 [83065] Delivery started for xxxxxxxxxxxx at 3:07:15 PM

15:07:30 [83065] Skipping spam checks: No local recipients

15:07:33 [83065] Sending remote mail for xxxxxxxxxxx

15:07:33 [83065] Initiating connection to 208.65.145.3

15:07:33 [83065] Connecting to 208.65.145.3:25 (Id: 1)

15:07:33 [83065] Binding to local IP 67.213.69.80:0 (Id: 1)

15:07:33 [83065] Connection to 208.65.145.3:25 from 67.213.69.80:2577 succeeded (Id: 1)

15:07:33 [83065] RSP: 220 p02c12m005.mxlogic.net ESMTP mxl_mta-7.2.2-0 [2aed10f5c940.5380132.00-2030]; Thu, 07 Nov 2013 13:07:36 -0700 (MST); NO UCE, INBOUND

15:07:33 [83065] CMD: EHLO mail.infologistix.net

15:07:33 [83065] RSP: 250-p02c12m005.mxlogic.net

15:07:33 [83065] RSP: 250-SIZE 0

15:07:33 [83065] RSP: 250-STARTTLS

15:07:33 [83065] RSP: 250-SUBMITTER

15:07:33 [83065] RSP: 250-8BITMIME

15:07:33 [83065] RSP: 250 PIPELINING

15:07:33 [83065] CMD: MAIL FROM:<xxxxxxxxxxx> SIZE=1250

15:07:33 [83065] RSP: 250 Sender Ok

15:07:33 [83065] CMD: RCPT TO:<xxxxxxxxxx>

15:07:33 [83065] RSP: 250 xxxxxxxxxxx ok (RCPTMode: normal/deferred)

15:07:33 [83065] CMD: DATA

15:07:34 [83065] RSP: 354 Start mail input; end with <CRLF>.<CRLF>

15:07:34 [83065] RSP: 554 Denied [CS] [803fb725.0.5380132.00-2030.8103616.p02c12m005.mxlogic.net] (Mode: normal)

15:07:34 [83065] CMD: QUIT

15:07:34 [83065] RSP: 221 p02c12m005.mxlogic.net Service closing transmission channel [5380132.00]

15:07:34 [83065] Bounce email written to 947609883069.eml

15:07:34 [83065] Delivery for xxxxxxxxxxx to xxxxxxxxxx has completed (Bounced)

15:07:36 [83065] Delivery finished for xxxxxxxxxxxxxxx at 3:07:36 PM    [id:947609883065]

 

Message was edited by: infowan on 19/11/13 13:46:24 CST
  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012
    Currently Being Moderated
    1. Nov 20, 2013 10:55 AM (in response to infowan)
    Re: Not getting a response from false positives inquiry

    infowan,

     

    When did you submit the example to saas_falsepositives? It can take up to 24 hours to process a false-positives complaint, and not all submissions result in a reset or clearing of the score that is causing the message to score high. If our Messaging Security team is seeing an active threat or spam campaign with the criteria causing these messages to be blocked, Messaging Security will not be able to clear that score.

     

    I'm not able determine exactly what is causing your messages to be blocked, however I can tell you that they are receiving an extremely high spam score, at the Crtitical Spam Level, which is at or just below 100% probability spam. TrustedSource is only one small component of our filtering stack, there are many additional levels that are proprietary and not publicly searchable.

     

    My advice for any organization sending inbound to McAfee SaaS Customers that have not received a response from Messaging Security is to either email saas_falsepositives with a request for an update (this mailbox is reviewed by individuals on the Messaging Security team, and is not an automated hopper), or, have anyone of the recipient organizations open a service request with their support team for their account. If you go through the latter option, they will need an example message with the to/from/date information.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points