1 Reply Latest reply: Nov 20, 2013 10:55 AM by Brad McGarr RSS

    Not getting a response from false positives inquiry




      We have sent email to saas_falsepositives@mcafeesubmissions.com, but we are not getting a response. A redacted version of our email appears below. We are quite anxoius to get this rectified as our customers businesses are being impacted.


      We have already viewed the self help artocles on your site (such as https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=&aid=155) We take the deliverability of our mail very seriously and we. We also take our IP reputation maintenence seriously. If there is anything we need to do to get delisted on your service please advise.








      We are a Toronto, Ontario, Canada hosting and email provider. We recently started receiving customer complaints over bounced email messages. The common denominator in all of the bounces is a 554 Denied error from a mxlogic.net server.



      According to your http://trustedsource.org/ website tool our IP address ( has a good reputation/minimal risk:






      We are not on any other blacklists.



      We take our IP reputation very seriously and have never tolerated UCE or spam of any kind. We don't allow customers to send bulk email. We work with them, where there is a need, on using services such as MailChimp or Constant Contact.



      An example of one of the bounce messages is included below. It also shows the entire email content. I have also included the transaction log from our mail server for this piece of mail.



      Can you please tell us why our customers emails are being blocked? This started about a week ago. We are getting dozens of these complaints daily.








      Bounce Message and email content



      -----Original Message-----

      From: System Administrator [mailto:System Administrator]

      Sent: Thursday, November 07, 2013 2:08 PM

      To: xxxxxxxxxxxxxxxxxxx

      Subject: Delivery Failure





      Could not deliver message to the following recipient(s):



      Failed Recipient: xxxxxxxxxxx

      Reason: Remote host said: 554 Denied [CS]

      [803fb725.0.5380132.00-2030.8103616.p02c12m005.mxlogic.net] (Mode: normal)





         -- The header and top 20 lines of the message follows --



      Received: by mail.infologistix.net via HTTP;

          Thu, 7 Nov 2013 15:07:13 -0500

      From: "xxxxxxxx" <xxxxxxxxxxxxx>

      To: <xxxxxxxxx>

      Subject: Testing

      Date: Thu, 7 Nov 2013 15:07:13 -0500

      Reply-To: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

      Message-ID: <1c115da0$34c7830e$4707b6a1$@xxxxxxxxxxxxxxxxxxxx.ca>

      MIME-Version: 1.0

      Content-Type: multipart/alternative;


      X-Originating-IP: []



      This is a multipart message in MIME format.




      Content-Type: text/plain;


      Content-Transfer-Encoding: 7bit



      Email content removed



      Server log excerpt






      Content-Type: text/html;



      15:07:15 [83065] Delivery started for xxxxxxxxxxxx at 3:07:15 PM

      15:07:30 [83065] Skipping spam checks: No local recipients

      15:07:33 [83065] Sending remote mail for xxxxxxxxxxx

      15:07:33 [83065] Initiating connection to

      15:07:33 [83065] Connecting to (Id: 1)

      15:07:33 [83065] Binding to local IP (Id: 1)

      15:07:33 [83065] Connection to from succeeded (Id: 1)

      15:07:33 [83065] RSP: 220 p02c12m005.mxlogic.net ESMTP mxl_mta-7.2.2-0 [2aed10f5c940.5380132.00-2030]; Thu, 07 Nov 2013 13:07:36 -0700 (MST); NO UCE, INBOUND

      15:07:33 [83065] CMD: EHLO mail.infologistix.net

      15:07:33 [83065] RSP: 250-p02c12m005.mxlogic.net

      15:07:33 [83065] RSP: 250-SIZE 0

      15:07:33 [83065] RSP: 250-STARTTLS

      15:07:33 [83065] RSP: 250-SUBMITTER

      15:07:33 [83065] RSP: 250-8BITMIME

      15:07:33 [83065] RSP: 250 PIPELINING

      15:07:33 [83065] CMD: MAIL FROM:<xxxxxxxxxxx> SIZE=1250

      15:07:33 [83065] RSP: 250 Sender Ok

      15:07:33 [83065] CMD: RCPT TO:<xxxxxxxxxx>

      15:07:33 [83065] RSP: 250 xxxxxxxxxxx ok (RCPTMode: normal/deferred)

      15:07:33 [83065] CMD: DATA

      15:07:34 [83065] RSP: 354 Start mail input; end with <CRLF>.<CRLF>

      15:07:34 [83065] RSP: 554 Denied [CS] [803fb725.0.5380132.00-2030.8103616.p02c12m005.mxlogic.net] (Mode: normal)

      15:07:34 [83065] CMD: QUIT

      15:07:34 [83065] RSP: 221 p02c12m005.mxlogic.net Service closing transmission channel [5380132.00]

      15:07:34 [83065] Bounce email written to 947609883069.eml

      15:07:34 [83065] Delivery for xxxxxxxxxxx to xxxxxxxxxx has completed (Bounced)

      15:07:36 [83065] Delivery finished for xxxxxxxxxxxxxxx at 3:07:36 PM    [id:947609883065]


      Message was edited by: infowan on 19/11/13 13:46:24 CST
        • 1. Re: Not getting a response from false positives inquiry
          Brad McGarr



          When did you submit the example to saas_falsepositives? It can take up to 24 hours to process a false-positives complaint, and not all submissions result in a reset or clearing of the score that is causing the message to score high. If our Messaging Security team is seeing an active threat or spam campaign with the criteria causing these messages to be blocked, Messaging Security will not be able to clear that score.


          I'm not able determine exactly what is causing your messages to be blocked, however I can tell you that they are receiving an extremely high spam score, at the Crtitical Spam Level, which is at or just below 100% probability spam. TrustedSource is only one small component of our filtering stack, there are many additional levels that are proprietary and not publicly searchable.


          My advice for any organization sending inbound to McAfee SaaS Customers that have not received a response from Messaging Security is to either email saas_falsepositives with a request for an update (this mailbox is reviewed by individuals on the Messaging Security team, and is not an automated hopper), or, have anyone of the recipient organizations open a service request with their support team for their account. If you go through the latter option, they will need an example message with the to/from/date information.