Symantec Reputation Blocking IP

[bluerayconcepts]

So last week I started getting a couple complaints from customers about not being able to send to some people. THe bounce messages they were getting had no info in them about what was going on, only SMTP error. Nothing that we normally see when blocked or unknown user etc. So I ran through the standard RBL checks and nothing.. all clean.
So Monday I had another customer send me a bounce message that actually showed a good bounce message:
> SMTP error from remote mail server after RCPT TO:<[email protected]>:
> host mx.usa.net [165.212.65.113]: 550 Mail from xx.xx.xx.xx
>refused. Please refer to IP Reputation Investigation for an
>explanation.

So i proceeded to follow their instructions as it turns out the issue from the week before was also because of Symantec. 3 days later I am still blocked with Symantec with no idea of why. I have now put in the removal request twice. Turns out that now I have users that cannot send to outlook.com, hotmail or MSN. So I went through their process and joined their SNDS and see that the IP Status for hotmail is showing we are block by Symantec so all my problems are revolving around the Symantec Block.

I have gone through my logs and have found no mass mailing done by our customers. I do not allow mailing lists on the server. Of course they never give you a specific reason why you were block so at this point it could be anything.

I am currently at a loss as to what to look for. Any help would be appreciated.

 

[24x7server]

Hello,

Due to suspicious activity your server IP is blacklisted in Symantec, I will suggest you enable DKIM and SPF for your domain and setup the RDNS for your server. Here are the good DOC of How to: Prevent Email Abuse

 

[cPanelMichael]

Hello

It's difficult to guess the specific reason you were added to that blacklist because it's not something listed publicly. Ensure you have RDNS configured for the IP address you are using to send emails, and that SPF/DKIM records are configured for your domain names.

Thank you.

 

[bluerayconcepts]

Yeah RDNS has been setup since the server was spun up. I started going through all the accounts and checking DKIM and SPF last night and finished them up this morning. There were a lot not enabled, some spf were wrong. Which is weird because I have DKIM and SPF enable on WHM so I would have thought it would have created them on account creation. I also noticed that on accounts that were created on other servers with spf and then migrated to this server, the SPF record was not updated.

But they are all fixed now. So is it just a wait and see game now? This is the first time I have had to deal with Brightmail/Symantec, normally any other block I have had to deal with was due to a specific email and they were always pretty quick to respond or take care of it.

 

[bluerayconcepts]

Looks like we have been removed from Brightmail Block. Still not sure what caused it, and I doubt that the DKIM and SPF record changes I made within the last hour would have caused it be removed that fast. Would it?

 

[cPanelMichael]

Looks like we have been removed from Brightmail Block. Still not sure what caused it, and I doubt that the DKIM and SPF record changes I made within the last hour would have caused it be removed that fast. Would it?

It's possible, but it's difficult to say without knowing the type of system they use to lower a server's reputation. You may want to contact their support team directly to see if they can provide you any additional information.

Thank you.

 

[bluerayconcepts]

looks like we are still blocked at hotmail though. aggrevating

 

[ThinIce]

looks like we are still blocked at hotmail though. aggrevating

It certainly used to be the case that blocks at hotmail marked to expire were removed once every 24 hours, think if memory served it used to hit around 15.00 GMT

If you haven't identified the spam send that caused the problem in the first place, it might be worth joining the ms jmr feedback loop (which in my experience they sometimes will make you join before they'll remove a block)

 

[bluerayconcepts]

Yeah I joined all their stuff 2 days back. Actually not to bad, decent info to look at.

The main issue is their PITA form to fill out.