Gmail.com detect mail as spam, but the server is not on any BlackList

Question

I have an issue with Google. (GMail to be exact)

About 1 month ago, we had a security breach, and mail was relayed through our servers. we got listed in almost ALL Black-Lists :(

we fixed the problem, and requested removal from Black-lists, which was granted easily.

currently (over 3 weeks), we are not sending any spam anymore.
furthermore, we got clear from all the Black-lists (MxToolBox Black-List Search Result)

But, GMail still refuse to get Anything from the server, stating '550 Spam'.

Following, Telnet attempt to send to gmail:

220 mx.google.com ESMTP g47si45436208eep.123
helo megatec.co.il
250 mx.google.com at your service
mail from: <tomer@megatec.co.il>
250 2.1.0 OK g47si45436208eep.123
rcpt to: <weinberg.tomer@gmail.com>
250 2.1.5 OK g47si45436208eep.123
Data
354  Go ahead g47si45436208eep.123
Test123
.
550-5.7.1 [62.219.123.33      11] Our system has detected that this message is
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
550-5.7.1 this message has been blocked. Please visit
550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for
550 5.7.1 more information. g47si45436208eep.123

Connection to host lost.

i tried filling the form @ Gmail - Report Delivery Problem
i also tried reaching Google by phone, but the message was to go to the Link mentioned above.

I Checked ReverseDNS and is ok...
We dont have TLS, but that shouldn't be a problem, shouldn't it?

Note: we are not a Bulk sender.

Anyone has an idea? what can be blocking our IP?

Anyone know whom can be contacted in order to resolve this BL listing?

EDIT: Added SPF Record to our domain few Days Ago... Still NO GO :(

Sometime the subnet of your ISP is the main culprit did you ask your ISP/DC guys to place the request and verify if the subnet IP is not listed any where else. I have seen such issues for few times where IP is not listed anywhere but the subnet other IPs are black listed. Better to assign other IP to your server to send mails. — Pratap, Dec 20 '12 at 09:53
Also gmail checks for SPF and Domainkeys make sure these things are in place too. — Pratap, Dec 20 '12 at 10:21
I think it's worth noting that mxtoolbox.net only check **some** block lists (only 45 when I checked a moment ago). There are hundreds of others that it does *not* check. Relying on any single tool to perform such a check is useless. — John Gardeniers, Dec 20 '12 at 20:51
@JohnGardeniers thats right, but also checked DNSTools (see below posta and comments) there it checks 97 RBLs. — Tomer W, Dec 20 '12 at 21:01
I think you missed the part about there being hundreds of blocklists. I know from experience that you can be blocked even by being on just a couple of almost unknown lists. 45 or 97, you're only checking a small part of them. — John Gardeniers, Dec 20 '12 at 21:06
@JohnGardeniers do you have a tool that checks the Houndreds ? do you know what RBLs Gmail use? — Tomer W, Dec 20 '12 at 21:52
I did write a script to check all blocklists I could discover but sadly that is with my previous employer and I no longer have a copy of either the script or the list. As for which lists Gmail uses, I don't know and would be very surprised if it was published. I suspect that it's not a static list anyway. — John Gardeniers, Dec 21 '12 at 01:29
How did you add the SPF record? As John Siu noted, he is getting TXT lookups failing. I'm having that fail too, and SPF lookups fail too. If the SOA serial is following a standard convention, it hasn't been updated since Nov 2010. How have you been checking to see if the SPF record is there? — becomingwisest, Dec 24 '12 at 18:47
Possible duplicate of [Prevent mail being marked as spam](http://serverfault.com/questions/227242/prevent-mail-being-marked-as-spam) — Daniel, Jan 30 '17 at 10:24

John Siu · Accepted Answer · 2012-12-24T18:53:58.287

HELO Mistake

The email is being sent out from

    mail.megatec.co.il. 62.219.123.33

Not

    megatec.co.il. 67.228.132.128

Your helo should be

    helo mail.megatec.co.il

SPF - Not Available

Your SPF is either not update or setup incorrectly. A dns query to varies server fail to retrieve it. Even the SOA(ns1.bezeqint.net) failed.

If TXT is setup correctly, ns1.bezeqint.net should relfect the changes within a few minutes, regardless of TTL.

Google dns

# dig @8.8.8.8 megatec.co.il txt

; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 megatec.co.il txt ; (1 server found)
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,
status: NOERROR, id: 42780 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0,
AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION: ;megatec.co.il.            IN  TXT

;; AUTHORITY SECTION: megatec.co.il.        1800    IN  SOA ns1.bezeqint.net.
hostmaster.bezeqint.net. 2010111500 10800 900 604800 86400

;; Query time: 307 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon
Dec 24 13:18:09 2012 ;; MSG SIZE  rcvd: 94

OpenDNS

# dig @4.2.2.2  megatec.co.il txt

; <<>> DiG 9.8.1-P1 <<>> @4.2.2.2 megatec.co.il txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21588
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;megatec.co.il.         IN  TXT

;; AUTHORITY SECTION:
megatec.co.il.      3600    IN  SOA ns1.bezeqint.net. hostmaster.bezeqint.net. 2010111500 10800 900 604800 86400

;; Query time: 338 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Mon Dec 24 13:21:37 2012
;; MSG SIZE  rcvd: 94

ns1.bezeqint.net

# dig @ns1.bezeqint.net megatec.co.il txt

; <<>> DiG 9.8.1-P1 <<>> @ns1.bezeqint.net megatec.co.il txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11214
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;megatec.co.il.         IN  TXT

;; AUTHORITY SECTION:
megatec.co.il.      3600    IN  SOA ns1.bezeqint.net. hostmaster.bezeqint.net. 2010111500 10800 900 604800 86400

;; Query time: 150 msec
;; SERVER: 192.115.106.10#53(192.115.106.10)
;; WHEN: Mon Dec 24 13:25:25 2012
;; MSG SIZE  rcvd: 94

score 3 · Answer 2 · answered Dec 17 '12 at 13:41

3

You still appear to be listed on some of the SPAM lists. Click on the IPs below to view the SPAM report.

MX -> mail.megatec.co.il -> 62.219.123.33 [NOT LISTED]

MX -> mx.bezeqint.net -> 192.115.106.20 [LISTED]

answered Dec 17 '12 at 13:41

Brent Pabst

6,059
2
23
36

Thank you Brent. mx.bezeqint.net is a backup server at our ISP, but i dont see it listed... are you sure you checked the right address ? (lol, i keep trying but finds nothing.) – Tomer W Dec 17 '12 at 19:53
@TomerW It was in fact flagged earlier today but now appears to have been removed. It's possible this was causing an issue. If it is still not resolved you will have to take it up with Google directly to understand why they are blocking you. – Brent Pabst Dec 17 '12 at 19:55
Unfortunately, this was not it... i still, tuesday, cannot send mails to gmail, even after all servers are clear. – Tomer W Dec 18 '12 at 06:31
Well then this is most likely something you need to work out with Google. Your IPs aren't showing up on the major black lists so something else is clearly causing an issue, especially since you say it is just Gmail. – Brent Pabst Dec 18 '12 at 13:33
I don't know the worth of block.stopspam.org, but your IP is listed there. – Wasif Dec 20 '12 at 09:54
requested delist, if it will work... i'll feel stupid, then thank you again, then give you bounty and if give you free icecream :) – Tomer W Dec 20 '12 at 20:59

Gmail.com detect mail as spam, but the server is not on any BlackList

2 Answers2