0

Emails send from some of the addresses in one domain are marked as spam by multiple email clients. Since just few addresses within the domain are marked as spam, I do not think it is a domain problem, or can it be?

I checked the email header, but do not have any experience with this and I don't know what to do next:

Thunderbird

X-Spam-Flag: YES X-Spam-Score: 6.63 X-Spam-Level: ******
X-Spam-Status: Yes, score=6.63 tagged_above=-10 required=5
    tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DNS_FROM_AHBL_RHSBL=2.699,
    HTML_MESSAGE=0.001, RCVD_IN_PBL=3.335, RCVD_IN_RP_RNBL=1.31,
    RCVD_IN_SORBS_DUL=0.001, RDNS_NONE=0.793,
    SHORT_HELO_AND_INLINE_IMAGE=1.39, URIBL_BLOCKED=0.001] autolearn=no

Yahoo

X-YahooFilteredBulk: 217.11.253.114

Received-SPF: none (domain of "ourdomain" does not designate permitted sender hosts)

2 Answers2

1

Let's take a look at the example of E-mail header you gave us.

The e-mail scored 6.63 most of which comprised by:

DNS_FROM_AHBL_RHSBL=2.699 - this means your e-mail tested positive the Abusive Host Blocking List test.

RCVD_IN_PBL=3.335 - per this page the e-mail was received via a relay in Spamhaus PBL.

RCVD_IN_RP_RNBL=1.31 - per this page the last external relay in the Received chain was listed in the DNSBL Return Path Reputation Network Blacklist (RNBL).

RDNS_NONE=0.793 - per this page the e-mail was delivered to trusted network by a host with no rDNS.


The receiving host determened this email is a spam because it scored 6.63 points while threshold is 5 (see therequired=5 in the header).

Now, DNS_FROM_AHBL_RHSBL=2.699 is not your fault - per their announcement the system was shut down and should not be used anymore.

In regadrs to rest of the points - they could be valid and your e-mail relay or e-mail relay which happened to participate to your e-mail routing could actually be listed in blacklists.

RDNS_NONE=0.793 could be fixed by creating a PTR DNS record for the e-mail relay.

As I explained earlier this sort of spam detection is based on semi-arbitrary scale and evaluation happens at the receiving mail server. It is very possible to get these settings wrong and as result get legitimate e-mails marked as spam.

In this case one obvious reason - receiving system is using Abusive Host Blocking List which was shut down and as result it could score your e-mail with more points (false positive).

If you search Internet for DNS_FROM_AHBL_RHSBL you will find many people facing same problem.

The owner of the remote email server should stop using this system, then even without further actions spam score for this particular e-mail would drop below the threshold and it will not be considered spam anymore.

You can further drop potential spam score by creating PTR DNS record for your e-mail gateway and by removing your mail servers from blacklists (if they are listed).

VL-80
  • 228
  • 4
  • 16
0

Probably a domain problem.

Check this tool http://viewdns.info/ in the box that says "SPAM Database Lookup" to verify if the domain is in a database of known spammers.

jcbermu
  • 107
  • 3