Email Security.cloud

 View Only

  • 1.  IP keeps getting blacklisted with Symantec

    Posted Oct 11, 2021 10:27 PM
    Edited by Debbie Sassine Oct 11, 2021 10:27 PM
    Hi...

    My IP 209.XX.XXX.XX keeps getting blacklisted by ipremoval.sms.symantec.com/lookup. This is the only site that's blacklisting my IP, I asked my email hosting company (LiquidWeb) to check all my settings and double check that the mail server is not infected . Please can you investigate why my IP keeps being blacklisted by Symantec.

    Regards
    Rudy


  • 2.  RE: IP keeps getting blacklisted with Symantec

    Broadcom Employee
    Posted Oct 22, 2021 10:56 AM
    Hello Rudy,

    Could you please PM me your IP and any logs, headers, bounce back messages you are getting? This will help diagnose the issue.

    Thanks,
    Dan_ D
    Original Message


  • 3.  RE: IP keeps getting blacklisted with Symantec

    Posted Nov 11, 2021 11:20 AM
    I'm having the same issue with 2 out of 3 mailservers. The two are getting persistently listed by Symantec and the third is never listed.

    Now, all 3 servers send mail from sasl-authorized business addresses (hosting company). There's no mailing lists of other spamming involved.
    DKIM, SPF records are in place. Monitoring is in place with both Google and Microsoft. None of the servers is ever listed in public or these 2 private blacklists (or Fortigate or others). The only issue is with Symantec.

    The reason for listing is:
    • The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
    • The host is unauthorized to send email directly to email servers.
    On the first account, I'm at a loss. Yes 3 servers can send mail for the same domains (about 100 of them). This is normal load balancing and high availability. There's no spam involved in this.

    On the second account: I'm at a loss. The IP addresses on all servers are within web farm address space (i.e. OVH, Hetzner). These are not dial-up/leased lines. They are in SPF on all domains involved. They use DKIM. Their reverse DNS is perfect and matches the HELO (as in smtpX.ourdomain.ext). Why Symantec says they are not authorized to send mail directly?

    I can provide the IP addresses via P.M., but I cannot provide logs as the destination servers refuse connection straight away: 

    host defnsv1598.mtu-friedrichshafen.com[46.235.193.39] refused to talk to me: 554 5.7.1 You are not allowed to connect.)

    Thanks.
    W.G.

    PS: I unlisted our IP addresses again. But they will get listed in a few days for sure.
    Original Message


  • 4.  RE: IP keeps getting blacklisted with Symantec

    Posted Nov 11, 2021 11:20 AM

    Hello,

    I am in the same position.  My company is moving to Cisco CES hosted mail security solution, and the two dedicated IP addresses we got from cisco are on Symantec block list.  I've filled out the removal request on https://ipremoval.sms.symantec.com/remove multiple times, but we are still on the list.  I have read through all instructions and confirmed that we are fully compliant.  We only switched about 5% of our outgoing mail flow, and already have dozens of our customers & vendors that block us because we are on Symantec list.

    Please let me know if I can PM you the details to take a look.  Thank you in advance.
    Alex


    Original Message


  • 5.  RE: IP keeps getting blacklisted with Symantec

    Posted Dec 14, 2021 09:45 AM
    Our subnet is being blocked by Symantec **** (reputaion). It is blocking whole 77.95.234.0/24 77.95.235.0/24 77.95.236.0/24 77.95.237.0/24.

    Event subnet adresses and broadcasts ie. 77.95.237.0 and 77.95.237.255 is being blocked (it is not sending anything).

    Symantec support says : You are not our customer .. (n fact we are broadcom customer using many hardware solutions). 
    NO one gives us a reason of this blocking as automatic reply from system says:  this ip is not authorised to send emails and ip maybe usin snowshoe spamming.

    Our customers who are sending emails to government agencies (using symantec email gateway) are being constantly blocked.

    So Dear SYmantec (Broadcom) maybe some day you will answer to our emails and phone calls and fix this issue as YOUR customers DONT get legitimate emails sent from totally secured email servers (not sending any spam and configured by Your guidelines).....
    Original Message


  • 6.  RE: IP keeps getting blacklisted with Symantec

    Posted Jan 06, 2022 10:56 AM
    Edited by Daichi Gojo Jan 06, 2022 07:39 PM


  • 7.  RE: IP keeps getting blacklisted with Symantec

    Posted Jan 06, 2022 10:57 AM
    Edited by Daichi Gojo Jan 06, 2022 07:39 PM


  • 8.  RE: IP keeps getting blacklisted with Symantec

    Posted Jun 28, 2022 04:58 AM

    Hi, 

    We are facing exactly the same issue on our hosting clients for the pass couple of weeks. According to the recipient's tech reported to us that even Spam Expert IPs are being listed now.

    This is unprecedented, as we never had such event at this kind of frequency with others such as Spamhaus or Spamcop. Hope your tech could address the issue asap as such incidents is going to increase our workload, time and effort cost. It greatly affects the customer experience and satisfactory factor.

    Thanks


    Original Message


  • 9.  RE: IP keeps getting blacklisted with Symantec

    Posted Sep 05, 2023 08:44 AM

    Hi Daniel,

    We have the same problem.
    Our IP ist blacklisted every day and only by symantec.

    I checked everything, but can't find the any problem.

    Can you help us please ?

    Our subnet:

    94.102.15.16 /28

    Problematic ip's;

    94.102.15.28

    94.102.15.29

    94.102.15.30


    With regards.


    Original Message


  • 10.  RE: IP keeps getting blacklisted with Symantec

    Posted Dec 14, 2021 09:44 AM

    Hi,

    we have the same problem.
    Our IP ist blacklisted every day and only by symantec.

    I checked everything, but cant find the problem.

    Can you help me?

    Our IP:

    87.129.159.234


    Original Message


  • 11.  RE: IP keeps getting blacklisted with Symantec

    Posted Jan 06, 2022 10:57 AM
    Hi

    We have same problem.

    Our IP address is listed and I requested a investigation from the following website, but it hasn't changed.
    https://ipremoval.sms.symantec.com/

    Please let me know if you have the necessary information and submission method for the survey.
    Original Message