I'm having the same issue with 2 out of 3 mailservers. The two are getting persistently listed by Symantec and the third is never listed.
Now, all 3 servers send mail from sasl-authorized business addresses (hosting company). There's no mailing lists of other spamming involved.
DKIM, SPF records are in place. Monitoring is in place with both Google and Microsoft. None of the servers is ever listed in public or these 2 private blacklists (or Fortigate or others). The only issue is with Symantec.
The reason for listing is:
- The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
- The host is unauthorized to send email directly to email servers.
On the first account, I'm at a loss. Yes 3 servers can send mail for the same domains (about 100 of them). This is normal load balancing and high availability. There's no spam involved in this.
On the second account: I'm at a loss. The IP addresses on all servers are within web farm address space (i.e. OVH, Hetzner). These are not dial-up/leased lines. They are in SPF on all domains involved. They use DKIM. Their reverse DNS is perfect and matches the HELO (as in smtpX.ourdomain.ext). Why Symantec says they are not authorized to send mail directly?
I can provide the IP addresses via P.M., but I cannot provide logs as the destination servers refuse connection straight away:
host defnsv1598.mtu-friedrichshafen.com[46.235.193.39] refused to talk to me: 554 5.7.1 You are not allowed to connect.)
Thanks.
W.G.
PS: I unlisted our IP addresses again. But they will get listed in a few days for sure.
Original Message:
Sent: 10-22-2021 10:55 AM
From: Daniel Del Rosario
Subject: IP keeps getting blacklisted with Symantec
Hello Rudy,
Could you please PM me your IP and any logs, headers, bounce back messages you are getting? This will help diagnose the issue.
Thanks,
Dan_ D
Original Message:
Sent: 10-11-2021 12:27 PM
From: Rudy Swanepoel
Subject: IP keeps getting blacklisted with Symantec
Hi...
My IP 209.XX.XXX.XX keeps getting blacklisted by ipremoval.sms.symantec.com/lookup. This is the only site that's blacklisting my IP, I asked my email hosting company (LiquidWeb) to check all my settings and double check that the mail server is not infected . Please can you investigate why my IP keeps being blacklisted by Symantec.
Regards
Rudy